Forum Thread: DNS Spoofing

DNS Spoofing

HI everyone I'm new to writing tutorials and this will be my first attempt so if anyone has any advise for me to better myself at this then please leave a comment.

Cracking passwords can take a lot of time (and bore you to death)- especially if they are complex. Another alternative to steal a password is a phishing attack - clone a website, and host a modified copy to store credentials. But the trick is to get victims to actually visit your website. That is where a DNS spoof attack comes in.

DNS stands for Domain Name Service. A DNS server is responsible for converting websites addresses in the format "net, .com, etc" to the IP address of the website. A DNS attack is a type of Man in the middle attack (MITM). We will be using the Kali Linux OS, which comes with the required software preinstalled. We will be using the Social Engineering Toolkit (S.E.T.) and Ettercap to capture credentials. Lets begin:

Step 1: Open the Social Engineering Toolkit in Kali Linux Terminal:

cd /usr/share/set/
then run set
setoolkit

Step 2: Clone and Host a Copy of the Website You Want to Steal Passwords On:

Enter the commands in this order:

"1 (Social Engineering Attacks)" > "2 (Website Attack Vectors)" > "3 (Credential Harvester Attack)" > "2 (Site Cloner)".

Then enter your computers IP (found by using the ifconfig command), and enter the URL of the website you want to clone (e.g. https://null-byte.wonderhowto.com).

If you receive no error messages, now we need to get victims to navigate to our site!

Step 3: Open a New Terminal, and Run the Ettercap GUI by Using This Command:

ettercap -G

Click "Sniff > Unified Sniffing" and select the network interface you are using to connect to the network you want to attack.

Then choose "hosts > scan for hosts" and wait for the scan to finish. When the scan has found all the hosts on the network, open "hosts > host list".

Step 4: Select the Victims You Want to Attack:

Add the router of the network to target 1 and any computers you want to "poison" to target 2. If either the target 1 group or target 2 group are left empty, the entire network will be attacked. After you have added the victims to the target lists, choose "MITM > ARP Poisoning", tick "sniff remote connections" and click Ok.

Step 5: Create Our "Custom" DNS Server:

Navigate to "/usr/share/ettercap" and open "etter.dns" with any text editor of your choice. Scroll to the bottom, and follow the example template to enter a DNS record. It will look something link this:

example.com A 192.168.1.10
*.example.com A 192.168.1.10
http://www.example.com PTR 192.168.1.10

Replace "example.com" with the website address you are imitating (e.g. https://null-byte.wonderhowto.com/), and "192.168.1.10" with the IP address of your computer (the host).

Now, navigate back to your ettercap window, and click "Plugins > Manage plugins…" and double click on "dns_spoof" to activate it.

Begin collecting passwords!

Choose "Start > Start sniffing" and you are finished! Any visitors to example.com will in fact see your cloned version of the webpage and you will be able to see their credentials in the S.E.T. terminal window. Test the password out to check it works!

Be the First to Respond

Share Your Thoughts

  • Hot
  • Active