Hack Like a Pro: How to Spoof DNS on a LAN to Redirect Traffic to Your Fake Website

root@AttackerBoy:~# ifconfig eth0 promisc
root@AttackerBoy:~# tcpkill -9 http://www.bankamerica.com
pcap_compile: syntax error
tcpkill: couldn't initialize sniffing

any ideas?

Is eth0 in promiscous mode?

I have had a lot of trouble with my mitm attack. Is this also because I need to put eth0 in promiscuous mode?

Also two more questions. 1. Do I need to buy a wireless card? 2. How do I take eth0 out of promiscuous mode?

This attack REQUIRES that your eth0 be in promiscuous mode.

Ok thanks. Does a mitm attack also require eth0 in promiscuous?

Yes

So that's why it wasn't working! :D Also if I wanted to get into wifi hacking, what wireless card would you suggest and where can I find out how to set it up with my Kali Linux virtual machine

Buy the Alfa cards. They are inexpensive and work well. Setting it up is simply plugging it into a USB slot and then telling your VM to connect to it.

To tell my VM to connect to it what do I put in the network settings? Right now It is on bridged, but when I put in my wireless card what should I put instead?

(Assuming VMWare Workstation)
Edit -> Virtual Network Editor (w/Admin Privelages)
Change VMNet0 to be bridged with your (future) wireless card.

AK

hey but there is no hosts file in /usr/local
am i supposed to create a new one???
or i can use the hosts file from /etc directory

how could I do this? or know?

Ahmed Turjuman:

ifconfig eth0 promisc

ghost_

thanks ghost_ for your reply. you can see up that I already wrote this... but, after I type tcpkill -9 http://www.bankamerica.com should I be connected on the another windows 7 system to that website? if so.. I did this and still the same error shows up.. can u please explain ?

Thanks in Forward.
AttackerBoy

I don't know if you ever fixed it or not, but the problem with your command is exactly as your console says. there was a syntax error. You are missing the "host" part before the website. it should look like this:

tcpkill -9 host www.bankofamerica.com

Is there a way to easily redirect a webpage and all of its children to my IP? for example, could i redirect "facebook.com" and all the possible "facebook.com/XXXXXX" to my IP?

Eight:

This dnsspoof will do exactly that.

OTW

How long tcpkill is supposed to end ? I've been waiting for at least 10 minutes and I get no answer after the listening on eth0 ...

Did I miss something ? Or is it perhaps because I'm running a VM ?

Xarkes:

tcpkill should give you a response almost immediately. A couple things to check. Is your NIC in promiscuous mode? Is the system you are trying to kill on the same subnet?

OTW

Thanks for your answer. Yeah my eth0 is in promiscuous mode and I have access to the apache server using the local IP. I will have a try with a real Os instead of a VM.

How to creat fack location

ACP:

I think you are asking me, how would you create a fake website? That is beyond the scope of this area on hacking, but there are many tutorials online on creating websites. In addition, you can simply download a site to your hard drive with HTTPtrack.

OTW

must we hv remote acess to at least one target machine before attack?????

Secret:

You must have access to ONE machine on the LAN to effectively use dnsspoof.

OTW

so i am using a wireless connection so i typed in
dnsspoof -i wlan0 -f hosts
and it outputted
dnsspoof: fopen: No such file or directory

What am i doing wrong?

The reason for this problem is exactly as your error states. In your current directory, there is no file called "hosts" for dnsspoof to read. Create a hosts file in your current directory or navigate to the directory of one that already exists.

Are you using kali or backtrack?

No. Do I have to save the hosts file there?

Yes I did navigate to the dnsspoof directory

When I type
dnsspoof -i wlan0

it works, but when i type in what you had above
dnsspoof -i wlan0 -f

hosts, it says
dnsspoof: fopen: No such file or directory.

Thanks again for your help!

Just out of curiosity, if I were to use this on a private network, where each person has a private login to get onto the the internet, could a admin trace this back to my login?

On a public network, such as the free wifi at the coffee shop, could they trace it to anyone specific?

That's an interesting question. Remember, you likely compromised someone else's machine so if anything is detected, it will appear to come from that machine. In addition, this hack doesnt require internet access.

As for a public network, it is unlikely to be detected.

This would definitely make an interesting grad prank.....

I have downloaded a site using httrack and i have a copy of the site on my hard drive....how do i host it on my local host without using coding on html ?? Can someone who is not on my local area still access the mirrored site ?

Evil:

You need to put the site into your Apache directory. Take a look at this tutorial here .

OTW

You Asked 2 Questions:

1.How to host site on kali?

Ans: You can host a site on kali using Apache. Place the files of the site in your apache directory which is "/var/www/" and start the apache server by clicking on Kali Linux -> System Services -> HTTP, and select, apache2 start

2.How to make it public site?

Ans: To make your site a public site so people who are out of your LAN can see it you need to forward your Port 80, and goto whatismyip.com to find out your ip. give your ip to the person whom you want to see the site. When he will open the Ip in his browser he will be redirected to your hosted site.

Thanks.
D4rkF34r

www.D4rk-F34r.blogspot.com

Hey OTW,
In your example you use a wired connection, but it is possible to use the wireless interface?

Thanks

Okay promisc doesn't seem to work with the wlan0 interface. I used airmon-g start wlan0 instead. I think this has the same effect. Am I right?

yes

When i try to do this, I have no problem with forcing the victim to re-authenticate with the website, however, I can't seem to get the target to be redirected to my fake website. Do I need to perform a MITM and get in the middle before i try to redirect their traffic?

First, is your site functional?

Second, did you turn off tcpkill?

OTW

yes, my site is functional. No, i did not turn off tcpkill. I retried the whole process and turned off tcpkill but still i could connect to bank of america without a problem, and was never redirected. After a while of still connecting to bank of america though, i got a "problem loading page" screen, so my target is being affected by dnsspoof but is not being redirected to my ip for some reason

Did you flush the dns?

Yes I did. No luck still though, might the problem lie in my dnsspoof host file? I have it setup as so:
192.168.1.21 www.bankofamerica.com
with a tab in between.

Also, in real life applications though, if I can ever get this to work, I may not be able to flush the DNS of a computer that is not exploited but is on my LAN. What difference does it make if I do not flush the DNS?

In real life , nothing. It just speeds up the dns refresh.

Alright, well I can't seem to get it to work and I am not sure why, but I suspect that the DNS requests are being checked against my hosts file, but for some reason, it seems as if my dnsspoofer is not replying with an IP address, atleast I think this may be it.

hii sir, please if i have my own fake web link, how can i use it with this tool e.g if me fake website i want to redirect the target to is "www.gdd.com" where in the syntax will i include that and how will i do that.

Horls:

If you want to direct people looking for bankofamerica.com to your website gdd.com, you would not have to do any thing different from the tutorial. Just use the IP for gdd.com in the hosts file.

OTW

okay, thank u

OTW :

out of curiosity would you be in a position to advice whether Elitewrap is still a good installation for a hacker ?...this is because I have seen that it dates back to 1999 when it was created by the developer.

how do you know that the user is viewing bankofamerica ?

You don't, but if they are, you kill it. If they aren't, its not necessary to kill the connection. You can skip that step then.

Well this topic has certainly been popular.

ghost_

After I type in the dnsspoof command it says, dnsspoof: listening on wlan0 (udp dst port 53 and not src 192.168.1.126) and just hangs there.

please help,
thanks

Its not hanging. Its doing its job. Its looking for DNS queries to re-direct to your hosts file.

But none come up... why?

Did you do everything in the tutorial as I specified?

yea but I used the hosts file in etc because the one in var didn't do anything

Soooo...you didn't follow my directions and then you ask me why it didn't work?????

okay, I see your point. sorry to bother you, I'll try again

alright, I tried again, I used the hosts file in var/local, but it doesn't even redirect me. and still no dns-queries came up

What do my directions say?

Great tutorial thanks OTW.
How can we use this for the same LAN ?
By example I want to redirect all users on the same lan to my local ip, instead of the virtual machine.

I am using kali and virtualbox for tests. It works on my wlan0 interface which is bridged with virtualbox. but another PC on my LAN isn't being redirected to my ip..

And what about websites with the https protocol like facebook.
If i write any http website like wonderhowto.com it works.
but as soon as I want to assign my local ip to www.facebook.com it doesn't work.
is this because facebook redirects the website to an https server or ?

Thanks in advance

Big Gie:

Welcome to Null Byte!

The tutorial above is all on the same LAN, so I don't understand your question. Can you help understand?

OTW

well I have a mobile phone + a virtual pc on my lan.

the virtual PC (which is using virtualbox on my kali installation) is being redirected to my local ip with the hosts file.

But my mobile phone isn't being redirected.
How can I fix this ?

Is the phone on the same subnet?

yes my pc and my phone are both using 255.255.255.0

Could it be a dnscache' ing thing ?
Let me start another laptop

Same on my netbook using Lubuntu.
i did a /etc/init.d/dns-clean restart
even installed and restarted nscd

So what could it be that my LAN isn't being redirected to my kali pc ?

They must be on the same subnet first.

The info you gave me is the subnet mask, not the subnet. It could be a dns cache thing, but first let's make ceratin they are on the same subnet.

I think that they are on the same subnet, as I can ping back and forth. from netbook to kali and from kali to netbook.
I can ssh into the netbook and back.
if I write 192.168.1.8 ( ip of kali ) on the netbook I get an output of the page what is inside /var/www/
so I think that they are in the same subnet.

If you want I can provide you teamviewer login for the 2 pc's, if you have the time / want to check

If you can ping they are on the same subnet, but the phone probably is not.

Now go through my tutorial with the netbook as let me know what happens.

Yeah then it works but only on the virtual pc's inside the netbook.
As I said:
other pc's from the same network ( LAN ) aren't being redirected to the kali PC.

I do the following on the kali pc:

ifconfig wlan0 promisc
tcpkill -i wlan0 -9 host www.mydomain.com
ifconfig wlan0 -promisc

my hosts file looks like this:
/usr/local/hosts:

192.168.1.8 www.mydomain.com
With a tab between the ip and domain

there is a index.html inside /var/www/
and apache is started (when i go to http://192.168.1.8 on the netbook it shows up).

after it I run: dnsspoof -i wlan0 -f hosts

but no luck :(

from where to download kali linux...........

You can download it at www.kali.org.

Hello, Very good your tutorial. Here I have a question that has little to do with this topic but I see you have enough knowledge on linux kali.

my question is.

It can kill the internet connection just by knowing their ip ??. make that ip lose internet accessibility?

I can not access my router settings. but would like to know how would have to do to remove internet access from other IP.

Jair:

Disconnecting an internet connection is really very simple. In this tutorial, you can do it as long as you as on the same network. I have a tutorial on how to knock someone off a WiFi AP. Check that one out.

OTW

I did follow the instructions, then i type dnsspoof and it says "listening on eth0 udp dst port 53 and not src 192.168.1.101" and then i try to visit the site, but nothing happens.

Bobby:

You could easily write a script to do exactly that.

OTW

this redirects only the pages that are on the host file...right? i wanted to know if there is a way to redirect everything to our fake page....is that possible?

to log into a bank account do i need to spoof mac address?

also i think using sslstrip and ettercap will not work because banks will not allow http? only https? so i cant do it that way.

Chris:

I think you are misunderstanding this tutorial. You are not hacking into the bank. Instead, you are creating a website that looks like the bank to have people log in to your site.

The MAC address and HTTP v. HTTPS is irrelevant.

OTW

yes but when you have the login details to log into a account wouldn't you need to spoof your mac address or be in their LAN so it doesn't detect you as an intruder?

No

Can you show me a screenshot?

What does your hosts file look like?

my ip (tab) (my host in )

I would recommend showing him the hosts file.

ghost_

sorry for the late response, had an emergency call.

Yes I flushed the dns on the windows machine

my host file as requested ;

Good eyeballs.

* Stick a fork in it.

That just comes up everytime I use tab-key ... If I delete the mark, the tab dissapears

Try a different text editor.

if I open up in leafpad then the marks are gone, so the marks are purely notepad related.

I meant, create it in a different text editor.

I got exact problem as @SR LEX (above problem)
except that marks

hi i just want to know how i can get access to all network traffic passes through local wifi network so that i can analyse all packet passes using wireshark

anymore thoughts about the error ?

(dnsspoof: libnetgetipaddr4(): ioctl(): Cannot assign requested address)

still not resolved..

I hate to ask the obvious, but are you logged in as root? Are those addresses on your subnet? Have you tried just using one IP address in your hosts file?

Yes, logged in as root.
My hosts file just contains just one IP adress ( my local kali IP )

I've also did a full fresh install of kali ( just to make sure that I didn't f'ed some shit up in the past, but the problem still remains. )

after some research I've found a possible cause for the error ;
dnsspoof: libnetgetipaddr4(): ioctl(): Cannot assign requested address

Someone on a forum said that if the wireless adapter wasn't in NAT mode it could cause this error in a VM, also IP forwarding could cause this error to occur. I'm not working in a Virtual environment and haven't tested this 'theory' yet, but since I've found this I hope it can help some of the other users here that are using a VM and have the time to test it.

ps : Keep me posted if this worked for you !

Hi im new here, is anybody can help me how to set up wireless on kali linux to promiscuous mode? im having some error when im trying to set (ifconfig wlan0 promisc) to promisc mode and kill the connection between win 7 and target website.

root@kali:~# ifconfig wlan0 promisc
root@kali:~# tcpkill -9 host http://www.xxxxxxxx.xx
tcpkill: eth0: no IPv4 address assigned
tcpkill: couldn't initialize sniffing
root@kali:~#

am i miss anything? please advise.thanks

-Adzuan-

I just recently found this blog and I like eet, it reminds me of "A day with Tape" blog from when backtrack was still the shit... I succesfully cracked wpa2/psk password but now I am trying to get the router user/pass, which apperantly isnt the default configuration. So I guess I must fire up my php skills and make a simple fwrite login / password box, fire up apache, and with a little juicer web design and bullshit social engineering I could get force them to type the user / pass out of sheer frustration. ThankYou lol

What does tcpkill say when it is done?

Nothing as in "tcpkill: listening on eth0 host www.example.com"?

yes

Thank OTW your the best!

is this work on Wlan0 Too ??

yes, if you are on the same network.

it can be use for grab or move some traffic from another website into my website? if Yes How

So, instead of launching an apache server, could I redirect users to an already launched apache server containing an exploit, such as an adobe flash player exploit? If so, would the process be the same, minus setting up my own server?

Sincerely,
Defalt

P.S. You've helped me learn so much, and I plan on learning much more, Thank you!

Yes, you could direct them to any server you want.

You are very welcome. Glad you found us at Null Byte.

This works like a charm in my virtual network, yet when I attempt to recreate it on my actual network it fails. I've looked through time and time again yet I cannot seem to successfully recreate my results. I've checked the document formatting, I see nothing wrong there, I've entered my subnet IP as a URL and it displays the desired website (The fake BOA). Yet it fails when I run dnsspoof. Any feedback is highly appreciated.

Sincerely,
Defalt

Is there anyway of doing that on WAN?