Problem with dnsspoofingAdvanced Penetration Testing Course

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

Home Forums Courses Advanced Penetration Testing Course Problem with dnsspoofing

This topic contains 8 replies, has 6 voices, and was last updated by  franko 1 year ago.

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #4300

    Gruja
    Participant

    I have a problem with dnsspoof. I used exploit ms10_002_aurora so i can get a sessions when someone with IE clicks on it. I did everything well there and then I wanted to do dnsspoofing so if he goes to google.com, it redirects him to that link that will open a session.
    I opened two consoles and typed arpspoof -i eth0 -t 192.168.1.1 192.168.1.16 in first console
    and then typed arpspoof -i eth0 -t 192.168.1.16 192.168.1.1 in another console
    Then, I made a .txt file like this:
    I typed nano /root/hosts.txt and then typed in there this text: http://192.168.1.9:8080/class http://www.google.com and saved it.
    Then, I opened another console and typed dnsspoof -i etho -f /root/hosts.txt and it started listening. But, when I go to google.com it doesnt redirect me to link that i wanted to.
    Whats the problem and how can i fix it?

    #4301

    Gruja
    Participant

    And yes, I did the IP forwarding typing this: echo 1 > /proc/sys/net/ipv4/ip_forward

    #6399

    ahhh
    Participant

    Your /root/hosts.txt file is off. It should read “192.168.1.9 *.google.com”
    This might help with dns spoof

    Google is probably a bad choice to spoof as well, I believe they implement HSTS and certificate pinning in the browser.

    Your also going to have to redirect them to port 8080 if thats where your webserver is listening (or you could move your webserver to the standard 80).

    GL!

    • This reply was modified 3 years, 11 months ago by  ahhh.
    #6403

    Gruja
    Participant

    Thank you for answering. I did dns spoofing but not like this. I used ettercap and everything worked fine. But, when victim tries to connect to facebook(for example) it says that its impossible to connect to this site. Its not privacy error, its like when you dont have internet connection and try to connect to a site.
    Why is this happening and how can i fix it?

    #7385

    webjunky
    Participant

    Every time you use MITM Type Attacks you have to do 2 things :
    1. echo ‘1’ > /proc/sys/net/ipv4/ip_forward #Enables IPv4 Forwarding
    2. iptables -t nat -A PREROUTING -p tcp –dport 80 -j REDIRECT –to-ports 8080 #HTTP
    iptables -t nat -A PREROUTING -p tcp –dport 443 -j REDIRECT –to-ports 8080 #HTTPS
    This actually redirects Traffic through the Kernel
    With DnsSpoofing you need to use ArpSpoofing to trick dns + victim into thinking your the dns
    Swap your MacAddr + IP for DNS’ & send it to Victim
    Then you wait for Victim to use http, https

    #8043

    Syn/Ack
    Participant

    To add to web junky’s point.
    Georgia actually shows how to setup the ip forwarding and the IPTables configuration in the ettercap video. You can check that if the above response is not clear enough.

    #8056

    Gruja
    Participant

    Hello, guys. Thank you for answering. I successfully did dns spoofing but not with ettercap, I did it with dns spoof tool that Georgia used. I just have one little problem. It all works fine, but a victim needs to clean dns cache so he uses my “updated” dns. How can I clean his DNS cache with Kali Linux instead of him? Is it even possible?

    #87924

    Hassan alahmadi
    Participant

    i worked dns spoofing and i have problem when i typing the ip it is good but if i typing url for example http://www.facebook.com doesn’t work ?why and what is sulation it?

    #114863

    franko
    Participant

    This is an old thread but I had issues yesterday where the results of redirecting (google.com, test.lan, etc) to another host running a http server (not the Kali box) were erratic at best.
    Like the lesson exercise the tools in use were arpspoof and dnsspoof.

    Initially I was using a wifi connection from the Kali box (to a router which had a couple of devices to get to the target and http server) and the other machines were all LAN’ed.
    This morning I decided to connect the Kali Laptop to a local switch (over ethernet) and retry the experiment which it worked consistently.

    This is by no means scientific (there could be a host of possible explanations, which I’m not willing to investigate at this time), but worth consideration depending on your topology if your suffering similar issues.

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel