ALERT!
Click here to register with a few steps and explore all our cool stuff we have to offer!
Home
Upgrade
Credits
Help
Search
Awards
Achievements
 9716

[TUTORIAL] DNS Spoof to steal passwords!

by AFG - 10-10-2016 - 04:10 AM
#1
DNS Spoofing


Cracking passwords can take a lot of time and energy - especially if they are complex. Another alternative to steal a password is a phishing attack - clone a website, and host a modified copy to store credentials. But the trick is to get victims to actually visit your website. That is where a DNS spoof attack comes in.

DNS stands for Domain Name Service. A DNS server is responsible for converting websites addresses in the format "net, .com, etc" to the IP address of the website. A DNS attack is a type of Man in the middle attack (MITM). We will be using the Kali Linux OS, which comes with the required software preinstalled. We will be using the Social Engineering Toolkit (S.E.T.) and Ettercap to capture credentials. Lets begin:

1) Open the Social Engineering Toolkit in Kali Linux:
Navigate to the correct directory:

Code:
cd /usr/share/set

Run se-toolkit:

Code:
./se-toolkit


2) Clone and Host a copy of the website you want to steal passwords on:
Enter the commands in this order:
"1 (Social Engineering Attacks)" > "2 (Website Attack Vectors)" > "3 (Credential Harvester Attack)" > "2 (Site Cloner)".
Then enter your computers IP (found by using the ifconfig command), and enter the URL of the website you want to clone (e.g. facebook.com).

3) If you receive no error messages, now we need to get victims to navigate to our site!
Open a new terminal, and run the ettercap GUI by using this command:

Code:
ettercap -G

Click "Sniff > Unified Sniffing" and select the network interface you are using to connect to the network you want to attack.
Then choose "hosts > scan for hosts" and wait for the scan to finish. When the scan has found all the hosts on the network, open "hosts > host list". 

4) Select the victims you want to attack:
Add the router of the network to target 1 and any computers you want to “poison” to target 2. If either the target 1 group or target 2 group are left empty, the entire network will be attacked. After you have added the victims to the target lists, choose “MITM > ARP Poisoning”, tick “sniff remote connections” and click Ok.

5) Create our "custom" DNS server:
Navigate to “/usr/share/ettercap” and open “etter.dns” with any text editor of your choice. Scroll to the bottom, and follow the example template to enter a DNS record. It will look something link this:

Code:
example.com A 192.168.1.10
*.example.com A 192.168.1.10
www.example.com PTR 192.168.1.10

Replace “example.com” with the website address you are imitating (e.g. facebook.com), and “192.168.1.10” with the IP address of your computer (the host).
Now, navigate back to your ettercap window, and click “Plugins > Manage plugins…” and double click on “dns_spoof” to activate it.

6) Begin collecting passwords!
Choose “Start > Start sniffing” and you are finished! Any visitors to example.com will in fact see your cloned version of the webpage and you will be able to see their credentials in the S.E.T. terminal window. Test the password out to check it works!

Thanks for reading, please reply with your thanks if you enjoyed this and/or found it useful.
Reply
#2
Nice share man! Thanks for this very HQ tutorial :3
Reply
#3
(10-10-2016 - 04:11 AM)Senpai Wrote: Nice share man! Thanks for this very HQ tutorial :3

Thanks buddy! :)
Reply
#4
Glad you're here AFG, never knew you had all of this knowledge. Way to go.
Reply
#5
(10-10-2016 - 04:15 AM)Axe Wrote: Glad you're here AFG, never knew you had all of this knowledge. Way to go.

Thanks man. ::) Really appreciate it.
Reply
#6
Thank you for the tutorial @AFG it was nice and I am always able to follow along with yours :D
I also used a snip of it in my thread it was so good huehuehue Heart
Reply
#7
Great tutorial man, this is dope. Thanks for sharing this. Heart
Are you a guest to this site? Click the image below and sign up today!
[Image: FTYbRmR.gif]
Reply
#8
Sounds like a great idea, OP, but unfortunately I couldn't ever figure out Kali Linux.
[Image: 24NY3zi.jpg]
I love Mars
Reply
#9
Great tutorial, hmm never thought about dns spoofing for password jacking, interesting stuff
Reply
#10
Very good tutorial bro, very useful :)
Reply

Users browsing: 1 Guest(s)