Tuesday, 12 March 2013

MITM Attack with DNS Spoofing and SET

Hello, to day I wanna share with U how to hack into network users by MITM(Man In The Middle) attack with DNS Spoofing. on this attack I used Ettercap and SET(Social Engineering Toolkit) tools mostly found in Linux OS especially in BackTrack.
System requirent :
  • BackTrack OS
  • Ettercap
  • Physical Network Access
Here is the concept of MITM Attack 

Lets start our attack 
First locate the etter.dns file and change  the address record of a given webstie by typing 
nano /usr/local/share/ettercap/etter.dns





In This tutorials I used facebook.com and gmail.com as websites victim email servers of the victi
Here I redirected those websites to my Backtrack Machine with 192.168.1.234 , the reason will be discussed rater.
Then open Ettercap in GUI mode by typing this command ettercap -G &
And the go on Sniff Menu and Select Unified sniffing 
Then choose the network interface on which DNS Spoof will be performed

Then Scan for hosts in your network by going on Hosts => Scan for hosts

Then go on Target and Select Host list in which you 'll choose a target machine as Target 1 and Default gateway as Target 2
Select The IP of the target machine (Mine is 192.168.1.65) and click on Add to Target 1, then
select The IP of the Default gateway (mine is 192.168.1.1) and click on Add to Target 2










Up to now, we have a target machine and a target gateway set in the system, Next step is to Activate DNS Spoof plugin for sending spoofed dns replays on the target machine. This is done by going in Plugins => Manage Plugins => Double click on   dns_spoof

Then start ARP Poisoning on the network while sniffing. For That go on Mitm Menu => Arp-Poisoning, in the popped  Dialog Box check Sniff Remote Connections






The last step of DNS Spoofing is to start Sniffing the network by clicking on Start Menu and Then Start Sniffing or Ctrl +W

Up to now, DNS Spoofing is running and The next Step is to harvest Credentials from the victim machine based on spoofed websites in etter.dns file we edited at the beginning.
We will use SET(Social Engineering ToolKit) to perform MITM attack.

Now go in terminal and type the following commands to open SET
      cd /pentest/exploits/set
      ./set



the following screen will come to you and type 1 for Social-Engineering Attacks
After type 2 for website Attack Vectors
After type 3 for Credential Harvester Attack Method
Then type 2  for Site Cloner
At this step you will be prompted to specify the address of the server(web Server) at which the victim will be redirected after requesting one of spoofed website. In my case I putted  my IP (192.168.1.234)because I'm going to clone facebook.com to my machine.
Now next is to clone website which will act as a trap for our victim. type in http://facebook.com/ NB: don't use https protocol because you'll finally get  encrypted data. 
Now,facebook Login page is cloned. At next you will get this screen and type "!" without quotes to continue.
Whenever the victim machine try to connect to the website cloned you will be seeing notification containing the Victim IP and http Header response on the live screen. This means that when he/she request facebook page, he/she will get the fake page cloned and stored on your machine.
For me I spoofed  one machine with this IP 192.168.1.95 
Here is a page on which the victim is going to submit its credentials Thinking that is a genuine page!!!! LOL (:>

After submitting, Login form, here is a plain text of user name and victim password line on the hacker's screen 
(Remember that this is a machine spoofed within the same network of the hacker machine).

Now the victim user got Hacked like This!.
Thank U For reading my Tutorial and Next I tell you how to avoid this kind of attack as Network admin or as Network user.

No comments:

Post a Comment