System requirent :
- BackTrack OS
- Ettercap
- Physical Network Access
Here is the concept of MITM Attack
Lets start our attack
First locate the etter.dns file and change the address record of a given webstie by typing
nano /usr/local/share/ettercap/etter.dns
In This tutorials I used facebook.com and gmail.com as websites victim email servers of the victi
Here I redirected those websites to my Backtrack Machine with 192.168.1.234 , the reason will be discussed rater.
Then open Ettercap in GUI mode by typing this command ettercap -G &
And the go on Sniff Menu and Select Unified sniffing
Then Scan for hosts in your network by going on Hosts => Scan for hosts
Then go on Target and Select Host list in which you 'll choose a target machine as Target 1 and Default gateway as Target 2
Select The IP of the target machine (Mine is 192.168.1.65) and click on Add to Target 1, then
select The IP of the Default gateway (mine is 192.168.1.1) and click on Add to Target 2
Up to now, we have a target machine and a target gateway set in the system, Next step is to Activate DNS Spoof plugin for sending spoofed dns replays on the target machine. This is done by going in Plugins => Manage Plugins => Double click on dns_spoof
Then start ARP Poisoning on the network while sniffing. For That go on Mitm Menu => Arp-Poisoning, in the popped Dialog Box check Sniff Remote Connections
The last step of DNS Spoofing is to start Sniffing the network by clicking on Start Menu and Then Start Sniffing or Ctrl +W
Now go in terminal and type the following commands to open SET
cd /pentest/exploits/set
./set
the following screen will come to you and type 1 for Social-Engineering Attacks
After type 2 for website Attack Vectors
After type 3 for Credential Harvester Attack Method
Then type 2 for Site Cloner
At this step you will be prompted to specify the address of the server(web Server) at which the victim will be redirected after requesting one of spoofed website. In my case I putted my IP (192.168.1.234)because I'm going to clone facebook.com to my machine.
Now next is to clone website which will act as a trap for our victim. type in http://facebook.com/ NB: don't use https protocol because you'll finally get encrypted data.
Now,facebook Login page is cloned. At next you will get this screen and type "!" without quotes to continue.
Whenever the victim machine try to connect to the website cloned you will be seeing notification containing the Victim IP and http Header response on the live screen. This means that when he/she request facebook page, he/she will get the fake page cloned and stored on your machine.
For me I spoofed one machine with this IP 192.168.1.95
Here is a page on which the victim is going to submit its credentials Thinking that is a genuine page!!!! LOL (:>
After submitting, Login form, here is a plain text of user name and victim password line on the hacker's screen
(Remember that this is a machine spoofed within the same network of the hacker machine).
Now the victim user got Hacked like This!.
Thank U For reading my Tutorial and Next I tell you how to avoid this kind of attack as Network admin or as Network user.
select The IP of the Default gateway (mine is 192.168.1.1) and click on Add to Target 2
Up to now, we have a target machine and a target gateway set in the system, Next step is to Activate DNS Spoof plugin for sending spoofed dns replays on the target machine. This is done by going in Plugins => Manage Plugins => Double click on dns_spoof
Then start ARP Poisoning on the network while sniffing. For That go on Mitm Menu => Arp-Poisoning, in the popped Dialog Box check Sniff Remote Connections
The last step of DNS Spoofing is to start Sniffing the network by clicking on Start Menu and Then Start Sniffing or Ctrl +W
Up to now, DNS Spoofing is running and The next Step is to harvest Credentials from the victim machine based on spoofed websites in etter.dns file we edited at the beginning.
We will use SET(Social Engineering ToolKit) to perform MITM attack.
cd /pentest/exploits/set
./set
the following screen will come to you and type 1 for Social-Engineering Attacks
After type 2 for website Attack VectorsAfter type 3 for Credential Harvester Attack MethodFor me I spoofed one machine with this IP 192.168.1.95
Here is a page on which the victim is going to submit its credentials Thinking that is a genuine page!!!! LOL (:>
(Remember that this is a machine spoofed within the same network of the hacker machine).
Thank U For reading my Tutorial and Next I tell you how to avoid this kind of attack as Network admin or as Network user.
No comments:
Post a Comment