Snybit
-
Posts
9 -
Joined
-
Last visited
Posts posted by Snybit
-
-
Don't know any tutorials on this attack but I'd be interested in seeing them if you find any.
I've used several modules in metasploit to do this. I'm playing with digininja's dns_mitm module right now. Start with fake_dns.
MAKE SURE YOUR VICTIM MACHINE THINKS ITS DNS SERVER IS THE ADDY TO THE fake_dns metasploit module. Many ways to do this.
Setup set to dish out your attack of choice. I've had success running set (html server) and fake_dns module (dhcp server) on the same machine. Obviously no other dns/html servers could be running on the attacking machine.
So if all goes according to plan, attack looks kind of like this...
Step 1 - Victim machine makes DNS request for ip of www.facebook.com
Step 2 - fake_dns server replies with ip of 192.168.1.110 (or whatever your lan ip is)
Step 3 - Victim machine arrives at html server (set)
Fake page templates are in /set/src/html/templates.
Yes the templates are there but when I create a new website with the option "Site Cloner", the website doesnt go to /set/src/html/templates. Can't find it anywhere :S
-
Look in the directory where set is, you'll find all the site templates there. I checked and they already have links to the real pages on the login buttons. IF the situation is that the victim cannot go to "https://www.twitter.com" or whatever it is because they think www.twitter.com is at 192.168.1.10, try removing the url and putting in the REAL ip for twitter on the login button.
I tested yesterday, and set redirects fine for me. Sometime the credential capturing pages don't, but all others seem to redirect fine. I tested it using the fake_dns module in metasploit and with a real DNS server.
As I mentioned before above, I don't use ettercap. I think this type of attack would be much smoother if you had an actual DNS server running that doesn't have problems talking to your router, I think your results will be iffy at best with ettercap.
I can access the templates that already came with SET. But when I choose to make a new cloned website, I can't locate it anywhere. Do you know how I can find it? I've searched like this "locate msn.com", but it doesn't return any results.
Thank you so much.
-
Look in the directory where set is, you'll find all the site templates there. I checked and they already have links to the real pages on the login buttons. IF the situation is that the victim cannot go to "https://www.twitter.com" or whatever it is because they think www.twitter.com is at 192.168.1.10, try removing the url and putting in the REAL ip for twitter on the login button.
I tested yesterday, and set redirects fine for me. Sometime the credential capturing pages don't, but all others seem to redirect fine. I tested it using the fake_dns module in metasploit and with a real DNS server.
As I mentioned before above, I don't use ettercap. I think this type of attack would be much smoother if you had an actual DNS server running that doesn't have problems talking to your router, I think your results will be iffy at best with ettercap.
So you use SET + metasploit + a DNS Server?
Do you know any good tutorial?
Thank you so much.
-
Just stop DNS spoofing after you capture their credentials or whatever so they have normal access to the internet. Or code the "login" button on the fake Twitter page to redirect to https://twitter.com.
When I create a new fake website through SET, I can't find its location. I want to change the login button to redirect the user to the real page.
For example when I create the http://www.fakewebsite.com and try to search where it is:
locate fakewebsite
It doesn't return any results. Where can I find the created fake website?
Thank you so much
-
Found a more specific answer to your question. Go into set's config directory and nano or gedit orwhatever "set_config". You will find the auto redirect option, make sure it's enabled.
AUTO_REDIRECT=ON
I have just checked and it is ON by default.
What do you advise me to do?
Thank you so much.
-
That should be on by Default. His issue is that he is spoofing DNS, so the redirect goes back to him...
What do you use instead of DNS spoofing (ettercap) when you use the SET?
Do you know any good tutorial?
Thank you so much.
-
My suggestion would be don't re-invent the wheel, Use Social Engineering Toolkit.
Thank you for your reply.
I am using Social Engineering Toolkit, but when the user goes to the false webpage (generated by the social enginnering toolkit) and makes the login, it is always redirected to that same false page. It's like the user makes whatever number of attempts to login and it obviously doesnt login. What I want to do is redirect the user to the real webpage after the first login on the false webpage generated by the social enginnering toolkit. Is there any option on the social engineering toolkit to make that redirection automatically after the first login?
Thank you so much.
-
Hey everyone !
I am using Backtrack 5 Gnome 32 bit version and I've successfully tested the DNS spoofing with ettercap among with the Social Engineering Toolkit. I watched a video in youtube explaining all the process.
So, when a user from my LAN accesses http://www.twitter.com and tries to login, the login fails and I'm able to get its username and password information, however the user is redirected to the same false twitter.com page.
How can I redirect the user to the real twitter.com page after that first login (in which I'm able to get its login data)? I would have to change that dns mapping because the twitter.com url is associated to my backtrack 5 linux machine. How can I redirect the user to the real page? (in this case the twitter page)
Thank you so much !
Backtrack 5 Dns Spoofing + Set -> How To Redirect To Real Page
in Questions
Posted
when using metasploit and the fake_dns module it gives me an error.
Failed to load module: auxiliary/server/mitm_fakedns
Do you know what it can be? :S
Thank you so much