Jump to content

DNS Spoof + Phishing = Success?


Recommended Posts

Posted

Hey guys!

So this is what I am trying to accomplish.

I've made a replica of a certain web mail login page running my php script wish simply sends the credentials to my mail instead of sending it to a server, and then simply redirects the user to an error page. What I want is whenever a user on my network tries to access the "real" site the get redirected to mine.

Is DNS spoofing the best way? Any another options?

I have physical access to the machine. Another option could possibly be to edit the "HOSTS" file in C:\Windows\System32\drivers\etc\ and add the line: 127.0.0.1 www.[real-webmail].com. Which will send the user to the local machine when trying to access the real webmail, and then you could run something like a IIS or Apache server with my script on it.. Could you instead of setting: "127.0.0.1 www.[real-webmail].com", set my local IP adress like this:

"192.168.1.* www.[real-webmail].com"? Would that send the user to my machine? This would be like a permanent DNS spoof, but no need to ARP or such..

This is just for educational purpose only. Knowledge is power.

/gEEEk

Posted

A DNS spoof attack would implicitly cause a DoS as well. After the 'error' is displayed, it is still not possible to reach the real site (if this is what you want). A MITM/phishing attack get around this.

Posted
A DNS spoof attack would implicitly cause a DoS as well. After the 'error' is displayed, it is still not possible to reach the real site (if this is what you want). A MITM/phishing attack get around this.

Hmm, I would if there is a DNS server out there that can serve up different records depending on the requesting client. So for instance when your target makes a DNS request it receives the address of your fake login page and when any other client makes a request it gets the genuine address.

Like Sparda has suggested you could use a MITM attack. What about setting up a proxy, because you have access to your target you could point its web browser to your proxy, and redirect that way. Also continuing the proxy idea how about using a transparent proxy which would not require any configuration on the target.

Posted
A DNS spoof attack would implicitly cause a DoS as well. After the 'error' is displayed, it is still not possible to reach the real site (if this is what you want). A MITM/phishing attack get around this.

Agreed, MITM would be the best way to go about it.

Posted

The problem is OS's and programs cache DNS resolution. Without a way of forcing the client to do a new DNS lookup it will try to visit the 'evil' utill such time as it decides to lookup again.

Posted
Phishing page + social engineering + browser address bar exploit = WIN

Indeed, but if you have the privilege of phising inside a network you might as well use it.

I ended up using a simple DNS spoof via MITM - ARP. It served its purpose well I suppose.

Thank you for your assistance.

/ gEEEk

  • 3 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...