gEEEk Posted March 30, 2009 Posted March 30, 2009 Hey guys! So this is what I am trying to accomplish. I've made a replica of a certain web mail login page running my php script wish simply sends the credentials to my mail instead of sending it to a server, and then simply redirects the user to an error page. What I want is whenever a user on my network tries to access the "real" site the get redirected to mine. Is DNS spoofing the best way? Any another options? I have physical access to the machine. Another option could possibly be to edit the "HOSTS" file in C:\Windows\System32\drivers\etc\ and add the line: 127.0.0.1 www.[real-webmail].com. Which will send the user to the local machine when trying to access the real webmail, and then you could run something like a IIS or Apache server with my script on it.. Could you instead of setting: "127.0.0.1 www.[real-webmail].com", set my local IP adress like this: "192.168.1.* www.[real-webmail].com"? Would that send the user to my machine? This would be like a permanent DNS spoof, but no need to ARP or such.. This is just for educational purpose only. Knowledge is power. /gEEEk Quote
DingleBerries Posted March 30, 2009 Posted March 30, 2009 Phishing page + social engineering + browser address bar exploit = WIN Quote
Sparda Posted March 30, 2009 Posted March 30, 2009 A DNS spoof attack would implicitly cause a DoS as well. After the 'error' is displayed, it is still not possible to reach the real site (if this is what you want). A MITM/phishing attack get around this. Quote
freeb Posted March 30, 2009 Posted March 30, 2009 A DNS spoof attack would implicitly cause a DoS as well. After the 'error' is displayed, it is still not possible to reach the real site (if this is what you want). A MITM/phishing attack get around this. Hmm, I would if there is a DNS server out there that can serve up different records depending on the requesting client. So for instance when your target makes a DNS request it receives the address of your fake login page and when any other client makes a request it gets the genuine address. Like Sparda has suggested you could use a MITM attack. What about setting up a proxy, because you have access to your target you could point its web browser to your proxy, and redirect that way. Also continuing the proxy idea how about using a transparent proxy which would not require any configuration on the target. Quote
dr0p Posted March 30, 2009 Posted March 30, 2009 A DNS spoof attack would implicitly cause a DoS as well. After the 'error' is displayed, it is still not possible to reach the real site (if this is what you want). A MITM/phishing attack get around this. Agreed, MITM would be the best way to go about it. Quote
Sparda Posted March 31, 2009 Posted March 31, 2009 The problem is OS's and programs cache DNS resolution. Without a way of forcing the client to do a new DNS lookup it will try to visit the 'evil' utill such time as it decides to lookup again. Quote
gEEEk Posted April 1, 2009 Author Posted April 1, 2009 Phishing page + social engineering + browser address bar exploit = WIN Indeed, but if you have the privilege of phising inside a network you might as well use it. I ended up using a simple DNS spoof via MITM - ARP. It served its purpose well I suppose. Thank you for your assistance. / gEEEk Quote
Xqtftqx Posted April 23, 2009 Posted April 23, 2009 Wouldnt a simple arp exploit be better? unless your trying to phish a ssl site Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.