Jump to content

Mitm Phishing Attack


Samysam
 Share

Recommended Posts

So, I remember hearing on a sorta older episode when darrens at mubix's place and they talk about social engineering toolkit and MiTM's

and Darren talks about doing a man in the middle with some target machine and when the target requests a site like gmail or something it redirects the target machine to a phishing site, or a site with a java exploit on it to load a meterpreter or something along those lines... Anywho

how would someone go about doing this?

is this even possible?

Link to comment
Share on other sites

You can use dns poisoning to redirect a user from a legit website to a fake one.

And then use Metasploit to create a reverse shell.

Link to comment
Share on other sites

So, i wouldn't be able to edit a request to a website to a different one (like a locally hosted faked or phishing site) through ARP spoofing?

anyhow... DNS poisoning any Hak5 episodes on this?

Sounds like what I wanted to perform!

Maybe i'd mix it up with the social engineering toolkit's java applet attack :D

I'll try it out on my network when i get home

Edited by Samysam
Link to comment
Share on other sites

I can't remember from the top of my head, what episode talks about DNS poisoning.

But if you look into Ethercap or Cain and Abel, you should be able to perform the attack.

Link to comment
Share on other sites

Worked like a charm! thanks a bunch

started up ettercap ran a dns spoof and BAM everyone in my network that requests to go to sayyyyy google.com

goes straight to a local test site i setup which could be set as anything, such as a reverse shell :D

Edited by Samysam
Link to comment
Share on other sites

Worked like a charm! thanks a bunch

started up ettercap ran a dns spoof and BAM everyone in my network that requests to go to sayyyyy google.com

goes straight to a local test site i setup which could be set as anything, such as a reverse shell :D

Glad it worked and glad I could help.

Edited by Infiltrator
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...