TT1TTONE Posted October 15, 2011 Posted October 15, 2011 Firstly; I want to mention that I'm new to the forums even though that I've followed the Hak5 show for a very long time, however - hi, everyone! :) Now, I've got some questions that I think you guys might be able to help me out with; I've been thinking for some time about doing a prank on my friends sometime when we are together at a LAN-party or so, by doing a DNS-spoof with Ettercap redirecting them to a clone of a regularly visited social site (Face...) which will have the look as if it had got hacked (or rather defaced). I've never used Ettercap before but I've seen a lot of tutorials on Youtube but unfortunately I've not been able to find its manual nor its official forums, so I'm not completely sure about how to go ahead. But if I've understood it correctly, the process of DNS-spoofing with Ettercap is done in the following 2 steps (very simplified): Ettercap tells the default gateway that the URL of choice - www.URL.com - refers to my computers IP-adress. When people who's inside of that gateway tries to browse the site with that URL, the gateway recalls "Oh, that belongs to this (internal) IP-address" and redirects them to me. Am I correct about this or is there something that I've missed or should be aware of? Is the DNS-cache poisoning harmful in any way? How do after the prank is done tell the gateway to forget about my spoof and go ahead and process/recognize that URL as it would usually do? I don't want it to keep thinking that I'm the holder of that URL. May I accidentally cause any harm to the network, my friends' computers or to someone/something else? I really don't want to risk their belongings such as online accounts or infecting their computers with malicious stuff. Another question that I got is about pen-testing in general. I've for a long time got more and more interested about and have tried to obtain as much knowledge as possible regarding this. However, I've yet to start doing some practicals and learn-by-doing but what draws me back from starting is my concern that I unwillingly might cause any harm to may it be my test computer, my private network and the connected computers or my friends' computers if I prank them as mentioned above. As for a starter-kit, I've found what I think might be 3 or 4 good applications to start with, being: Nmap - scanning/analyzing of devices on a network Metasploit - exploitation of the devices Wireshark - analyzing traffic between devices Ettercap - security testing of a network and for some pranks Any other software that you would recommend? Now the listed softwares is all open-source, but does it mean that one could trust the author(s) in the matter that the software is not doing things - or rather - only doing things that the user wants it to do? Are those tools/softwares of the kind that you would want to use as a professional pen-tester or are they considered more as script-kiddie tools? Is Backtrack better to start of with, and if so, is it itself as a distribution and the applications it contains safe aswell? If you have read all the way to here - thank you very much! I'm sorry if I've been unclear on something or if there is any eventual spelling/grammar errors, English is not my first language :) // TT1TTOne Quote
Infiltrator Posted October 15, 2011 Posted October 15, 2011 You might want to do a bit of reading, can I recommend these articles for you. https://duckduckgo.com/?q=how%20arp%20poisoning%20with%20ettercap Quote
TT1TTONE Posted October 15, 2011 Author Posted October 15, 2011 You might want to do a bit of reading, can I recommend these articles for you. https://duckduckgo.com/?q=how%20arp%20poisoning%20with%20ettercap Thanks for your advise! :) What about my questions? Would appreciate any kind of input! Quote
TT1TTONE Posted October 16, 2011 Author Posted October 16, 2011 I just realized that this thread is at wrong forum, can any moderator or admin move it to the "Questions"-forum? Sorry for bumping, but don't know where else to report this. Quote
Infiltrator Posted October 17, 2011 Posted October 17, 2011 ARP poisoning can potentially slow down things down, since the traffic of the computers your poisoning is going through your computer. If your computer is not able to handle all that traffic, users will experience slowness on the network. The worse case scenario would be that things will stop responding and eventually break down. Secondly, when you perform an ARP attack you become the default gateway for the victims, any traffic coming from the victims will flow through your computer and then passed on the the real default gateway. Furthermore, the moment you stop ARP poisoning all the victims traffic will flow through the real gateway. Quote
TT1TTONE Posted October 17, 2011 Author Posted October 17, 2011 ARP poisoning can potentially slow down things down, since the traffic of the computers your poisoning is going through your computer. If your computer is not able to handle all that traffic, users will experience slowness on the network. The worse case scenario would be that things will stop responding and eventually break down. Secondly, when you perform an ARP attack you become the default gateway for the victims, any traffic coming from the victims will flow through your computer and then passed on the the real default gateway. Furthermore, the moment you stop ARP poisoning all the victims traffic will flow through the real gateway. Thank you very much Infiltrator for your inputs! Does what you wrote apply to DNS-spoofing as well, or does it come with more/less/other risks? Even though that I know that they differ from each other (ARP poisoning and DNS-spoofing, that is) , I just want to make sure that I don't miss something important. And once again - thank you very much for your nice answers! Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.