Jump to content

DNS spoof not spoofing the DNSes


barry99705

Recommended Posts

  • Replies 73
  • Created
  • Last Reply

Top Posters In This Topic

Found it. It's in the dhcp conf file.

config 'dhcp' 'lan'
        option 'interface' 'lan'
        option 'start' '100'
        option 'limit' '150'
        option 'leasetime' '12h'
        option 'ignore' '0'
        list 'dhcp_option' '3,172.16.42.42'
        list 'dhcp_option' '3,172.16.42.1'
        list 'dhcp_option' '6,172.16.42.1,8.8.8.8'
        list 'dhcp_option' '6,172.16.42.1,208.67.222.222'

208.67.222.222 is getting pushed to the client.

removed the last line, and the google dns address, so now it's not pushing alternate dns, but spoofhost still isn't redirecting.

Edited by barry99705
Link to comment
Share on other sites

Yeah I am having trouble with DNSspoof also. The first DNS server getting pushed from DHCP on the MKV is 172.16.42.1 but the second is OpenDNS's 208.67.222.222

Isnt that supplied so:

DNS1 provides redirects for all defined domains, and when user request is undefined, DNS2 can correctly resolve and pass the traffic on?

Otherwise wouldn't all undefined domains at 172.16.42.1 just fail as unreachable to the ensnared?

Link to comment
Share on other sites

Isnt that supplied so:

DNS1 provides redirects for all defined domains, and when user request is undefined, DNS2 can correctly resolve and pass the traffic on?

Otherwise wouldn't all undefined domains at 172.16.42.1 just fail as unreachable to the ensnared?

Yeah thats correct. But I can't figure out why the DNS request is passing 172.16.42.1 and reaching 208.67.222.222. I'm sure its just something I have misconfigured in my DSNSpoof configuration.

Link to comment
Share on other sites

there was an issue with Karma some time ago on an earlier MKIII or IV where editing in the gui caused rogue chars (^H? ^N?) to get inserted at the end of each line of the conf file and causing it to not fire up.

Wonder if mebbe this is something similar?

I don't know where this particular file is, but maybe someone who does could confirm the files are clean in VI or something? Worth a shot I guess.

Link to comment
Share on other sites

there was an issue with Karma some time ago on an earlier MKIII or IV where editing in the gui caused rogue chars (^H? ^N?) to get inserted at the end of each line of the conf file and causing it to not fire up.

Wonder if mebbe this is something similar?

I don't know where this particular file is, but maybe someone who does could confirm the files are clean in VI or something? Worth a shot I guess.

Yep! That's what it's doing. Now I just have to figure out what all configs it touches to remove the ^M's.

Link to comment
Share on other sites

Hey dude, can you post up the origional index.php? I thought I made a backup, but didn't.

<?php

//ini_set('display_errors',1);

if(file_exists('/pineapple/includes/welcome/')){include('/pineapple/includes/welcome/welcome.php'); exit(0);}

include_once('/pineapple/includes/api/auth.php');
if(isset($_GET['noJS'])){echo "You need to have JavaScript enabled to use this UI.";die();}
?>
<html>

<head>
	<title>WiFi Pineapple - Management</title>
        <meta http-equiv="cache-control" content="max-age=0" />
        <meta http-equiv="cache-control" content="no-cache" />
        <meta http-equiv="expires" content="0" />
        <meta http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT" />
        <meta http-equiv="pragma" content="no-cache" />
	<link rel="stylesheet" type="text/css" href="includes/css/styles.php" />
	<script src="includes/js/jquery.min.js"></script>
	<script src="includes/js/functions.js" type="text/javascript" ></script>
	<noscript><meta http-equiv="refresh" content="0;url=index.php?noJS" /></noscript>
</head>

<body onload="init()">
	<div class="statusBar"><div class="statusBar_content"></div><div class="logout"><a href="/?logout"><img src="/includes/img/exit.png"></a></div></div>
  <div class='popup'>
    <a id='close' href='JAVASCRIPT: close_popup()'>[X]</a>
    <div class='popup_content'></div>
  </div>
	<div class="tiles"><div class="tiles_wrapper"><div class="tile_expanded"></div></div></div>
</body>



</html>

<?php

if(!function_exists("check_login")){
  function check_login(){
    if (session_status() == PHP_SESSION_NONE) {
      session_start();
    }
    if(!isset($_SESSION['logged_in'])){
      include('/pineapple/includes/api/login.php');
      exit();
    }
  }
}

?>

that what youre looking for?

Link to comment
Share on other sites

I did as I indicated above, cleaned up the file and entered 2 test domains using VI, made sure there were only the 2 lines containing the domains, restarted DNSspoof, and I get the redirect.php as advertised for those 2 domains.

I haven't dug into it any further to see if there are further bugs, but DNSspoof went from not answering the call, to answering based on the above actions.

The issue appears to be the GUI editor, not DNSspoof, but again, I stopped there because I had other shit to get done. :)

Looking forward to seeing what seb & Darren have to say.

Edited by hfam
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...