20155305 "Network Confrontation" Internet Fraud Technology Prevention

Others 2022-04-22 23:13:42 views: 0

20155305 "Network Confrontation" Internet Fraud Technology Prevention

experiment procedure

Simple application of SET tool to build a fake website

Ping Kali and the drone:

Because Apache will use port 80 in the future, first check whether port 80 is occupied. netstat -tupln |grep 80If there is, you can kill 进程号kill these two processes and check the occupancy of port 80 again. There are no occupied processes.

Open /etc/apache2/ports.conf with vi, check whether the listening port in the configuration file is 80, if not, change it to 80.

apachectl startOpen apache2 with command

Looking at the error, it said that there was something wrong with ServerName, and then I entered the error into Baidu and found a solution: add this sentence at the end of the /ect/apache2/apache2.conf file:

Open apache2 again and it is successful

Open a new terminal, enter and setoolkitsee the following opening interface (before using the teacher's virtual machine to open a skull head is amazing, the other is very ordinary):

Then you can see a series of options, first choose 1 (social engineering attack)

Then choose 2 (web attack):

Then choose 3 (phishing attack):

Then choose 1 (web template):

Enter Kali's IP address when prompted, and choose to use the second template: 2 (Goolge):

Log in to http://short.php5developer.com/ to disguise the domain name of the web page, enter Kali's IP and click short to generate a disguised address.

Paste the generated disguised address into the browser of the target machine, and a transfer page will appear when it is opened (it feels exposed, the IP of this kali has been seen):

Then the template web page we used will appear.

Enter the account and password in it, click login, and you can see that the account name and password I just entered are displayed in Kali (the Google account is entered casually, which does not prevent Kali from monitoring the data I transmit):

I saw that the senior and senior sister wrote that the electronic education network can realize the attack of webpage cloning, so I also tried it, and the result is as follows (the steps are basically the same as the one using the Google template, so I will not go into details):

For safety's sake, I mosaicked the login URL of our school's educational affairs network

Captured my student ID password. The password here is also mosaic

ettercap DNS spoof

Ping Baidu in the drone to see Baidu's IP address.

Use the ifconfig eth0 promisccommand to change the kali network card to promiscuous mode.

Open the /etc/ettercap/etter.dns file and add the following two instructions to direct Baidu's web page to its own Kali address:

Type in kali to ettercap -Gopen ettercap.

Then click on the toolbar Sniff, select unified sniffing, a dialog box pops up, select eth0 and click OK.

Select the host in the toolbar to scan the subnet to view the surviving hosts and get the following results. Add the gateway IP and host IP to Target 1 and Target 2 respectively:

Add a dns spoofing plugin Manage the plugins:

Double-click the plugin in the figure to run:

Click start on the toolbar to start sniffing:

Ping Baidu again in the target machine and find that Baidu's IP address has become its own Kali address:

Use DNS spoof to direct specific visits to impostor websites

This is actually a combination of the two things I did before. Fortunately, I didn't turn off apache and monitoring after the URL attack just now, so I don't need to reconfigure the previous steps.

I entered Baidu's URL http://baidu.com in the target drone's browser, and the guide was still the Google webpage I set before (because I changed it to the IP of kali before, so the Baidu interface will definitely not appear but Directly leads to kali's website and then enters the phishing website (fake Google):

Enter the account password, this time is different from the first input, which is convenient to distinguish different experiments

Capture and enter the exact same account password

Experiment summary and experience

In this experiment, I used the teacher's kali for the first time, because Apache2 was really a problem that I couldn't solve for a long time on Baidu, so I thought about using my own kali to try it out. As a result, the problem of ServerNmae was solved by me and then I opened Apache , Although there were various mistakes in the whole process of this experiment, after all, relying on Baidu to try boldly, fortunately, the solution process was smooth. This is how the phishing website came about. Of course, it has to be combined with web programming. Make a website you want to deeply attract you and then tempt you to enter your bank card account password. Your money may be gone. Haha, there is no end to learning, I am very happy to know the simplest phishing website. You can use the educational affairs network to get your classmates account password and then what do you want to do? Anyway, I can't do anything haha. Quite a sense of achievement.

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325319178&siteId=291194637
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com