2017-2018-2 20155303 "Network Countermeasure Technology" Exp7: Internet Fraud Prevention

Others 2022-04-22 23:14:05 views: 0

2017-2018-2 "Network Countermeasure Technology" Exp7: Internet Fraud Prevention

————————CONTENTS————————

1. Principles and Practice Description

1. Practical goals

  • The goal of this practice is to understand the principles behind common online frauds, to raise awareness of prevention, and to propose specific prevention methods.

2. Overview of practice content

  1. Simple application of SET tools to build a fake website (1 point)
  2. ettercap DNS spoof (1分)
  3. Combining the application of two technologies, using DNS spoof to guide specific visits to impostor websites (1.5 points)

3. Answers to basic questions

  • Q: In what scenarios are you usually vulnerable to DNS spoof attacks?
    • A: Under the same local area network, as well as various public networks.
  • Q: How to prevent the above two attack methods in daily work?
    • A: DNS spoofing attacks are difficult to defend against because most such attacks are passive in nature. Normally, unless there is a spoofing attack, there is no way for you to know that your DNS has been spoofed, it's just that the web pages you open are different from the ones you intended to see.
      • Use the latest version of DNS server software and install patches in time;
      • Turn off the recursive function of the DNS server. The DNS server uses the record information in the cache to answer the query request, or the DNS server obtains the query information by querying other services and sends it to the client. These two types of queries become recursive queries, which can easily lead to DNS spoofing.
      • Don't rely on DNS: Don't browse the web on highly sensitive and privacy-critical systems, preferably not using DNS. If there is software that depends on the hostname to run, it can be specified manually in the device hosts file.
      • Use an intrusion detection system: When properly deployed and configured, an intrusion detection system can detect most forms of ARP cache poisoning and DNS spoofing attacks.

Back to Contents

2. Record of practice process

Attacker: kali Target: windows XP SP3 (English)

1. Simple application of SET tool to build a fake website

1. Since the phishing website needs to be linked to the http service of this machine, it is necessary to change the access port of the SET tool to the default port 80. Use the sudo vi /etc/apache2/ports.confcommand to modify the Apache port file and change the port to 80, as shown in the following figure:

2. Use the command in kali to netstat -tupln |grep 80check whether port 80 is occupied. If there is, kill+进程号kill the process with. As shown in the figure below, there is no other occupation:

3. Use to apachectl startstart the Apache service:

4. Enter setoolkitto open the SET tool:

Choose 1to perform a social engineering attack:

Choice 2is the phishing attack vector:

Choose 3-to-login password interception attack:

Choose 2to clone the website:

Then enter the IP address of the attacker, which is the IP address of kali:

Enter the cloned url:

5. In order to confuse the target machine, we disguise the target machine IP as a string of addresses:

6. Enter this address in the address bar of the target machine browser, press Enter, and the attack machine will receive a connection prompt:

7. Enter the (possibly wrong) user name and password on the target aircraft, and the attack aircraft can obtain all of them:

Back to Contents

2.ettercap DNS spoof

1. Use the command ifconfig eth0 promiscto change the kali network card to promiscuous mode;

2. Enter the command vi /etc/ettercap/etter.dnsto modify the DNS cache table. As shown in the figure, you can add several DNS records for the website and IP. The IP address in the figure is the IP of my kali host:

3. Enter ettercap -Gthe command and turn it on ettercap, a visual interface of ettercap will pop up automatically, click on the toolbar Sniff——>unified sniffing, and then select in the pop-up interface eth0->ok, that is, monitor the eth0 network card:

Scan for hosts4. Click Scan Subnet under Hosts in the toolbar , then click Hosts listView Survival Host, add the IP of the kali gateway to target1, and add the IP of the target machine to target2:

5. Select Plugins—>Manage the plugins, double-click dns_spoofto select the plugin for DNS spoofing:

6. Then click the start option in the upper left corner to start sniffing. At this time, when you use the command line in the target machine, ping www.mosoteach.cnyou will find that the resolved address is the IP address of the attacking machine:

At this time, an access record is also successfully captured on ettercap:

Back to Contents

3. Combining the two technologies, use DNS spoof to guide specific visits to impostor websites

Using the above two technologies comprehensively, first clone a login page according to the steps of Experiment 1 , and then implement DNS spoofing through Experiment 2.www.mosoteach.cn At this time, you can successfully access our impostor website by entering the URL in the target machine :

To differentiate from the task, try logging in with another username and password, which the attacker can also obtain:

If we clone the login interface of the original page www.mosoteach.cn, it will be difficult for users to notice that they are visiting a phishing website. When the user enters the user name and password, he does not know that it has been quietly obtained by the attack aircraft...

Back to Contents

3. Practice summary and experience

The original stolen password is so easy! In the past, I thought that everything would be fine if we didn’t randomly click on suspicious links, but DNS spoofing is really too difficult to defend against. Even if we enter a normal link, the page we visit may have been stolen for a long time. Therefore, not only can't click on the link at will, but also pay attention to whether the website we visit is cloned. In order to reduce the possibility of being attacked by this method, first of all, start by not connecting to public WiFi...

Back to Contents

Attached: References

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325320338&siteId=291194637
Recommended
Ranking
[Nodejs] Native nodejs routing, getting parameters, static directory
Introduction and use of the datetime module in python - used to process date and time, calculate time intervals, etc.
Java bytecode decompiler in IntelliJIDEA for Scala
Resolved local variable 'str' referenced before assignment
Transformer Vision (2) || ViT-B/16 network structure
Translation: The most impressive YouTube channel that allows you to learn AI, machine learning and data science
gRPC- interceptor simple to use
Fortunately, three times faster investment has been lost how to do? There Baoying tutor you fly 69,937,609
Using Django to create a new project in the Windows10 environment gives an error [django-admin.py: The "django-admin.py" item cannot be recognized as the name of a cmdlet, function, script file, or executable program. 】
What should I do if I need to prepare the product standard
Daily
More
2024-06-05(0)
2024-06-04(0)
2024-06-03(1)
2024-06-02(0)
2024-06-01(1)
2024-05-31(1)
2024-05-30(0)
2024-05-29(1)
2024-05-28(1)
2024-05-27(1)

Code World

© 2018 codetd.com