1. Practice objectives and content
The goal of this practice is to understand the principles behind common online frauds, to increase awareness of prevention, and to propose specific prevention methods. Specific practices include:
- Simple application of SET tool to build a fake website
- ettercap DNS spoof
- Combining the two technologies, using DNS spoof to guide specific visits to impostor websites
Second, the practical process and steps
1. Use the SET tool to create a fake website
1.1 First query the usage of port 80
- Use the
lfos -i:80command to view the situation of port 80, kill the process occupying port 80, and then check that there is no process occupying port 80.
1.2 Modify the listening port configuration file and modify it to listen to port 80 (in fact, it is originally port 80)
- `vi /etc/apache2/ports.conf
1.3 Use to service apache2 startopen the apache2 service, and then agree to the service
1.4 Select 1, 2, 3 in turn, that is, the web page attack in the social engineering attack, and then select the credential harvesting attack
1.5 At the beginning, select the template that comes with it, that is, 1, and select "1", which is Java Required. After the attack, open the ip address of kali in the target machine, you can see that the java website is opened and get instant feedback
1.6 I am more interested in cloning websites, so I carried out another attack on cloning websites, but it was not successful. It may be that Youdao has banned cloning
2. Use ettercap DNS spoof
2.1 Enter ifconfig eth0 promiscto set the network card to promiscuous mode and use service apache2 startto open apache2
2.2 Enter leafpad /etc/ettercap/etter.dnsand modify the DNS cache table used to deceive, add the following command in it, the ip inside is the ip of kali, and save and exit
2.3 Enter ettercap -Gthe graphical interface of Ettercap, and select according to the picture, and make sure to select the eth0 network card
2.4 In the hosts drop-down menu, select Hosts list to view the list of surviving hosts, and select Scan for hosts to search for surviving hosts, and select Mitm->Sniff remote connections
2.5 Select manage plugins in Plugins, select dns_spoof, and click Start to start sniffing
2.6 At this time, you can see ping www.baidu.com, the ping is kali's ip
3. Combining SET tool and ettercap DNS spoof two technologies, use DNS spoof to guide specific access to impostor websites
The steps before 3.1 are similar to 1 and 2, that is, first generate a fake website, and then use the ettercap tool to bind the ip of kali to www.baidu.com in the DNS cache table, so that the target machine can access www.baidu.com It's time to jump to a fake website
3.2 When the user logs in, you can see the login user name and password
3. Answers to basic questions
(1) In what scenarios are usually vulnerable to DNS spoof attacks?
- In the public network, and the firewall is not opened, the hosts in the network can be easily attacked if they can ping each other, and they are more vulnerable to attacks if they access unfamiliar IP addresses at this time
(2) How do you work in daily life? Prevent the above two attack methods - Do not easily enter the public network, keep the firewall open
- Before opening an unfamiliar link, you can look up the link first, pay attention to whether the IP address of the webpage is real, and check if there is a problem
Fourth, the existing problems
DNS spoof cannot always be implemented when the network mode is NAT mode
- Solution: Later
traceroute Address, the gateway of the virtual machine will be stuck in the virtual machine, so it is inferred that the gateway of the virtual machine has the function of isolation. Baidu took a look, and sure enough, if you want to traceroute in NAT mode, you need to add a c++ file, which is a bit troublesome, so I changed it to Used as bridge mode, it successfully
parses the behavior of vmnat
Five, experience
- Through this experiment, we realized the establishment of impostor websites and domain name spoofing through two tools. We realized that there are too many loopholes in life, and we need to learn network attack and defense to prevent them.