Exp7 Internet Fraud Prevention
1. Experiment content
The goal of this practice is to understand the principles behind common online frauds, to increase awareness of prevention, and to propose specific prevention methods. Specific practices are
(1) Simple application of SET tool to build an impostor website
(2)ettercap DNS spoof
(3) Combine the application of two technologies, and use DNS spoof to guide specific access to impostor websites.
2. Answers to basic questions
(1) What scenarios are usually vulnerable to DNS spoof attacks
(2) How to prevent the above two attack methods in daily work
3. Experimental steps
1. URL attack
First, make sure that the Kali and the target can ping each other.
Then, to make the impostor website visible on other hosts, you need to open the Apache service of this machine, and change the default port of the Apache service to http protocol port number 80, and use the command to netstat -tupln | grep 80 check whether port 80 is occupied. If there are other services running, use to kill+进程IDkill the process.
Use the sudo vi /etc/apache2/ports.conf command to modify the Apache port configuration file and change the port number to 80.
Enter the command service apache2 start to start the Apache service.
Enter the command setoolkit to open the SET tool.
Select 1. Social engineering attack - 2. Web page attack - 3. Authentication acquisition attack - 4. Website cloning
Here I have tried many websites such as Baidu, QQ, etc., but they can only load the current page. If you want to continue to the next step, you will jump normally. You should have taken preventive measures. Follow the students to choose the home page of the school network. As the goal, I can finally intercept the user name and password.
Of course, you can "multiple times" to cover up the IP address of the attacking machine Kali, find a short URL to generate a website, generate it, or send the IP directly to the other party without being blatant (although the attack is displayed after clicking on the website). IP of the machine).
2、Ettercap DNS spoof
In order to further disguise the phishing links we made, we need to use a DNS spoofing tool - Ettercap.
First use the command ifconfig eth0 promisc to change the kali network card to promiscuous mode.
Enter the command vi /etc/ettercap/etter.dns to modify the DNS cache table, and add a record in the position in the figure. I added a DNS record for the QQ homepage, and the IP address behind is set to the IP of the attacking machine kali.
Use the command to ettercap -G open ettercap, and an ettercap interface will automatically pop up after a while. Click Sniff in the toolbar—unified sniffing, and then select eth0 in the pop-up options window, and the 点击确定eth0 network card will be monitored.
Select Hosts in the menu bar, first click Scan for hosts Scan Subnet, then click Hosts list View Survival Hosts, add the gateway IP of the attacking machine Kali to target1, and add the target machine IP to target2
Select Plugins - Manage the plugins, double-click to select the plugin dns_spoof for DNS spoofing attacks.
Then click the start option in the upper left corner to start sniffing, at this time use the command line in the target machine ping QQ主页网址,或者直接用浏览器访问QQ主页都能 在ettercap 上查看到访问记录。
The IP address returned when pinging here is still displayed as the IP address of the QQ homepage, but as long as you tick the Sniff remote connections remote link sniffing of Mitm - Arp poisoning (Arp spoofing), you can see that the return is our attack machine Kali IP address.
3. Use DNS spoof to guide specific visits to impostor websites