Answer questions after the experiment
1. In what scenarios are usually vulnerable to DNS spoof attacks
In a public shared network, the network that can be pinged on the same network segment is very vulnerable to attack.
2. How to prevent the above two attack methods in daily work
Do not surf the Internet in an untrusted public network environment; pay attention to check its ip address (the interface can be impersonated but the ip address will not change)
Experimental process and steps
The ip of my kali: 192.168.23.133 The ip of the
xp target machine: 192.168.23.134
(Some of them are connected to the bestil network, and the IP address has changed.)
First check the occupancy of port 80 and kill the occupied process. I have no occupancy here. So just go straight down.
View the listening port of the apache configuration file, change the part in the box to 80 in the vi interface,
open a new terminal, enter apachectl start to open apache2
, open the set in the previous terminal, and then
select 1-2-3 to enter the phishing website attack method and
select 2 to enter . Clone website (let you set whether to use 1. website template, or 2. set up clone website, or 3. website designed by yourself
The requirement of this clone website is that it is best to have a static page and a login interface with a POST return. Now Baidu, QQ, and 163 are useless for cloning. Of course, you can use the supernatural production skills to make webpages)
Enter kali's ip and the url of the website to be impersonated. I forgot to take a screenshot here. . . Press Enter to start monitoring.
Enter http://short.php5developer.com/ in the browser to enter the disguised interface, enter kali's ip, and click short to get the disguised address
Fishing starts, let the target machine enter the camouflaged address just obtained, and get the following interface.
After waiting for ten seconds, pay attention to the ip address, but it is kali's ip.
In order to capture the user name and password information according to the teacher's request, I gave up the previous Baidu website and chose Google. In the last step of selection, choose 1 instead of 2. After entering the IP address, you can choose the Google website. As shown below:
Enable monitoring: access information when the white font below.
Write your username and password on the blank page below.
Click to log in, the page jumps, the kali monitoring page changes as follows, you can see that the account password has appeared (I called twice, there are two account passwords)
As you can see, it prompts you that the file that records the password is stored here
[*] File exported to /root/.set//reports/2018-05-02 20:12:15.819580.html for your reading pleasure...
[*] File in XML format exported to /root/.set//reports/2018-05-02 20:12:15.819580.xml for your reading pleasure...
As shown below:
Experiment 2 dns spoof attack
Notice! : Because you need to combine two tools to use DNS spoof to guide specific access to the fake website, do not turn off apache2, otherwise the parsed kali ip cannot be associated with the fake website.
First turn kali into promiscuous mode with the ifconfig eth0 promisc command
Enter the command vi /etc/ettercap/etter.dns, add two instructions (ip address is kali) in the position shown below (the IP address is changed in the middle, because the screenshot was not taken before)
Open the xp target machine, look at the ip and gateway, write down and
ping baidu, look at the ip of baidu, write down
and enter ettercap -G in kali, open ettercap, it is a big spider visual interface, click Sniff in the toolbar -> unified sniffing.
After that, the following interface will pop up, select eth0->ok
, click scan subnet under host in the toolbar, and check the surviving host
. After Target 2
is configured, click mitm>arp poisoning on the toolbar, select the first tick and confirm.
Select the toolbar plugin plugins>mangge the plugins, because we are going to do DNS spoofing, so select dns_spoof
and finally click strat> in the upper left corner. start sniffing to work
Ping Baidu on the target machine xp, and found that dns parsed it into kali's ip, and the attack was successful
Confirm it, open the target drone browser, enter www.baidu.com, enter the login interface, and enter the information interface without jumping (there should be a number in your heart to indicate that this is a fake website)
Experiment summary and experience
Through this experiment, I have a deeper understanding of url attacks and dns attacks. At the beginning, I didn't know what to do. I kept repeating the same content in a hurry, and there were always some mistakes, but I always believed that time can be After conquering everything and spending a lot of time, the experiment will always be completed. In addition, although we have done so many experiments, each of them makes us feel that the information is insecure, but this attack is obviously more shocking (the implementation process is too simple, the target drone is fooled It's too easy, it doesn't involve backdoors and malware, firewalls and anti-software can't detect it). In addition, I was deceived by phishing in the last semester. After the other party pretended to be the school website and entered the QQ mailbox, the QQ was stolen.