20155326 "Network Confrontation" Internet Fraud Technology Prevention
Practical content
(1) Simple application of SET tool to build an impostor website
(2)ettercap DNS spoof
(3) Combine the application of two technologies, and use DNS spoof to guide specific access to impostor websites.
Questions to answer after the experiment
(1) What scenarios are usually vulnerable to DNS spoof attacks
It should be most vulnerable when connecting to a website, such as a restaurant, campus network, or when your own wireless network is maliciously used.
(2) How to prevent the above two attack methods in daily work
We should use the Internet safely, and we should not click or not. If there is space, clear the DNS cache, so that we cannot directly search from the cache when we connect next time.
practice process record
Simple application of SET tool to build a fake website
Since the phishing website needs to be visible on other hosts, it is necessary to enable the Apache service of the local machine. First, install Apache.
You need to change the port number of the Apache service to 80, so you need to use the netstat -tupln |grep 80 command in Kali to check whether port 80 is occupied.
It can be seen from the above figure that my port 80 is already occupied, so I need to kill the process, use the command kill + process number to kill the process.
Then modify the Apache configuration file, type sudo vi /etc/apache2/ports.conf in Kali, and modify its port to 80.
Use the apachectl start command to start the Apache service. The prompt here is a bit different from the normal startup prompt. I followed the systemctl status apache2 prompted by it to check more information and found that it was actually started.
Then open the SET tool in a new terminal and type settoolkit.
Type 1 to select social engineering attack.
Next choose 2 web page attacks.
Choose 3 phishing sites to attack.
Next select the 1web template.
Enter Kali's IP address when prompted, and choose to use the second template: 2 (Goolge):
Log in to http://short.php5developer.com/ to disguise the domain name of the web page, enter Kali's IP and click short to generate a disguised address.
Visit the generated URL on the browser of the target machine, and you can see that our kali successfully cloned the website, but the IP of kali is displayed here.
Enter the account and password casually in it, click login, and you can see that the account name and password I just entered are displayed in Kali. Regardless of whether the account password is true or false, it will not prevent Kali from monitoring the transmitted data.
Then realize the attack of webpage cloning of the e-learning network.
The steps are basically the same as the previous one using the Google template.
1 (social engineering attack) -> 2 (phishing attack vector) -> 3 (login password interception attack) -> 2 (cloning website)
After selecting, you can see that the IP of kali has been automatically generated, and then enter the URL to be cloned
ettercap DNS spoof
First use the command ifconfig eth0 promisc to change the kali network card to promiscuous mode.
Edit ettercap's dns file. Enter the command vi /etc/ettercap/etter.dns to direct Baidu's web page to your Kali's IP address
Type ettercap -G in kali to open ettercap.
Click Sniff in the toolbar, select unified sniffing, a dialog box will pop up, select eth0 and click OK.
Under Hosts in the toolbar, first click Scan for hosts to scan the subnet, then click Hosts list to view the surviving hosts, add the IP of the kali gateway to target1, and add the IP of kali to target2
After configuration, click mitm>arp poisoning in the toolbar, select the first check and confirm
Select the toolbar plugin plugins>mangge the plugins, because we want to do DNS spoofing, so select dns_spoof
Click strat>start sniffing in the upper left corner to start working
This is the result of pinging Baidu before turning on sniffing:
The result of pinging Baidu after sniffing is turned on, this is not right. . After setting ettercap, Baidu's IP has become neither kaliip nor his original ip
I did it again, opened a win7 virtual machine as the target machine, reconfigured it, and pinged the results after start.
Here, it is found that Baidu's IP address has become its own Kali address, and the record of the rake pinging Baidu can also be seen in ettercap.
Use DNS spoof to direct specific visits to impostor websites
This is actually a combination of the two previously done, using the first technique to clone a login page, and then implement DNS spoofing with the second technique.
First, add a record of www.baidu.com to the DNS cache table, the ip is the IP of kali, this has just been configured~~
Enter Baidu's website http://baidu.com in the browser of the target drone, and the guide is still the Google webpage I set before (because I changed it to the IP of kali before, so the Baidu interface will definitely not appear but directly Directed to kali's website and then entered the phishing website (fake Google):
Enter any user and password
Open one of the two URLs I set on the drone, jump directly to my phishing website, and the username and password entered in the drone are also successfully obtained.
Experiment summary and experience
In this experiment, I realized the phishing website by myself, and I feel a little proud hahaha. In addition, I think we should use the Internet correctly, and check the computer frequently to prevent personal information from being stolen by others.