20155201 Network Attack and Defense Technology Experiment Seven Network Fraud Prevention

Others 2022-04-28 05:01:14 views: 0

20155201 Network Attack and Defense Technology Experiment Seven Network Fraud Prevention

1. Practical content

  • Simple application of SET tool to create a fake website.
  • ettercap DNS spoof。
  • Combining the two technologies, use DNS spoof to guide specific visits to impostor websites.

2. Contents of the report:

1. Answers to basic questions

1) What scenarios are usually vulnerable to DNS spoof attacks

When your computer and the attacking machine are in the same network segment, they are connected to the same wireless or the like.

2) How to prevent the above two attack methods in daily work

After opening the webpage again, look at the URL in the URL bar. I remember seeing the fake Taobao address on the news before. It just changed the order of the original Taobao URL, but the user's username and password can be obtained to steal money... and then regularly Clear DNS cache.

2. Practice summary and experience

This experiment was done according to the blogs of the seniors and classmates, but I had a lot of problems, and I tried a lot, which can be regarded as accumulating experience and psychological quality... Every experiment seems to be telling myself which loopholes to pay attention to so as not to be attacked. Others attacked, and now I feel very vigilant, haha, but I still need to learn more.

3. Record of practice process

  1. Simple application of SET tool to build a fake website
  2. ettercap DNS spoof
  3. Combining the two technologies, use DNS spoof to guide specific visits to impostor websites.

Simple application of SET tool to build a fake website

  1. Change the access port of the SET tool to the default port 80, and use the sudo vi /etc/apache2/ports.confcommand to modify the Apache port file to ensure that the port is port 80.

  2. Open the terminal to see if there is a process occupying port 80: netstat -tupln | grep 80, If you see a process, use it to kill 进程号end the process. Then check whether it is occupied, after confirming that it is not, go to the next step.

  3. service apache2 startOpen the Apache service using

  4. Create another terminal and enter setoolkitto open the SET tool
  5. Select 1 Social-Engineering Attacks-> 2 Website Attack Vectors-> 3 Credential Harvester Attack Method->2 Site Cloner
  6. Enter the IP address of the attacker10.211.55.5
  7. Enter the url of the cloned website, here I tried Baidu first, it can be connected, but it is very uncomfortable not to record keystrokes

    • If Do you want to attempt to disable Apache?this selection appears y, Apache is shut down.

  8. Again, enter the website of the Academic Affairs Office http://192.168.200.83/cas/login, note that if this has a login interface, you can enter the student number, which is convenient for recording keystrokes

    • You can use the Url Shortener tool to disguise kali's IP as a URL that is not an IP address at first sight...

  9. Enter the disguised address in the target machine's browser address, and you can see that the attacker has received a link prompt

  10. Enter the user name and password on the target machine, and the attack machine can obtain all records

ettercap DNS spoof

  1. Use the command ifconfig eth0 promiscto change the kali network card to promiscuous mode; you can use ipconfig to see if eth0 is written behind[PROMISC]

  2. Enter the command vi /etc/ettercap/etter.dnsto modify the DNS cache table, as shown in the figure, add several DNS records for the website and IP, the IP address in the figure is the IP of my kali host:10.211.55.5

  3. Use the service apache2 startcommand to start Apache, because it was not turned on before, and the sniffing has been unsuccessful . It


    is still the blog garden's own ip.

  4. Enter ettercap -Gthe command, turn it on ettercap, and a visual interface of the big computer will pop up automatically.

    • SniffClick —> in the toolbar unified sniffing, and then select in the pop-up interface eth0, that is, monitor the eth0network card:

  5. In the toolbar, Hostsclick Scan for hostsScan Subnet, then click 击Hosts listView Active Hosts, add the IP of the kali gateway GW to target1, and add the target IP to target2:

  6. Select Plugins-> Manage the plugins, double-click dns_spoofto select the plug-in for DNS spoofing, you can see that it becomes * is enabled

  7. Using the command line in xp to ping www.cnblogs.comfind that the resolved address has become the address of kali10.211.55.5

At the same time ettercap, an access record was successfully captured on

Combining the two technologies, using DNS spoof to guide specific visits to impostor websites

  1. Combining the above two techniques, first clone a login page according to the steps of practice 1 , and then implement DNS spoofing through practice 2 , and enter the URL on the target machine Windows XP www.baidu.comto find that we have successfully accessed our impostor website:


  1. As you can see, the username and password are captured

    • In this experiment, in order to distinguish, the selected domain name and the phishing website are two URLs. If the domain name used is the URL of the Academic Affairs Office, I don’t know how many students’ passwords will be recorded, and the student status information is cool.

  2. PS: There were always problems in practice 2 before, and it was very face-to-face. When doing practice 3, I tried the first order first: practice 1 first, then practice 2, but the result was not good, because in practice 1, one step was to shut down the Apache service. After that, DNS spoofing and sniffing will not be successful. Change the order to practice the second, and then practice the first to succeed.

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=326104026&siteId=291194637
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com