Welcome back, my novice hackers! There are SOOOO many ways to hack a system or network, which means in order to be successful. Many novice hackers focus way too much energy on (which should be a last resort unless you have specialized tools or a 10,000 machine botnet) or exploiting a in an operating system (increasingly rare). With all the protocols that computer systems use (DNS, SMTP, SMB, SNMP, LDAP, DHCP, etc), there is bound to be a vulnerability in one that we can exploit to get what we're after. DNS Spoofing: Redirecting Users to Your Website In this hack, we will be exploiting the (DNS). As you know, DNS is used for domain name resolution or converting a domain name such as to an IP address, 8.26.65.101. If we can mess with this protocol, we could very well send some one looking for a domain name such as to our malicious website and harvest their credentials.

Mar 15, 2014. Welcome back, my novice hackers! There are SOOOO many ways to hack a system or network, which means you need to think creatively in order to be successful. Many novice hackers focus way too much energy on cracking passwords (which should be a last resort unless you have specialized tools or a. Accessing DNS from the outside. Many routers allow port 53 (UDP and TCP) on the WAN port the router to be portmapped to port 53 (UDP and TCP) on the inside of the router itself, exposing the DNS on the router to the outside world. The DNS servers on most routers seem to be pure forwarders though, with no caching.

Dug Song of the University of Michigan developed a suite of hacking tools that are excellent for this purpose. We have already used one of his tools, arpspoof, for doing a. In this attack, we will be using his dnsspoof tool, which will enable us to spoof DNS services on a local area network. Cambiare Software Autoradio Cinese New Year 2017 there.

Remember, even though this hack requires that you be on the same LAN, you could get access to the LAN through a remote vulnerability or a weak password on just ONE machine on the network. In institutions with thousands of computers on their network, that means you must find a single machine that is exploitable to be able implement this attack for the entire network.

Step 1: Fire Up Kali Let's get started by firing up and going to Applications ->Kali Linux ->Sniffing ->Network Sniffers, and finally, dnsspoof, as seen in the screenshot below. Step 4: Flush the DNS Cache First, we need to flush the DNS cache of the Windows 7 system. In this way, the Windows client won't use the cached DNS on the system and will instead use our 'updated' DNS service.

In reality, this step is not necessary, but for our demonstration it speeds things up. First, close the browser and type: • ipconfig /flushdns Now we need to set our network card on our Kali server to promiscuous mode (she, your network card, will accept anyone's packets). • ifconfig eth0 promisc Now we need to kill the connection between the Windows 7 system and [www.bankofamerica.com]. This forces the Windows 7 machine user to re-authenticate.

• tcpkill -9 host [www.bankamerica.com] After killing www.bankofamerica.com, stop the tcpkill with a ctrl c. Step 5: Create Hosts File In my, I showed you how the hosts file in Linux acts like a static DNS.

Here we will be using the hosts file to redirect that Windows 7 system's search for Bank of America to our website. Let's go to the /usr/local directory. • cd /usr/local From there, let's open the hosts file in any text editor. Kali doesn't have kwrite that we had been using in BackTrack, but it does have a graphical VIM, or gvim, so let's use that.

• gvim hosts Now that we have the hosts file open, we need to add the following line to it. Remember, the hosts file is simply mapping an IP address to a domain name, so we put our IP address in and map it to [www.bankofamerica.com].

• 192.168.1.101 It's important here to use the TAB key between the IP address and the domain. Spaces will be interpreted by the system to be part of the domain name. Step 6: Create a New BOA Webpage Before we go any further, we now need to turn off promiscuous mode on our network card (she decided to commit to you and only you). • ifconfig eth0 -promisc Now we need to create a website that the user will be directed to when they type in the URL of their browser. Let's create a simple webpage. If you want more info on how to create a simple webpage and host it in Linux, check out my. Now open the index.html. Convert Pdf To Editable Word Document Online Free.

• gvim /var/www/index.html. You Asked 2 Questions: 1.How to host site on kali? Ans: You can host a site on kali using Apache. Place the files of the site in your apache directory which is '/var/www/' and start the apache server by clicking on Kali Linux ->System Services ->HTTP, and select, apache2 start 2.How to make it public site?

Ans: To make your site a public site so people who are out of your LAN can see it you need to forward your Port 80, and goto whatismyip.com to find out your ip. Give your ip to the person whom you want to see the site. When he will open the Ip in his browser he will be redirected to your hosted site. D4rkF34r Reply.

Great tutorial thanks OTW. How can we use this for the same LAN?

By example I want to redirect all users on the same lan to my local ip, instead of the virtual machine. I am using kali and virtualbox for tests. It works on my wlan0 interface which is bridged with virtualbox. But another PC on my LAN isn't being redirected to my ip. And what about websites with the https protocol like facebook. If i write any http website like wonderhowto.com it works. But as soon as I want to assign my local ip to it doesn't work.

Is this because facebook redirects the website to an https server? Thanks in advance Reply. Yeah then it works but only on the virtual pc's inside the netbook. As I said: other pc's from the same network ( LAN ) aren't being redirected to the kali PC. I do the following on the kali pc: ifconfig wlan0 promisc tcpkill -i wlan0 -9 host ifconfig wlan0 -promisc my hosts file looks like this: /usr/local/hosts: 192.168.1.8 With a tab between the ip and domain there is a index.html inside /var/www/ and apache is started (when i go to on the netbook it shows up). After it I run: dnsspoof -i wlan0 -f hosts but no luck:( Reply.

After some research I've found a possible cause for the error; dnsspoof: libnetgetipaddr4(): ioctl(): Cannot assign requested address Someone on a forum said that if the wireless adapter wasn't in NAT mode it could cause this error in a VM, also IP forwarding could cause this error to occur. I'm not working in a Virtual environment and haven't tested this 'theory' yet, but since I've found this I hope it can help some of the other users here that are using a VM and have the time to test it. Ps: Keep me posted if this worked for you! I just recently found this blog and I like eet, it reminds me of 'A day with Tape' blog from when backtrack was still the shit. I succesfully cracked wpa2/psk password but now I am trying to get the router user/pass, which apperantly isnt the default configuration.

So I guess I must fire up my php skills and make a simple fwrite login / password box, fire up apache, and with a little juicer web design and bullshit social engineering I could get force them to type the user / pass out of sheer frustration. ThankYou lol Reply.