Advertisements

DNS Spoofing – Hacking Technique

This tutorial was meant to inform the community of a modern technique countless hackers are using to harm innocent people.

This tutorial is meant to be purely educational. By reading this tutorial, you agree that you will not replicate the steps I have listed below on ANY Wi-Fi but your own; and you will not use these techniques to manipulate the web requests of anyone but yourself without the proper consent.

Overview of Tutorial

1. Getting an understanding of DNS Spoofing.
2. Tools and requirements.
3. Downloading and set-up.(Sub section)
4. Performing a DNS Spoofing attack.
5. How to prevent DNS Spoofing.
6. Summary

Getting an understanding of DNS Spoofing

Wikipedia defines “DNS spoofing” as the following:
“DNS spoofing (or DNS cache poisoning) is a computer hacking attack, whereby data is introduced into a Domain Name System (DNS) resolver’s cache, causing the name server to return an incorrect IP address, diverting traffic to the attacker’s computer (or any other computer).”
en.wikipedia.org/wiki/DNS_spoofing

To put it short, by the end of this tutorial you will be able to manipulate web requests on your OWN wireless network. For example: if your targeted computer tries to reach http://www.facebook.com, you can manipulate the web request to redirect the targeted computer to send a web request to a web server hosted on your computer, stating that facebook.com is blocked on your Wi-Fi, or redirect someone to your own version of http://www.facebook.com which has a much cooler GUI than the original.

Tools and Requirements

Cain and Abel
Windows Operating System (or Windows virtual machine)
Note taking application

Downloading and set-up

#1 – Downloading Cain and Abel
Info: Cain and Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.Download Link: http://www.oxid.it/cain.htmlDirections:
Upon navigating to the link, you will find a webpage that looks something like this:
[Image: Ofpv2eu.png]
When the file has completed downloading, you want to take the following measures to ensure Cain and Abel is ready for use:
1. Disable the windows firewall
2. Always run Cain and Abel as administrator (you may want to enable this in the property section of the application.)
3. Make sure you are connected to the desired wireless network (DO NOT USE THIS ON ANY NETWORK BUT YOUR OWN)

Performing a DNS Spoofing attack

Step 1
Start up Cain and Abel
(Make sure Cain is running with administrative privileges and the Windows firewall is disabled)
[Image: cTpr5vH.png]
Step 2
Navigate to the “Sniffer” tab, enable the “sniffer”, and start a scan on your network (using the plus icon and pressing start scan) (this will locate the IP addresses of all devices on your network, as well as the mac address and OUI footprints).
[Image: FOILa1J.gif]
Step 3
Once you find all the IP address listed, its now your job to locate which IP address is your router, and which one is your targeted computer.For example:
My router’s IP address is: 192.168.1.1
While my targeted computer’s IP address is: 192.168.1.7Step 4
Now its time to begin ARP on your selected computer and redirect traffic!Firstly, select the ARP tab on the lower tab set.
[Image: V7ryFpO.png]Second, you want to click inside of the upper tab set on the ARP tab.
[Image: C0iEwHi.png]Step 5
This will enable the plus button on the options menu above. After this is enabled, you want to click the plus button.
Upon doing this, you will be prompted by a selection module. which will ask you to select two IP addresses. If you were paying attention up to now, that is where those two previous IP addresses you wrote down come into use.
In the first selection box, you want to select your routers IP address. In my case, its 192.168.1.1
Yours may be different.

After clicking your routers IP address, the next selection module will load a series of results. The results are all the other IP addresses associated with your router. This is where you will select one or more of the IP addresses as the targeted computer. The targeted computer can be any OS; including phones, tablets, Linux, OSX, Windows, or any other which has the ability to communicate with the internet.

[Image: uhGceUV.gif]

Step 6

Click the ARP button to activate the ARP poisoning.
[Image: xDtKSTv.png]Step 7
Once poisoning is activated, navigate to the tab on the left titled, “ARP-DNS”.
[Image: cb7jUcA.png]Step 8

Add your entry.Begin by right clicking on the ARP-DNS form. This should prompt you with a selection menu. The options include: “Add to List”, “Edit”, “Remove from List”, “Remove All”. You want to select “Add to List”.

A form should prompt you to enter in the desired information.
(And of course, pictures are provided)
[Image: ZW6cT4M.png]

For mine, I entered in facebook.com, and my IPv4 for the address to redirect packets to.

Step 9
Have the targeted computer try to access the “DNS Name Request” you entered in ARP-DNS. For me, it was http://www.facebook.com

If you did it right, the connection will time out, since there is no server to be accessed on your IP address.

If you wanted the targeted computer to be redirected to a different website, like google, or yahoo , you would simply resolve the IP address of that website and enter it into the box in ARP-DNS. This will work, assuming that the website allows direct IP address access, which most web hosts don’t allow.

If you wanted the targeted computer to redirect to a web server hosted on your computer, you would simply set up an Apache webserver, and create a small simple website, hosted on your computer. The webpage they would be redirected to could be anything you would like.

How to prevent DNS Spoofing

1.Maintain the DNS software Up-to-Date.
2.Allow updates and zone transfers from trusted sources.
3.Maintain a Separate DNS server for public services and for internal services.
4.Use secure key for signing the updates recieved from other DNS server.
(infosecawareness.in/sysadmin/dns-spoofing)

Summary
DNS Spoofing is a dangerous modern hacking technique which can be found in coffee shops, malls, and many other public places in which Wi-Fi is widely available. Its important that you brace yourself with the knowledge of how DNS Spoofing works, so you can better know how to protect yourself against it.

Advertisements

2 thoughts on “DNS Spoofing – Hacking Technique

  • May 30, 2015 at 12:08 pm
    Permalink

    Howdy! Would you mind if I share your blog with my twitter
    group? There’s a lot of folks that I think would really enjoy your content.
    Please let me know. Many thanks

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Advertisements
%d bloggers like this: