Information Technology | Softwares - Graphics - Programming - Hacking - Security

Mar 26, 2018

DNS Spoofing with Ettercap - Hack another's account in LAN? | Ngộ độc DNS trong mạng LAN

DNS Cache Poisoning (DNS Spoofing) is a form of computer security hacking in which corrupt Domain Name System data is introduced into the DNS resolver's cache, causing the name server to return an incorrect IP address. This results in traffic being diverted to the attacker's computer.
It also is an attack whereby a host with no authority is directing a Domain Name Server (DNS) and all of its requests. This means that an attacker could redirect all DNS requests, and thus all traffic, to attacker's machine, manipulating it in a malicious way and possibly stealing data that passes across.

How to perform with Ettercap:
First, open terminal and open file conf with leafpad, gedit or nano, type "leafpad /etc/ettercap/etter.conf". You also can search link of this file with "locate etter.conf"
In etter.conf file, you can see under [privs] part, edit uid and gid numbers to 0 like this:

Next, keep scroll down until you find heading that says Linux. Under "if you use iptables:" line, remove both "#".

Ok now we're done with the configuration. Next, on terminal type: leafpad/etc/ettercap/etter.dns to open etter.dns with leafpad.
Change microsoft link by your link, eg facebook. and after that's your IP. type "Ifconfig" to show your IP.
Now you need to start Apache to accept incoming traffic. "service apache2 start".

Now let's open Ettercap. You can do it with the cool way using Terminal. But i'm going to teach you the way using Graphic version. Type: ettercap -G

Click Sniff > Unified sniffing… and select your network. Wlan0 if you're connecting by wifi, eth0 if you're connecting by wire.

Then quickly click Start > Stop sniffing because it automatically starts sniffing after you press OK but you don't want that.
Now you want to scan for targets on your network. Go to Hosts > Scan for hosts and wait.
Go back to Hosts and select Host list to see all the targets that Ettercap has found.

Now you add victim's IP to Target1 and gateway IP to Target2. Select them and click "add to target"

Click on the MITM tab and select ARP poisoning, choose Sniff remote connections and press OK.
Now go to Plugins > Manage the plugins and double click dns_spoof to activate that plugin.

Now open folder /var/www/html you will see the index.html page. You can alter the document to your needs, changes will take effect instantly.
Let's start the attack. Go back to Ettercap and select Start > Start sniffing.
From now every single time the victim visits the webpage you indicated in the etter.dns file (eg facebook)
Now you know how DNS spoofing works and, most importantly is how to protect yourself from it. You can use XArp, ArpON or Snort, Check ping with cmd on Windows Os.

You can combine multiple skill at the same time to attack victim:
Ettercap + BeEF
Ettercap + Setoolkit
Ettercap + BeEF + Metasploit

About Us