Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

This tutorial is meant to be purely educational. By reading this tutorial, you agree that you will not replicate the steps I have listed below on ANY Wi-Fi but your own; and you will not use these techniques to manipulate the web requests of anyone but yourself without the proper consent. If you haven’t already, please read the Help Docs/Rules before commenting below. Thank you.

Overview of Tutorial:
1. Getting an understanding of DNS Spoofing.
2. Tools and requirements.
3. Downloading and set-up.(Sub section)
4. Performing a DNS Spoofing attack.
5. How to prevent DNS Spoofing.
6. Recap

Getting an understanding of DNS Spoofing.
Wikipedia defines “DNS spoofing” as the following:
“DNS spoofing (or DNS cache poisoning) is a computer hacking attack, whereby data is introduced into a Domain Name System (DNS) resolver’s cache, causing the name server to return an incorrect IP address, diverting traffic to the attacker’s computer (or any other computer).”
en.wikipedia.org/wiki/DNS_spoofing

To put it short, by the end of this tutorial you will be able to manipulate web requests on your OWN wireless network. For example: if your targeted computer tries to reach http://www.facebook.com, you can manipulate the web request to redirect the targeted computer to send a web request to a web server hosted on your computer, stating that facebook.com is blocked on your Wi-Fi, or redirect someone to your own version of http://www.facebook.com which has a much cooler GUI than the original.

Tools and Requirements.
[+]Cain and Abel
[+]Windows Operating System (or Windows virtual machine)
[+]Note taking application

Downloading and set-up (detailed)

#1 – Downloading Cain and Abel
Info: Cain and Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

Download Link: http://www.oxid.it/cain.html

Directions:
Upon navigating to the link, you will find a webpage that looks something like this:

[Image: Ofpv2eu.png]

You want to select the option that reads: “Download Cain & Abel v4.9.56 for Windows NT/2000/XP”.

When the file has completed downloading, you want to take the following measures to ensure Cain and Abel is ready for use:
1. Disable the windows firewall
2. Always run Cain and Abel as administrator (you may want to enable this in the property section of the application.)
3. Make sure you are connected to the desired wireless network (DO NOT USE THIS ON ANY NETWORK BUT YOUR OWN)

Performing a DNS Spoofing attack

Step 1: Start up Cain and Abel
(Make sure Cain is running with administrative privileges and the Windows firewall is disabled)
[Image: cTpr5vH.png]

Step 2: Navigate to the “Sniffer” tab, enable the “sniffer”, and start a scan on your network (using the plus icon and pressing start scan) (this will locate the IP addresses of all devices on your network, as well as the mac address and OUI footprints).
[Image: FOILa1J.gif]

Step 3.
Once you find all the IP address listed, its now your job to locate which IP address is your router, and which one is your targeted computer.

For example:
My router’s IP address is: 192.168.1.1
While my targeted computer’s IP address is: 192.168.1.7

Step 4.
Now its time to begin ARP on your selected computer and redirect traffic!

Firstly, select the ARP tab on the lower tab set.
[Image: V7ryFpO.png]

Second, you want to click inside of the upper tab set on the ARP tab.
[Image: C0iEwHi.png]

Step 5.
This will enable the plus button on the options menu above. After this is enabled, you want to click the plus button.
Upon doing this, you will be prompted by a selection module. which will ask you to select two IP addresses. If you were paying attention up to now, that is where those two previous IP addresses you wrote down come into use.
In the first selection box, you want to select your routers IP address. In my case, its 192.168.1.1
Yours may be different.

After clicking your routers IP address, the next selection module will load a series of results. The results are all the other IP addresses associated with your router. This is where you will select one or more of the IP addresses as the targeted computer. The targeted computer can be any OS; including phones, tablets, Linux, OSX, Windows, or any other which has the ability to communicate with the internet.

[Image: uhGceUV.gif]

Step 6. Click the ARP button to activate the ARP poisoning.
[Image: xDtKSTv.png]

Step 7.
Once poisoning is activated, navigate to the tab on the left titled, “ARP-DNS”.
[Image: cb7jUcA.png]

Step 8. Add your entry.

Begin by right clicking on the ARP-DNS form. This should prompt you with a selection menu. The options include: “Add to List”, “Edit”, “Remove from List”, “Remove All”. You want to select “Add to List”.

A form should prompt you to enter in the desired information.
(And of course, pictures are provided)
[Image: ZW6cT4M.png]

For mine, I entered in facebook.com, and my IPv4 for the address to redirect packets to.

Step 9.
Have the targeted computer try to access the “DNS Name Request” you entered in ARP-DNS. For me, it was http://www.facebook.com

If you did it right, the connection will time out, since there is no server to be accessed on your IP address (or maybe there is, its none of my concern).

If you wanted the targeted computer to be redirected to a different website, like google, or yahoo answers or some shit, you would simply resolve the IP address of that website and enter it into the box in ARP-DNS. This will work, assuming that the website allows direct IP address access, which most web hosts don’t allow.

If you wanted the targeted computer to redirect to a web server hosted on your computer, you would simply set up an Apache webserver, and create a small simple website, hosted on your computer. The webpage they would be redirected to could be anything you would like, but nothing illegal Nono

How to prevent DNS Spoofing.

How to Prevent It:
1.Maintain the DNS software Up-to-Date.
2.Allow updates and zone transfers from trusted sources.
3.Maintain a Separate DNS server for public services and for internal services.
4.Use secure key for signing the updates recieved from other DNS server.
(infosecawareness.in/sysadmin/dns-spoofing)

Recap
DNS Spoofing is a dangerous modern hacking technique which can be found in coffee shops, malls, and many other public places in which Wi-Fi is widely available. Its important that you brace yourself with the knowledge of how DNS Spoofing works, so you can better know how to protect yourself against it.
Don’t learn to hack, hack to learn.

www.extremehacking.org
Sadik Shaikh | Cyber Suraksha Abhiyan, Ethical Hacking Training InstituteCEHv9,CHFI,ECSAv9,CAST,ENSA, CCNA, CCNA SECURITY,MCITP,RHCE,CHECKPOINT, ASA FIREWALL,VMWARE,CLOUD,ANDROID,IPHONE,NETWORKING HARDWARE,TRAINING INSTITUTE IN PUNECertified Ethical Hacking,Center For Advanced Security Training in India, ceh v9 course in Pune-India, ceh certification in pune-India, ceh v9 training in Pune-IndiaEthical Hacking Course in Pune-India