This days we're doing lots of research on DNS Poisoning attack and system Hijacking, DNS Poisoning attack is one of the mine favorite attacks in networking Hacking and Systems Hijacking. DNS Poisoning is really very dangerous attack. Suppose an attacker create a DNS Changer Malware and send it to any server or Computer, then he can do anything on Victim's System. Well, today I'll teach you deeply about DNS Poisoning, What can you do with it ?, How to do ? , How to prevent it ?, etc. I'm sure you gonna like it and Enjoy.
----------------------------------------------------------
# What is DNS Poisoning ?
----------------------------------------------------------
----------------------------------------------------------
DNS (Domain name service or system) is also called Cache Poisoning in Domain Name and Corrupt the Internet Server or Provider. Basically an attacker will Inject any other IP address of website in DNS and Replace it with different IP and Web Server Domain name, so simply the domain and IP will create a loop holes and redirect user to the IP address with the Domain name.
# An Attacker can do following attacks using DNS Poisoning.
- System and Server Hijack
- Phishing
- Force downloading
- Complete Change Webpage and URL
- URL Poisoning
- Spreading botnets and malwares etc.
- Deface website
------------------------------------------------------------------
# DNS Poisoning Tutorial
------------------------------------------------------------------
Okay, I know some peoples won't understand any computer tricks or hacking techniques until they do manually and learn it, coz above theory is just explanation of DNS Poisoning attack, and now in below's paragraph I'll teach how DNS Poisoning attack works and how can an attacker hijack sessions and Perform different types of Attacks in Systems.
------------------------------------------------------------------
Okay, I know some peoples won't understand any computer tricks or hacking techniques until they do manually and learn it, coz above theory is just explanation of DNS Poisoning attack, and now in below's paragraph I'll teach how DNS Poisoning attack works and how can an attacker hijack sessions and Perform different types of Attacks in Systems.
Note : This is for Educational Purpose only.
All-right, So here I'll show you tutorial on Windows OS. How can an attacker Poison your System and perform many types of Hacking. Listen, I'll teach you this attack on your system so you can understand, I won't give you DNS Changer malware it's very risky to give away DNS Changer malware. So if you want to learn this attack you've to make your own System as Target. First of all, I'll teach this attack to Windows users to understand and be definite to perform this attack.
----------------------------------------------------------------------
1. DNS Poisoning - Windows OS
----------------------------------------------------------------------
It's very easy to DNS Poison windows user but it's really very hard to perform same thing without DNS Changer malware, Okay let's start but before starting we will learn little bit about "Hosts" file.
# Hosts File : The Hosts file is the computer file used in an Operating system to map hostnames to IP addresses and to locate IP to Web server Domain Name. Whenever any users type www.google.com in address bar and hit Enter then the foremast duty of browser is to scan hosts file and then only it proceeds. Hosts file really very useful file for OS.
Check out below's example of how web browsers work and Proceed with reading article and you'll notice that DNS has a main role in Networking
So, I hope by looking at above picture you can understand how web browsers works, I've one request to look once again on Step 3 and 5 ... Got it ?? well lemme explain in step 3 the browser was searching for Google.com and in Step 5 it is searching for domain name IP. : What if an attacker changes Domain name IP with different IP of any other bogus website then browser will confuse and redirect any normal user to Different website with different Domain name, that's what we call DNS Poisoning attack.
Okay, let's do it manually on your own system :
------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------
Note : This tutorial is performed manually, and if you want to poison your victim's DNS then you'll need DNS Changing malware that I can't give away link, if you want then comment your E-mail in comment Box and I'll send you. (It's very risky we've to keep records)
------------------------------------------------------------------------------------------------------------------------
# Manually DNS Poisoning tutorial
- All-right you might know that, we've to modify hosts file to Poison victim's computer DNS.
- Click on Start Button , type "Notepad" right click on it and "Run as administrator"
- A Blank Notepad program pop-ups, Now click on "File" > "Open" and Locate to hosts file > C:\Windows\System32\drivers\etc Click on "All files" and you'll see 4 files in that folder.
- Now, Choose "hosts" file and open it.
- After all we have to modify this file. Go to bottom of the page and Hit enter to get new Line.
Now, How to Modify Hosts file, Just add two lines at the end like this :-
After writing that two lines Save it.
So, Now let's understand meaning of that two lines :
------------------------------------------------------------------------------------------------------------------------
31.12.80.1 is the IP of facebook with the domain name of Google.com. Just try to understand the statement meaning.
Here, we entered the IP of Website for Eg. 31.12.80.1 of facebook and we wrote domain as Google.com, Now....! whenever you'll search for google.com in your browser it will redirect you to IP of Facebook that means if any normal user will search for google.com he'll directly redirect to facebook.com without any knowledge. You can also change the IP and Domain, Suppose if you want to Poison your victims Computer DNS that redirects him from yahoo.com to any bogus website or Phishing website, then Ping yahoo.com get it's IP and Write it in Hosts file and replace domain name with your own Phishing page. If you want to know more about Phishing through DNS Poisoning then you might like my previous post on "Hacking Facebook using DNS Poisoning".
------------------------------------------------------------------------------------------------------------------------
Share it and Feel free to Comment :)
No comments:
Post a Comment