36 Chapter 3
Mapping Your Own IP Addresses A special file on your system called the hosts file also performs domain name–
IP address translation. The hosts file is located at /etc/hosts, and kind of as with
DNS, you can use it to specify your own IP address–domain name mapping.
In other words, you can determine which IP address your browser goes to
when you enter www.microsoft.com (or any other domain) into the browser,
rather than let the DNS server decide. As a hacker, this can be useful for
hijacking a TCP connection on your local area network to direct traffic to a
malicious web server with a tool such as
dnsspoof
.
From the command line, type in the following command (you can sub-
stitute your preferred text editor for
leafpad
):
kali >leafpad /etc/hosts You should now see your hosts file, which will look something like
Figure 3-3.
Figure 3-3: A default Kali Linux hosts file By default, the hosts file contains only a mapping for your localhost, at
127.0.0.1, and your system’s hostname (in this case, Kali, at 127.0.1.1). But you
can add any IP address mapped to any domain you’d like. As an example of
how this might be used, you could map www.bankofamerica.com to your local
website, at 192.168.181.131.
127.0.0.1 localhost
127.0.1.1 kali
192.168.181.131 bankofamerica.com
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
Make certain you press
tab
between the IP address and the domain
key—not the spacebar.
As you get more involved in your hacking endeavors and learn about
tools like
dnsspoof
and Ettercap, you’ll be able to use the hosts file to direct
any traffic on your LAN that visits www.bankofamerica.com to your web server
at 192.168.181.131.
Pretty easy, right?