|
Learning Kali Linux Pdf ko'rish
|
bet | 73/225 | Sana | 14.05.2024 | Hajmi | 22,59 Mb. | | #232856 |
Bog'liq learningkalilinuxDNS Spoofing
One solution to the issue of needing to capture traffic that may be outside the local
network is using a DNS spoofing attack. In this attack, you interfere with a DNS
lookup to ensure that when your target attempts to resolve a hostname into an IP
address, the target gets the IP address of a system you control. This type of attack is
sometimes called a
cache poisoning attack
. The reason for this is that what you may do
is exploit a DNS server close to your target. This would generally be a caching server,
meaning it looks up addresses from authoritative servers on your behalf and then
caches the answer for a period of time determined by the authoritative server.
Once you have access to the caching server, you can modify the cache that’s in place
to direct your targets to systems that you control. You can also include any entries
that don’t exist by editing the cache. This would impact anyone who used that cach‐
ing server. This process has the benefit of working outside the local network but has
the disadvantage of requiring you to compromise a remote DNS server.
Perhaps easier, though still requiring you to be on the local network, is the program
dnsspoof
. When a system sends out a DNS request to a server, it expects a response
from that server. The request includes an identifier so it is protected against attackers
sending blind responses. If the attacker can see the request go out, though, it can cap‐
ture the identifier and include it in a response that has the IP address belonging to the
attacker.
dnsspoof
was written by Dug Song many years ago, at a time when it may
have been less likely that you would be on a switched network. If you are on a
switched network, you would have to go through the extra step of grabbing the DNS
messages in order to see the request.
Running
dnsspoof
is easy, even if preparing for running it may not be. You need a
hosts file mapping IP addresses to hostnames. This takes the form of single-line
entries with the IP address followed by spaces and then the hostname that is meant to
be associated with that IP address. Once you have the hosts file, you can run
dnsspoof
,
as you can see in
Example 2-14
.
|
| |