NEW: We have a Discord server now. Click here to go there now!

NOTE: Why not use our List Manager to crack your lists? Its easy and enables better management.

NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - Wireless Cracking - DNSspoof


11 Results - Page 1 of 1 -
1
Author Message
Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 2982 Reputation
Offline
Thu, 05 Dec 2013 @ 18:46:45


I am having some problems with DNSspoof in kali and I wondered if anyone here has expericance with it.

I have noticed that if the web address has a / in it then DNSspoof does not work.


example

google.com

will be redirected

google.com/anything here

will not be redirected.

Its all to do with if there is more to the address, domain/page etc.

I tried with these in the config

192.168.1.100 *
192.168.1.100 mail*
192.168.1.100 *.html
192.168.1.100 *.htm
192.168.1.100 *.com
192.168.1.100 *.co.uk

I even tried it without specifying a config file as the man page said DNSspoof would then redirect ALL requests. This still didn't work.

Is this a known bug ?


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
fruc

Status: n/a
Joined: Thu, 18 Apr 2013
Posts: 18
Team:
Reputation: 15 Reputation
Offline
Wed, 15 Jan 2014 @ 16:09:21

I might be wrong on this and please feel free to correct me if i am but,
its not a bug actually if i understand correctly because DNS (Domain name server) is just for resolving the ip into the hostname so basicaly the google.com and google.com/anything will be on the same ip

But when requesting an ip you get to the main page google.com

The only way i can think of when doing that is examining the packets (if it goes to google.com redirect to google.com/anything by changing the packets you send to the router in im guessing MITM attack)


Avatar
blandyuk
Administrator
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3205
Team: HashKiller
Reputation: 7744 Reputation
Online
Wed, 15 Jan 2014 @ 18:01:33

fruc this is not always the case, you can configure using a DNS Round Robin:

http://en.wikipedia.org/wiki/Round-robin_DNS

So the IP you get for google.com will not always be the same for everyone else. Google will do this based on location, hence their ping times are always good regardless of what country your in. They have data-centers everywhere!


Please read the forum rules | Please read the paid section rules

Avatar
fruc

Status: n/a
Joined: Thu, 18 Apr 2013
Posts: 18
Team:
Reputation: 15 Reputation
Offline
Thu, 16 Jan 2014 @ 16:11:09

I agree for that in general but thats not up to us to decide what ip we will use , if one server is full (im guessing) he will just stop accepting and some other google server will jump in instead.

But what we can do when DNS Spoofing is just getting the google ip (currenctly) since he is probable within the same network chances are same google server will be used. I simplified things here a bit but usually i didn't have the need to complicate things more


Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 2982 Reputation
Offline
Fri, 17 Jan 2014 @ 15:15:15

fruc said:

I might be wrong on this and please feel free to correct me if i am but,
its not a bug actually if i understand correctly because DNS (Domain name server) is just for resolving the ip into the hostname so basicaly the google.com and google.com/anything will be on the same ip

But when requesting an ip you get to the main page google.com

The only way i can think of when doing that is examining the packets (if it goes to google.com redirect to google.com/anything by changing the packets you send to the router in im guessing MITM attack)

I understand what you are saying and what you say is how I would expect it to work. My question or problem is that it doesn't seem to work like that for me.

I want google.com and google.com/anything to both be redirected to the same IP. Unfortunately for me this isn't happening which is why I think it may be a bug.

Yes it is for a MITM attack, if the test machines browser requests google.com it is sent to my test page, if I use a bookmark on the test machine for example google.com/anything it does not get directed to my test page.


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
fruc

Status: n/a
Joined: Thu, 18 Apr 2013
Posts: 18
Team:
Reputation: 15 Reputation
Offline
Tue, 21 Jan 2014 @ 17:55:14

Im sorry im a bit late to answer but damit Hashit cant see your name when you answer =D

Hows the config file looking ? for the DNS ?

Remember it needs too have something like this

Code:

site.com      A   IP_TO_REDIRECT_TO
*.site.com    A   IP_TO_REDIRECT_TO
site.com  PTR IP_TO_REDIRECT_TO



Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 2982 Reputation
Offline
Tue, 21 Jan 2014 @ 18:00:04

fruc said:

damit Hashit cant see your name when you answer =D

Huh ???

fruc said:


Hows the config file looking ? for the DNS ?

I can't copy and paste it now as it is on another computer but the config file is ok, thanks for thinking to check it.


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
fruc

Status: n/a
Joined: Thu, 18 Apr 2013
Posts: 18
Team:
Reputation: 15 Reputation
Offline
Tue, 21 Jan 2014 @ 18:03:43

No i was just thinking that when u redirect all the trafic
from site.com and site.com/smth

You need to have both the pointer to the site , anything before it related (books.google.com for example or smth like that) as well as site.com
3 lines in (if your using ettercap i imagine) etter.dns for every redirected site

EDIT
omit a line and it is possible that the user is not redirected i imagine ettercap did it to redirect to different websites in different areas of sites


Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 2982 Reputation
Offline
Tue, 21 Jan 2014 @ 20:49:39

Ahh, I'm not certain but it sounds like you are saying that the wildcard only works as a prefix to the site name not after ?

I assumed that ...site.com*... would have caught ...site.com/smith... (which doesn't happen).

You are saying that I actually have to have ...site.com/smith ...in the config and not just ...site.com*

This is a bit of bad news for me if I understand what you are saying correctly. Is there a way to just re-direct everything ?


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
fruc

Status: n/a
Joined: Thu, 18 Apr 2013
Posts: 18
Team:
Reputation: 15 Reputation
Offline
Tue, 21 Jan 2014 @ 23:04:43

No need to write site.com/smith in the dns config file (i think you would even get an error if you do)

But the usuall *.site.com,site.com and pointer site.com should fit in. Could be im wrong, but just check the .conf if it contains all three parts of redirections and then try it again :)) , and if it does contain but still doesn't redirect than its going to be fun.

That should contain all the subdomains and main domen as well as the pages on them.


Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 2982 Reputation
Offline
Wed, 22 Jan 2014 @ 14:18:17

fruc said:


and if it does contain but still doesn't redirect than its going to be fun.

This is the stage I am at Lets just say this is fun !



Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E


11 Results - Page 1 of 1 -
1

We have a total of 212227 messages in 26024 topics.
We have a total of 23022 registered users.
Our newest registered member is guy426.