Morioh
Login
Arno Bradtke

Arno Bradtke

3 years ago

This tutorial will require a basic understanding of how DNS works.

DNS Basics

DNS (Domain Name System) provides a mapping between a human readable domain name like reply.com to an IP address. Imagine having to advertise your business or browse to sites using IP addresses. It would be a painful experience using IPv4 addressing, but with IPv6 it would be near unusable. DNS resolution provides essential functionality for the Internet to work.

Your device (desktop, laptop, tablet, phone etc.) will all have DNS servers configured. For example Google’s public DNS servers are 8.8.8.8 and 8.8.4.4.

kali@kali:~$ nslookup

> server 8.8.8.8
Default server: 8.8.8.8
Address: 8.8.8.8#53
> reply.com
Server:  8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: reply.com
Address: 45.60.1.11
Name: reply.com
Address: 45.60.5.11

nslookup” is a tool to test DNS resolution. If you don’t provide a DNS “server” it will use your system DNS settings but you can override it using the “server” command. I’m configuring it to use 8.8.8.8 which is Google’s primary public DNS server. I then typed in “reply.com” which resolved to the IPv4 address 45.60.5.1.11. The IPv4 address will be used to route your request from your device to the web server hosting the Reply website. I’m simplifying the explanation here but at a basic level this is what is happening.

Now here is the problem…

What if it were possible to somehow hijack the client’s DNS request. So instead of the official DNS server responding that 45.60.5.11 is the IP address of the web server hosting the Reply site but rather 192.168.1.2 which is the address of my Kali server on my LAN. That’s a real problem!

My internal IP address of my Kali server isn’t publicly routable but that doesn’t mean you couldn’t make it available over the Internet using a DMZ, cloud instance, VPN etc. For the purpose of this tutorial and to just demonstrate the technique I’m going to use my local Kali server.

If you were somehow able to gain access to the victim’s router you could include your attack DNS as the first DNS server in the list. That would mean provided it was up it would be queried first, then the real DNS servers. The victim would actually be none the wiser that an additional DNS server had been added and even if they saw it would they even question it.

Think of all the home routers which actually have the login credentials for the router on the router itself! What if you were able to gain access to a victim’s device using an exploit discussed in my other article, “Ethical Hacking (Part 7): Metasploit Penetration Testing Framework”. There are many ways this can be done but I’m just giving you some food for thought.

#dns-hijacking #setoolkit #kali-linux #credentials #linux

Ethical Hacking: DNS Hijacking & Credential Harvesting

levelup.gitconnected.com

Ethical Hacking: DNS Hijacking & Credential Harvesting

Ethical Hacking: DNS Hijacking & Credential Harvesting. This tutorial will require a basic understanding of how DNS works.

3.40 GEEK