Phishing vs DNS Poisoning / Spoofing

Today I am going to explain about another cool experiment done by me. That is a DNS Poisoning (or Spoofing) attack. So let's start,

Before the start I like to compare the Phishing attack and the DNS Poisoning attack. As we know Phishing is a well known method armed with Social Engineering to steal sensitive information by using bait (Compromised URL or Link). In the DNS Poisoning, the process is likely same, but not exactly the same.

When we are talking about Phishing web pages there is a main weak point, Phishing web pages can not serve under genuine domain addresses, (There are methods by using Cross-site Scripting but I am not going to talk about that.) but when talking about DNS Poisoning, hackers can serve malicious web pages under genuine domain addresses. So that is very hard to identify these kind of attacks.
Image Reference: https://www.imperva.com/learn/application-security/dns-spoofing/

Now I am going to talk about how to perform these kind of attacks. To success this process, the hacker needs to accomplish several things.
  1. First thing is hacker need to host a common phishing like a malicious web page to save a login credentials (or any other sensitive information)
  2. After that, the hacker need to do something (by using malware or compromised local DNS Server) to modify DNS records in victim end. So he can point the targeted genuine domain address of the malicious web page.
So how this is working, when the victim tries to access the targeted web site, the domain name must resolve to the appropriate web server, but with that modified DNS records now this domain name address is resolving to the hacker's malicious web page. So victim haven't any idea about what is going on the back side because even domain name address is correct.

The worst case is even self signed SSL Certificates could use for this kind of attacks. If that so probably SSL Certificate errors should pop up in the web browser but with Social Engineering methods hackers able to get rid of that.

Now I think you have some idea about this method. At last I want to say I was doing this in my own local area network, which is I had full permission to do anything I want, but don't try to do this in any unauthorized networks or to do harm anyone.


Comments

Post a Comment

Popular posts from this blog

[Python] [PHP] Spoofed E-Mail Sender (SEMS)

Image
Today I am going to present to you another free time fun project done by me to spend my free time. This is a Spoofed E-Mail Sending tool. Unlike other tools, this tool is using a PHP mail() function to handling E-Mails, so this tool required PHP mail() function enabled hosting service for hosting mail handler. Before using this tool, you must host the two files (index.php and send.php) in the mailhandler folder. This hosting service must have PHP mail() function enabled. Otherwise, this tool won't work. After that, this tool will be asked for the mail handler URL (Only for the first time). So, you have to copy the URL of the hosted send.php file and paste it on the input. How to use this Tool Usage: usage: python3 sems.py [-h] [--sN SN] [--sE SE] [--rE RE] [--sub SUB] [--msg MSG] Simple Port Scanner for scanning TCP ports in target hosts optional arguments: -h, --help show this help message and exit --sN SN Sender Name (Eg: "John Cena") -
Read more

Computer Hacking with Arduino UNO

Image
Today I am going to explain another cool experiment done by me. Did you guys ever think about Computer Hacking with Arduino? Yes, that is possible. Most people are misunderstanding Arduino with a Rasberry-Pi. There are lots of differences between the Arduino board and the Rasberry-Pi. An Arduino is a Microcontroller motherboard while a Raspberry-Pi is a general-purpose computer. That means an Arduino can only run one program at a time while a Raspberry-Pi usually with an operating system so that can run multiple applications. I think that explains it is enough to understand the difference between the Arduino and the Rasberry-Pi. This is my Arduino UNO (ATmega16U2) In this experiment, I am using an Arduino UNO board because I only have that board at this time. My final target is a sending some preloaded commands in the Arduino board to my computer through a USB Cable. In default, this Arduino UNO board is not supported for this kind an activity, so I have to do some modifi
Read more

[Batch] WiFi Password Viewer

Image
Today I am going to present you another free time fun project done by me to spend my free time. Actually, this is not a big deal. I am simply automated very known command. All of you know we can view saved WiFi Profiles by using the following command netsh wlan show profile <target-ssid> key=clear So, I make this easier by creating an automated batch file. Someone thinks this is useless, but if you are Batch script lover then you will definitely love my project because I added colours for that and also able to give an option for Run as Administrator. These are my codes: @echo off title WiFi Password Viewer :start cls echo. echo [7mWiFi Password Viewer v1.0 [0m echo -------------------------------- echo Author : [41;93mArea Master [0m echo Website : [44;93mWidane Forums [0m echo Link : https://www.widane.com echo -------------------------------- echo. echo 1 - Run as Administrator [91m(Recommended) [0m echo 2 - View all saved WiFi profiles echo 3 - View passwor
Read more

Just made into the Github Arctic Code Vault

Image
Just found out 'Arctic Code Vault Contributor' badge on my GitHub profile. There are two of my repositories made it to the Github Arctic Code Vault. So my codes will be preserved for the next 1000 years. My GitHub profile >> https://github.com/clasiru More about GitHub archive program >> https://github.blog/2020-07-16-github-archive-program-the-journey-of-the-worlds-open-source-code-to-the-arctic/
Read more