MITM/DNS

From charlesreid1

Revision as of 07:26, 23 August 2016 by Admin (talk | contribs) (Created page with "=DNS Attacks= So what is DNS anyway? DNS is domain name resolution protocol - it's how names like "yahoo.com" get turned into IP addresses like "10.20.30.40". It's a fundamen...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

DNS Attacks

So what is DNS anyway? DNS is domain name resolution protocol - it's how names like "yahoo.com" get turned into IP addresses like "10.20.30.40". It's a fundamental part of the way the internet routing system works.

DNS Hijacking

DNS Hijacking consists in modifying the way the sheep's DNS system works. This can be achieved at multiple levels (e.g., at the system level, by breaking into and modifying the client's system to permanently point to a pirate DNS server; or at the network level, by conducting a MITM attack on DNS requests.) By poisoning routes, the attacker receives the sheep's DNS requests and can respond to specific DNS requests from the sheep to a destination of the attacker's choosing.

See #EvilFOCA tool below.

Tools

EvilFOCA

Main article: EvilFOCA

Link: https://github.com/ElevenPaths/EvilFOCA

Tool for conducting various DNS attacks (and other types of attacks)

  • Capable of conducting DHCP ACK Injection - attacker monitors DHCP exchanges, interferes by sending packets, attacker acts as fake DHCP server
  • DNS Hijacking - hijacking the shee's DNS channel to control where the sheep's requests point them

Flags


Defcon.png
monkey in the middle attacks
in which an attacker tricks two parties into thinking they're communicating with each other, but both are communicating with the attacker.

MITM

Wireless Attacks: MITM/Wireless

Wired Attacks: MITM/Wired


Layer 1 and 2 MITM Attacks:

MITM/Layer 1 and 2

Network Tap: MITM/Wired/Network Tap

Evil Twin Attack: Evil Twin  · MITM/Evil Twin


Layer 3 and 4 MITM Attacks:

MITM/Layer 3 and 4

Traffic Sniffing: MITM/Sniffing

ARP Poisoning: MITM/ARP Poisoning

Traffic Injection/Modification: MITM/Traffic Injection

DNS Attacks: MITM/DNS  · Bettercap/Failed DNS Spoofing Attack  · Bettercap/Failed DNS Spoofing Attack 2

DHCP Attacks: MITM/DHCP

WPAD MITM Attack: MITM/WPAD

Port Stealing: MITM/Port Stealing

Rushing Attack: MITM/Rushing Attack

Attacking HTTPS: MITM/HTTPS


Layer 5 MITM Attacks:

Session Hijacking: MITM/Session Hijacking


Toolz:

Ettercap  · Bettercap  · MITMf  · EvilFOCA

Wireshark  · Aircrack

Dsniff  · Arpspoof  · Dnsspoof

SSLSniff  · SSLStrip  · Frankencert

Driftnet  · Karma


MITM Labs: {{MITMLabs}}


Category:MITM  · Category:Attacks  · Category:Kali Attack Layers

Template:MITMLabs  · Template:MITMFlag

Flags  · Template:MITMFlag  · e




Retrieved from "https://charlesreid1.com/w/index.php?title=MITM/DNS&oldid=13143"