How to Spoof a DNS
A Domain Name System is a service which translates IP address to domain name and domain name to IP address. DNS spoofing is when a hacker redirects a website user to a malicious website. In this tutorial I will be showing you how to perform one of these attacks and redirect a Facebook user to a fake website.
Disclaimer: Before I go over the steps to do this I’d like to note that attacking someone’s network, computer or website without their permission is illegal in the United States and in most countries. In the U.S. it is technically only illegal when used with malicious intent, hence testing this on your OWN device or on someone’s who has ALLOWED you is perfectly acceptable and legal. Because of the potential unethical uses, many popular attackers (Anonymous) have either been or are currently in Federal prison. Do not be unethical.
*Windows or Linux
*A target machine
In this guide, we will be executing a LAN attack. I will also be using Kali Linux for my attacking machine as it is the best all-in-one hacking suite and Windows as the target. The first step it to check the target IP address by running a quick scan. The command is “nmap -sS (IP address range)”. This process may take some time.
The tool we will be using in this guide is Ettercap. But before that we need to edit a file. The file name is etter.conf which is found in /etc/ettercap/etter.conf
Open a terminal and type in “gedit /etc/ettercap/etter.conf” You will see files opened in the Gedit text editor.
Here you have to edit the ‘uid’ and the ‘gid’. Replace the amount with ‘0’. Scroll down and search for Linux. Here you will edit the ‘#’ sign and remove it. Just remove it, dont add ‘0’ or anything. Save the file and exit.
Now you need to open Ettercap. Open a terminal and type in “ettercap -G”. This will give you the GUI tool Ettercap which is used to do lot of things in Kali Linux.
Go to ‘sniff’ in the menu bar and select ‘unified sniffing’. This will ask for which adapter or interface you want to sniff. Mine is eth0. So I will say OK. If you are on Wi-Fi, you may want to select WLAN. The sniffing process will automatically start. You don’t want that yet. So you will need to stop the sniffing for now.
Now it’s time to scan the network. Go to “Hosts” and select ‘scan for hosts’. When the scan is complete, go back to to “Hosts” and select “Hosts List”. This will show you the computers that are alive in your network.
Now it’s time to select your target. If you are following this tutorial exactly, there will be two targets here. One is the target (Windows) machine and the other, your gateway. If you don’t know your gateway IP address, then open a terminal and type “route”. This will show you the gateway of your network.
Select your target by clicking on the target IP.
Add your gateway (ie 192.168.80.1) then click on it and click on ‘add to target 1’
Do the same to your target IP address but this time I click on ‘Add to Target 2’
Go to MITM in the menu and select ‘ARP poisoning’. After selecting you will get an option tab and you have to select “Sniff remote connections”
Now move to the ‘Plugins’ tab and select “Manage the plugins”. Here, you will have to select which plugins to use. Select “dns-spoof” because you are spoofing the DNS. The process will complete after we edit another file which will be the Host File.
Open another terminal and type “gedit /etc/ettercap/etter.dns”. This will open up the host file. This file contains the codes where it controls which site should be redirected to which site. Scroll down and search for “Microsoft Sucks”
Here if the user wants to access the microsoft website, the spoof will redirect him to www.linux.org. Also, know that yes, Microsoft does suck..
Now you will edit a few lines. Remove the last line which says “www.nicrosoft.com PTR 126.96.36.199 # wildcards in PTR are not allowed” and replace the microsoft.com with facebook.com. Don’t edit anything else.
There is now an IP address. We have to change it with our IP. If you dont know your IP address then open a terminal and say “ifconfig”. Now, replace the IP address. Remember that the space between the elements is a tab. Not a space. Use tab if incase your edit goes wrong.
Save the file. This will redirect the facebook site to your IP. Just for the record, this is an HTTP attack so some browsers can block it.
You need to edit another html file which is located in computer /var/www/html. It is the index.html file.
Open the file with gedit and delete everything inside. Just type in a new code which says something like “<h1> Welcome to Hacking Monks </h1>”
Save the file and exit.
Now you’re gonna need to start your Apache server. Open another Terminal and put “service apache2 start”.
It’s finally time to conduct the attack. Go to Etercap and start sniffing.
Go to the target machine and try to access the facebook website. Let’s see what happens.
If everything is successful you will be redirected to your fake website. This is DNS spoofing and you are now officially a pain in the ass. Congratulations.