metasploit browser dns spoof help!!!
I have posted this question a few weeks ago and had no replies?????
Here we go again, I think its a valid question and decent idea.
A lot of msf attacks present us with an url for the browser to be exploited right? We also need to send link to target for the link to be clicked and exploit run.
Links are hardwork nowadays nobody clicks them especially bit.ly, tiny url ect.
So far i have got dns spoofing working on (example) http:\\192.168.0.19:80 by way of the etter.dns file as follows:
*com A 192.168.0.19
*.co.uk A 192.168.0.19
*.net A 192.168.0.19
etc.... you get the idea, so when the target fires up the browser its exploited straight away without need of the link.
Now the problem is this: how do we get say: http:\\192.168.0.19:80\blahblah.com to dns spoof?
fake update page with link embedded into download button? fake update page is served on port 80 so wont work .
Can i edit the etter.dns further to :
*com A 192.168.0.19:8180\blahblah.com
*.co.uk A 192.168.0.19:8180\blahblah.com
*.net A 192.168.0.19:8180\blahblah.com