Results 1 to 10 of 10

Thread: DNS spoofing to port 8080 instead of 80?

  1. #1
    Just burned his ISO
    Join Date
    Jul 2010
    Posts
    5

    Default DNS spoofing to port 8080 instead of 80?

    Hey Crew,

    I've been playing with SET and MSF and have run into something I can't figure out. When using the website attack vector--> metasploit browser attack method, metasploit uses port 80 for WebDAV, so SET changes the web server port to 8080. As a result, dns spoofing is useless since it will only redirect to an IP address (and not a URL or IPort).

    So, getting to the point, is there a way to redirect to a port other than 80 when using ettercap/dns_spoof (or any other tool for that matter)? I can't use IPTABLES b/c certain traffic still needs to be routed to port 80. Any Ideas?

  2. #2
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: DNS spoofing to port 8080 instead of 80?

    Keep reading and trying things until it works. If you can't figure it out then take a step back and try to better understand what you are wanting to do and how to go about it.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  3. #3
    Just burned his ISO
    Join Date
    Dec 2010
    Posts
    2

    Default Re: DNS spoofing to port 8080 instead of 80?

    I too have been playing with this for a while and can't seem to find the answer. I am using arpspoof and dnsspoof instead of ettercap but still can't find a solution. I got traffic to flow through my host by using iptables (Prerouting redirect from 80 to 8080), but this prevents all other valid traffic from working. The only thing I thought of was to write a script that continually monitors for requests made to the poisoned site and turns iptables on or off. That however, would be a cluster**** of a script, and adding and deleting chains doesn't seem to be the most efficient way.

    If someone could just post any info about it, rather than a life lesson about learning, that'd be great... Here's my news for you, experienced users are a resource, one can learn from them, not be told to learn somewhere else.

  4. #4
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: DNS spoofing to port 8080 instead of 80?

    If someone could just post any info about it, rather than a life lesson about learning, that'd be great... Here's my news for you, experienced users are a resource, one can learn from them, not be told to learn somewhere else.
    Here's another news experienced users aren't paid for giving you information.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  5. #5
    Junior Member dec1bel's Avatar
    Join Date
    Dec 2010
    Location
    US
    Posts
    36

    Default Re: DNS spoofing to port 8080 instead of 80?

    A quick read about DNS should teach you that it isn't a system that takes port number into consideration, so DNS spoofing is out. A more in-depth read into iptables will teach you its capabilities, and it's way more powerful than simply prerouting traffic. At work we use it to filter and redirect different types of traffic to and from different destinations.

    The point sickness and Archangel-Amael are trying to make is that you should be focused on learning about the core of these technologies in order to understand how to manipulate them. Nobody will ever become a good pentester/hacker for simply knowing how to use a tool.

    That said, a little out-of-the-box thinking can get you through some of this without extensive knowledge. I wish I could offer you more but I haven't done what you're doing, and you haven't given much info for me to work with.

  6. #6
    Just burned his ISO
    Join Date
    Dec 2010
    Posts
    2

    Default Re: DNS spoofing to port 8080 instead of 80?

    Great. I realize this. If you wanted to be paid, you wouldn't be posting on a forum. We are both asking a very straightforward question. We admit to being much more inexperienced than most, otherwise we wouldn't be asking the question. If you're going to help out the community that you claim to part of, thank you, if you're not, then don't bother posting. I think that you don't know how to do it, but still want to feel superior, so you post **** about how we need to go learn for ourselves.
    Last edited by sickness; 12-08-2010 at 06:02 PM. Reason: Swearing covered.

  7. #7
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: DNS spoofing to port 8080 instead of 80?

    @zemsten the only thing that you do not seem to understand is that we help the members who deserve to be helped and who try to learn something. Now if you could just read what @dec1bel wrote you would see that a simple read-up on DNS would have given you the answer.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  8. #8
    Junior Member dec1bel's Avatar
    Join Date
    Dec 2010
    Location
    US
    Posts
    36

    Default Re: DNS spoofing to port 8080 instead of 80?

    I think you're missing the purpose of the exploit. The goal of the WebDAV DLL exploit is less about having the user go to the cloned website (port 8080) and more about having them try to access and run a file from a malicious WebDAV server (port 80).

    After launching the exploit myself and browsing to port 8080 on my machine I was simply redirected to port 80 where a WebDAV folder opened up. From that point I was able to open one of the files that pwned my victim machine.

    Dnsspoofing would work fine for the attack, however some social engineering would still be required to coax the victim into launching one of the files when the connection to the WebDAV server was established.

  9. #9
    Junior Member
    Join Date
    Aug 2010
    Posts
    51

    Default Re: DNS spoofing to port 8080 instead of 80?

    The one bit of advice I can give, you need a REDIRECT command from port 8080 to 80 Thats all you getting though...

  10. #10
    Senior Member iproute's Avatar
    Join Date
    Jan 2010
    Location
    Midwest, USA
    Posts
    192

    Default Re: DNS spoofing to port 8080 instead of 80?

    Have you tried using the attack directly from MSF and no set? Sometimes SET can be less flexible to use. It is a fantastic tool, but sometimes its too much automation. You should be able to tell MSF what ports you'd like to use.

Similar Threads

  1. port scan to find systems without a certain port open?
    By humbleman in forum OLD Newbie Area
    Replies: 3
    Last Post: 07-30-2009, 04:14 PM
  2. Ettercap DNS Spoofing Not.. Spoofing
    By oxide in forum OLD Newbie Area
    Replies: 4
    Last Post: 04-02-2009, 10:39 PM
  3. arp spoofing
    By whistler2008 in forum OLD Wireless
    Replies: 5
    Last Post: 01-11-2009, 09:44 PM
  4. ap spoofing
    By bigvito in forum OLD Newbie Area
    Replies: 1
    Last Post: 04-23-2008, 05:36 AM
  5. mac spoofing
    By hackerz.hell in forum OLD LiveCD Support
    Replies: 2
    Last Post: 04-05-2007, 11:51 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •