Results 1 to 6 of 6

Thread: Combining Credential Harvester with DNS Spoofing

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Jun 2012
    Posts
    5

    Default Combining Credential Harvester with DNS Spoofing

    Here is the setup. I setup a wireless LAN, one attacker with BT5r2 and one Win7 victim PC. I use SET Credential Harvester to setup a duplicate webpage. If I type in the attack PC IP address into the victim browser everything works great, first log in attempt fails, forwards the credentials to the attack PC, then presents the victim PC with the real site in which I can then log in.

    To make the attack more convincing, I chose to use Ettercap to do some DNS spoofing. So I edit the etter.dns file to send the victim PC to the attack PC when they type in X site. Now the victim can browse to said site, get redirected to the fake Credential Harvester site, and the browser address bar shows the site they typed in rather than the attack PC's IP address, everything is good up to here.

    The problem. When Credential Harvester sends the victim PC to the real site after the first log in attempt, ettercap then again spoofs the site and sends that second request back to the attackers fake page, at this point Credential Harvester has already shut down the fake site after getting the credentials, so to the victim PC it looks as if the site is down. So I have fixed the one problem of the browser bar not showing the legit site name, but in turn caused another by Ettercap not allowing the victim PC to continue to the legit site. I realize there may be another issue and that is that the victim PC's DNS cash is poisoned, and it may not be able to get to the real website.

    Is there any way around this? Maybe some type of scripting I can do with ettercap, or am I re-inventing the wheel and there is already a better way to do this? I know one way is to just use ettercap with SSLstrip, but I want to specifically get this targeted attack working, rather than SSLstrip going after every page that is loaded.

    Thanks for your help,
    Ech3l0n

  2. #2
    Junior Member
    Join Date
    Jan 2010
    Posts
    40

    Default Re: Combining Credential Harvester with DNS Spoofing

    I would only spoof part of the domain for example:
    192.168.0.111 (your ip) login.facebook.com

    since login.facebook.com does not exist, there is no problem when the victim is redirected to the real login page.
    Also most users would think login.facebook.com as legitimate

    You may also want to consider using arpsoof instead of ettercap for dns spoofing

    Quote Originally Posted by Ech3l0n View Post
    Here is the setup. I setup a wireless LAN, one attacker with BT5r2 and one Win7 victim PC. I use SET Credential Harvester to setup a duplicate webpage. If I type in the attack PC IP address into the victim browser everything works great, first log in attempt fails, forwards the credentials to the attack PC, then presents the victim PC with the real site in which I can then log in.

    To make the attack more convincing, I chose to use Ettercap to do some DNS spoofing. So I edit the etter.dns file to send the victim PC to the attack PC when they type in X site. Now the victim can browse to said site, get redirected to the fake Credential Harvester site, and the browser address bar shows the site they typed in rather than the attack PC's IP address, everything is good up to here.

    The problem. When Credential Harvester sends the victim PC to the real site after the first log in attempt, ettercap then again spoofs the site and sends that second request back to the attackers fake page, at this point Credential Harvester has already shut down the fake site after getting the credentials, so to the victim PC it looks as if the site is down. So I have fixed the one problem of the browser bar not showing the legit site name, but in turn caused another by Ettercap not allowing the victim PC to continue to the legit site. I realize there may be another issue and that is that the victim PC's DNS cash is poisoned, and it may not be able to get to the real website.

    Is there any way around this? Maybe some type of scripting I can do with ettercap, or am I re-inventing the wheel and there is already a better way to do this? I know one way is to just use ettercap with SSLstrip, but I want to specifically get this targeted attack working, rather than SSLstrip going after every page that is loaded.

    Thanks for your help,
    Ech3l0n

  3. #3
    Just burned his ISO
    Join Date
    Jun 2012
    Posts
    1

    Default Re: Combining Credential Harvester with DNS Spoofing

    Karmetasploit

    I would rather use arp poisoning than dns spoofing.

  4. #4
    Moderated Member
    Join Date
    Oct 2011
    Posts
    44

    Default Re: Combining Credential Harvester with DNS Spoofing

    The best way to do this is via mysql db entries from a modified HTML page that can be DNS spoofed. All hail SE.

  5. #5
    Member longjidin's Avatar
    Join Date
    Feb 2010
    Location
    Kg Lengkong to Bukit Lada
    Posts
    93

    Default Re: Combining Credential Harvester with DNS Spoofing

    i am also like the arp-poisoning using Ettercap.....i think its more effective



    happy hunting!!

  6. #6
    Moderated Member
    Join Date
    Oct 2011
    Posts
    44

    Default Re: Combining Credential Harvester with DNS Spoofing

    Quote Originally Posted by longjidin View Post
    i am also like the arp-poisoning using Ettercap.....i think its more effective



    happy hunting!!
    So how are you going to do HTTPS? Sure if you want to sniff random websites on http no problem, but DNS spoofing + SE is necessary for anything worth noting.

Similar Threads

  1. The Harvester.py
    By exeption in forum BackTrack 5 Bugs
    Replies: 3
    Last Post: 04-03-2012, 02:01 PM
  2. Credential Harvester Error
    By XXdami3nXX in forum BackTrack 5 Beginners Section
    Replies: 2
    Last Post: 07-01-2011, 05:42 AM
  3. Replies: 9
    Last Post: 03-12-2011, 10:46 AM
  4. SET credential harvester (external)
    By 2901119 in forum Beginners Forum
    Replies: 5
    Last Post: 02-06-2011, 03:05 PM
  5. Keimpx - SMB Credential Testing
    By djjacket in forum Tool Requests
    Replies: 1
    Last Post: 03-16-2010, 11:53 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •