Shulou(Shulou.com)06/01 Report--

What this article shares with you is the analysis of how to carry out DNS deception. The editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

one。 What is DNS deception?

DNS deception is an art that changes the original direction of DNS to IP.

What is the DNSomain Name Server domain name server domain name is easy for people to remember, but the computers in the network can only know each other IP addresses, and the conversion between them is called domain name resolution.

DNS spoofing, or domain name information spoofing, is the most common DNS security problem. When a DNS server falls into a trap and uses an error message from a malicious DNS server, the DNS server is spoofed. After cheating, it will provide the wrong IP address to the customer's machine. For example, if you open Baidu's URL and become another unknown web page, imagine how bad it would be if the jumped page was hung silently.

II. Advantages of DNS deception

Because DNS spoofing takes some small actions outside the hosts that need * *, and all hosts on INTERNET need DNS's domain name resolution service, DNS spoofing technology has better concealment than other * * methods, and the attack has a wide range of attacks and strong versatility.

III. Ways of DNS spoofing

It is analyzed that there are two methods to realize DNS hijacking attack on the Internet.

The first is "DNS ID deception" technology.

Second, DNS cache paralysis.

The specific steps of the above two methods are not explained in detail, Baidu goes down.

The third kind, which is also the main content of this article, is completely original. The idea is to deceive the intranet host to which the route belongs by modifying the DNS in the router to a fake DNS address. The general idea is like this, very simple, using the idea of transferring flowers to trees.

Compared with the first two methods, the third method is easier to implement, the first two are mainly aimed at the DNS server, the DNS server is the infrastructure of the Internet, so the general security system is better to prevent, how can it be easily succeeded by rookies. Therefore, the impact of the first two methods of attack is large, but it is difficult and the success rate is not guaranteed.

The third is mainly aimed at the network node-the router (if the technology is good, it can also be extended to the switch or EPON). Although the ability to fix routing is very simple for a rookie, this method can only deceive the machines in the intranet, so fishing is our best choice. Here are the methods.

① set up a phishing website. After getting the source code, put it on the server to test it. If there is no problem, the phishing site will be done. Our phishing site does not need a domain name, as long as there is a server's IP, because our fake DNS can give it any domain name. The type of phishing website can be Taobao, Tencent, or other commonly used and stolen information is valuable to you. If you build a very partial website to do phishing website, others will be busy in vain if they haven't visited it at all.

② sets up its own fake DNS server. This is to be set up on your own machine, there is a DNS service component in WIN2003 (Linux is also available), open this service in the control panel, and then resolve the domain name of the original normal website imitated by the phishing website to the IP of your fishing station, and the rest will be parsed by other DNS hosts on the Internet. After the configuration, fill in your own machine with your own DNS and test it to see if the DNS and fishing stations can operate normally. It should also be noted that in order to save network resources, the general computer has a HOSTS file in this opportunity, which is similar to the DNS server, but the priority is higher than the DNS server. If the other host's HOSTS file has a normal parsing record that you want to deceive, the success rate of phishing will be reduced.

The technology involved above (including the broken wifi connection password described below) can be reached by Baidu, and the technology is very mature, the article is also very detailed. Therefore, this article will not explain in detail, mainly the train of thought.

③ enters the destination routing background management interface and modifies the DNS address. Now all routers have wireless functions, and they are widely used in urban households, so we have the opportunity to enter other people's internal networks from the outside. When we open the wireless network card, we can search for a large number of AP ssid and find a household connection such as TPlink_XXXX Tenda_XXXX. Luckily, we just go in without encryption, but most of them are encrypted. In this case, try using a weak password such as 1234578. If it doesn't work, use tools to crack it.

WPA2 encrypted with BT5 or bottle (Beni), first get a handshake bag, then have a powerful dictionary (dictionary is very important, whether it can be cracked mainly depends on the dictionary), and then burst the password.

WEP encryption is also cracked with BT3 or BT5 grab packets.

The TPLINK router is connected in WPS mode by default, and the PIN is enumerated with BT5.

After getting the password, connect to the intranet, and then ipconfig\ all checks the gateway address, which is 192.168.1.1 and then opens it with a browser to verify the password. Generally, the user name and password are admin. Different brands of routers will have different. If the default password doesn't work, use webcrack plus your powerful dictionary to explode.

After cracking all kinds of passwords, finally take down the router, enter the router management interface, click the WAN port setting in the network parameters, and then you can manually set DNS,DNS1 using the address of the DNS server you just built. After saving, restart the router and OK.

All the deception, the fishing environment is set up, and then wait for the host of the intranet to open the web page, and then led to our phishing site by our DNS server, where users enter user names, passwords and other information, which are quietly recorded by our phishing website, and phishing + deception is successful.

The above is how to carry out the analysis of DNS fraud, the editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.