Free Essay

Dns Spoofing and Arp Poisoning

In:

Submitted By ariefk
Words 559
Pages 3
Edit file httpd.conf at /opt/lampp/etc
Remove # in front of:
LoadModule vhost_alias_module modules/mod_vhost_alias.so and Include conf/extra/httpd-vhosts.conf

Edit file httpd-xampp.conf at /opt/lampp/etc/extra
Add:
Allow from all
Allow from 192.168.1.0/16
Allow from 127.0.0.0/16
Allow from 10.0.0.0/16
Allow from 169.254.0.0/16
Require all granted

Edit file httpd-vhosts.conf at /opt/lampp/etc/extra
Add:
DocumentRoot “/opt/lampp/htdocs/”
ServerName localhost
,
Require all granted

accessed from other computer…..

Edit file etter.dns at /etc/ettercap
Change:
facebook.com A gmail.com A google.com A yahoo.com A

Sniff >>> Unified Sniffing

Host >>> Scan for Hosts
Hosts >>> Hosts List
192.168.1.1 >>> Add to Target 1

Plugins >>> Manage the plugins double-clicks dns_spoof

Mitm >>> ARP poisoning
Check >>> Sniff remote connection

Start >>> Start sniffing

Google.com >>> Hacked…!
Yahoo.com >>> Hacked…!
Facebook.com >>> Hacked…!
Gmail.com >>> Hacked…!

to save www.facebook.com as index.html file, then….. copy it to /opt/lampp/htdocs

to make post.php file to store username and password stolen from fake index.html file of www.facebook.com notice…..make blank file with name of logs.txt notice again…..make login.html as fake html of FAILED login

to change

with

to save FAILED login of facebook.com as login.html, then….. copy it to /opt/lampp/htdocs

to make all files in
/opt/lampp/htdocs to be able to execute by applying command
“chmod 777 *.*”

to edit etter.dns file at /etc/ettercap and to change : facebook.com A 192.168.1.110
*.facebook.com A 192.168.1.110 www.facebook.com PTR 192.168.1.110

to run Apache server with XAMPP, then….. to test it with localhost in browser

to test it from other computer, then….. to run : echo 1 > /proc/sys/net/ipv4/ip_forward

Sniff >>> Unified Sniffing

to run Ettercap for DNS Spoofing and ARP Poisoning

Host >>> Scan for Hosts
Hosts >>> Hosts List
192.168.1.1 >>> Add to Target 1

Plugins >>> Manage the plugins double-clicks dns_spoof

Mitm >>> ARP poisoning
Check >>> Sniff remote connection

Start >>> Start sniffing

to harvest username and password fromspoofed and poisoned www.facebook.com stored in logs.txt to save ibank.klikbca.com as index.html file, then….. copy it to /opt/lampp/htdocs

to find /authentication.do then replace it with post.php

to take a note: value(user_id) and value(pswd)

to save failed authentication page at ibank.klikbca.com as login.html file, then….. copy it to /opt/lampp/htdocs

to make a post.php file to remember to put: value(user_id) and value(pswd) and to make a blank logs.txt file

to make sure all files stored in
/opt/lampp/htdocs, then….. run chmod 777 *.* so all files can be read-write-execute to run Apache server and make sure everything runs well by checking it through localhost

Sniff >>> Unified Sniffing

to run Ettercap for DNS Spoofing and ARP Poisoning

Host >>> Scan for Hosts
Hosts >>> Hosts List
192.168.1.1 >>> Add to Target 1

Plugins >>> Manage the plugins double-clicks dns_spoof
Mitm >>> ARP poisoning
Check >>> Sniff remote connection

Start >>> Start sniffing

to access ibank.klikbca.com from other computer or target

to harvest user ID and PIN of targets while displaying failed authentication

Similar Documents

Premium Essay

Network Security

...Network Security Abstract: To begin to understand network security it is best to look at the basic definitions. A network is defined as “a group of two or more computers linked together”. An attack is defined as “an aggressive and violent act against a person or place”. Lastly, security is defined as “the state of being free from danger or threat”. Since the beginning of networking there have been users out there with malicious intent to either gain information or disrupt it. Technicians may not be able to stop the initiation of attack but there are certainly tools and techniques to fight back. This paper will discuss the protocol layers of networking, the associated threats and applicable solutions. This research paper will include an analysis of networking and examples of attacks. While not all solutions will be touched upon, this paper will give you a basic understanding of the way forward. Many references sited in my research are scholarly, peer reviewed journals and are considered experts in their field of Information Technology Technology is the basis of many operations in society today. While technological advances have made numerous processes easier and faster, it has also introduced an equal number of negative practices. This paper will discuss the theoretical model of networking which breaks up the data transmission process into multiple layers. We will first take a look at the original networking model and its functions compared to the newer model. Next we will...

Words: 3311 - Pages: 14

Free Essay

Cmit 321 Final Exam

...CMIT 321 Final Exam Click Link Below To Buy: http://hwaid.com/shop/cmit-321-final-exam/ Written 2016 Attempt Score: 121 / 125 - 96.8 % Final Exam Question 1 1 / 1 point __________ is the exploitation of an organization's telephone, dial, and private branch exchange (PBX) system to infiltrate the internal network in order to abuse computing resources. a. War driving b. Line dialing c. PBX driving d. War dialing View Feedback Question 2 1 / 1 point __________ cryptography is the most common method on the Internet for authenticating a message sender or encrypting a message. a. Symmetric b. Hash-based c. Private-key d. Public-key View Feedback Question 3 1 / 1 point __________ is a lightweight Knoppix version cut to 50 MB for a business-card-sized CD. a. Gnoppix b. GeeXboX c. Morphix d. Damn Small Linux View Feedback Question 4 1 / 1 point The __________ utility tests the integrity of an ODBC data source. a. odbcping b. ASPRunner c. FlexTracer d. DbEncrypt View Feedback Question 5 1 / 1 point In the TCP/IP stack, the __________ layer is where applications and protocols, such as HTTP and Telnet, operate. a. Internet b. network c. transport d. application View Feedback Question 6 1 / 1 point Attackers can use a simple test to find out if an application is vulnerable to an OLE DB error. They can fill in the username and password...

Words: 4865 - Pages: 20

Premium Essay

Blank

...Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. SSL Man-in-the-Middle Attacks TCP/IP protocols have long been subject to man-in-the-middle (MITM) attacks, but the advent of SSL/TLS was supposed to mitigate that risk for web transactions by providing endpoint authentication and encryption. The advent of Dug Song's 'webmitm' in late 2000 demonstrated the feasibility of mounting an MITM attack on the protocol, but a properlyconfigured client SSL implementation would warn the user about problems with the server certificate. This paper examines the mechanics of the SSL protocol attack, then focuses o... Copyright SANS Institute Author Retains Full Rights AD SSL Man-in-the-Middle Attacks Peter Burkholder February 1, 2002 (v2.0) Abstract TCP/IP protocols have long been subject to man-in-the-middle (MITM) attacks, but the advent of SSL/TLS was supposed to mitigate that risk for web transactions by providing endpoint authentication and encryption. The advent of Dug Song's 'webmitm' in late 2000 demonstrated the feasibility of mounting an MITM attack on the protocol, but a properlyKey fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 configured client SSL implementation would warn the user about problems with the server certificate. This paper examines the mechanics of the SSL protocol attack, then focusses...

Words: 6154 - Pages: 25

Free Essay

Ceh Test Questions

...Exam : 312-50 Title : Ethical Hacker Certified Ver : 02-23-2009 312-50 QUESTION 1: What is the essential difference between an 'Ethical Hacker' and a 'Cracker'? A. The ethical hacker does not use the same techniques or skills as a cracker. B. The ethical hacker does it strictly for financial motives unlike a cracker. C. The ethical hacker has authorization from the owner of the target. D. The ethical hacker is just a cracker who is getting paid. Answer: C Explanation: The ethical hacker uses the same techniques and skills as a cracker and the motive is to find the security breaches before a cracker does. There is nothing that says that a cracker does not get paid for the work he does, a ethical hacker has the owners authorization and will get paid even if he does not succeed to penetrate the target. QUESTION 2: What does the term "Ethical Hacking" mean? A. Someone who is hacking for ethical reasons. B. Someone who is using his/her skills for ethical reasons. C. Someone who is using his/her skills for defensive purposes. D. Someone who is using his/her skills for offensive purposes. Answer: C Explanation: Ethical hacking is only about defending your self or your employer against malicious persons by using the same techniques and skills. QUESTION 3: Who is an Ethical Hacker? A. A person whohacksfor ethical reasons B. A person whohacksfor an ethical cause C. A person whohacksfor defensive purposes D. A person whohacksfor offensive purposes Answer:...

Words: 34575 - Pages: 139

Premium Essay

Windows Fundamentals

...CompTIA SY0-301 CompTIA Security+ Version: 20.2 QUESTION NO: 1 A password history value of three means which of the following? A. Three different passwords are used before one can be reused. B. A password cannot be reused once changed for three years. C. After three hours a password must be re-entered to continue. D. The server stores passwords in the database for three days. Answer: A Explanation: QUESTION NO: 2 In order to provide flexible working conditions, a company has decided to allow some employees remote access into corporate headquarters. Which of the following security technologies could be used to provide remote access? (Select TWO). A. Subnetting B. NAT C. Firewall D. NAC E. VPN Answer: C,E Explanation: QUESTION NO: 3 Which of the following is the BEST approach to perform risk mitigation of user access control rights? A. Conduct surveys and rank the results. B. Perform routine user permission reviews. C. Implement periodic vulnerability scanning. D. Disable user accounts that have not been used within the last two weeks. Answer: B Explanation: 2 QUESTION NO: 4 Which of the following devices is BEST suited for servers that need to store private keys? A. Hardware security module B. Hardened network firewall C. Solid state disk drive D. Hardened host firewall Answer: A Explanation: QUESTION NO: 5 All of the following are valid cryptographic hash functions...

Words: 14377 - Pages: 58

Premium Essay

Security Analyst

...Contents 1. Introduction 2. Assessment Test 3. Chapter 1: Getting Started with Ethical Hacking 1. Hacking: A Short History 2. What Is an Ethical Hacker? 3. Summary 4. Exam Essentials 5. Review Questions 4. Chapter 2: System Fundamentals 1. Exploring Network Topologies 2. Working with the Open Systems Interconnection Model 3. Dissecting the TCP/IP Suite 4. IP Subnetting 5. Hexadecimal vs. Binary 6. Exploring TCP/IP Ports 7. Understanding Network Devices 8. Working with MAC Addresses 9. Intrusion Prevention and Intrusion Detection Systems 10. Network Security 11. Knowing Operating Systems 12. Backups and Archiving 13. Summary 14. Exam Essentials 15. Review Questions 5. Chapter 3: Cryptography 2 1. Cryptography: Early Applications and Examples 2. Cryptography in Action 3. Understanding Hashing 4. Issues with Cryptography 5. Applications of Cryptography 6. Summary 7. Exam Essentials 8. Review Questions 6. Chapter 4: Footprinting and Reconnaissance 1. Understanding the Steps of Ethical Hacking 2. What Is Footprinting? 3. Terminology in Footprinting 4. Threats Introduced by Footprinting 5. The Footprinting Process 6. Summary 7. Exam Essentials 8. Review Questions 7. Chapter 5: Scanning Networks 1. What Is Network Scanning? 2. Checking for Live Systems 3. Checking for Open Ports 4. Types of Scans 5. OS Fingerprinting 6. Banner Grabbing 7. Countermeasures 8. Vulnerability Scanning 9. Drawing Network Diagrams 10. Using Proxies 11. Summary 12. Exam Essentials 13. Review Questions...

Words: 71242 - Pages: 285

Premium Essay

Paper

...Ec-council.Braindumps.312-49.v2014-03-11.by.ANGELA.180q Number: 312-49 v8 Passing Score: 700 Time Limit: 240 min File Version: 16.5 http://www.gratisexam.com/ Exam Code: 312-49 Exam Name: Computer Hacking Forensic Investigator Practice Testw CHFI-1-105 QUESTION 1 When a file or folder Is deleted, the complete path, including the original file name, Is stored In a special hidden file called "INF02" In the Recycled folder. If the INF02flle Is deleted, It Is re-created when you _______ A. B. C. D. Restarting Windows Kill the running processes In Windows task manager Run the antivirus tool on the system Run the anti-spy ware tool on the system Correct Answer: A Section: (none) Explanation Explanation/Reference: A QUESTION 2 Graphics Interchange Format (GIF) is a ___________RGB bitmap Image format for Images with up to 256 distinct colors per frame. A. B. C. D. 8-bit 16-bit 24-bit 32-bit Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 3 The IIS log file format is a fixed (cannot be customized) ASCII text-based format. The IIS format includes basic items, such as client IP address, user name, date and time,service and instance, server name and IP address, request type, target of operation, etc. Identify theservice status code from the following IIS log. 192.168.100.150, -, 03/6/11, 8:45:30, W3SVC2,SERVER, 172.15.10.30, 4210, 125, 3524, 100, 0, GET, / dollerlogo.gif, A. B. C. D. W3SVC2 4210 3524 100 Correct Answer: D Section: (none) Explanation...

Words: 11383 - Pages: 46

Premium Essay

Ethical Hacking

...Ethical Hacking 1 Running head: ETHICAL HACKING: Teaching Students to Hack Ethical Hacking: Teaching Students to Hack Regina D. Hartley East Carolina University Ethical Hacking 2 Abstract One of the fastest growing areas in network security, and certainly an area that generates much discussion, is that of ethical hacking. The purpose of this study is to examine the literature regarding how private sectors and educational institutions are addressing the growing demand for ethical hacking instruction. The study will also examine the opportunity for community colleges in providing this type of instruction. The discussion will conclude with a proposed model of ethical hacking instruction that will be used to teach a course in the summer semester of 2006 through the continuing education department at Caldwell Community College and Technical Institute within the North Carolina Community College System. Ethical Hacking 3 Ethical Hacking: Teaching Students to Hack The growing dependence and importance regarding information technology present within our society is increasingly demanding that professionals find more effective solutions relating to security concerns. Individuals with unethical behaviors are finding a variety of ways of conducting activities that cause businesses and consumers much grief and vast amounts annually in damages. As information security continues to be foremost on the minds of information technology professionals, improvements in this area are critically...

Words: 6103 - Pages: 25

Free Essay

A Hands on Intro to Hacking

...Penetration testing Penetration testing A Hands-On Introduction to Hacking by Georgia Weidman San Francisco Penetration testing. Copyright © 2014 by Georgia Weidman. All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. Printed in USA First printing 18 17 16 15 14   123456789 ISBN-10: 1-59327-564-1 ISBN-13: 978-1-59327-564-8 Publisher: William Pollock Production Editor: Alison Law Cover Illustration: Mertsaloff/Shutterstock Interior Design: Octopod Studios Developmental Editor: William Pollock Technical Reviewer: Jason Oliver Copyeditor: Pamela Hunt Compositor: Susan Glinert Stevens Proofreader: James Fraleigh Indexer: Nancy Guenther For information on distribution, translations, or bulk sales, please contact No Starch Press, Inc. directly: No Starch Press, Inc. 245 8th Street, San Francisco, CA 94103 phone: 415.863.9900; fax: 415.863.9950; info@nostarch.com; www.nostarch.com Library of Congress Cataloging-in-Publication Data Weidman, Georgia. Penetration testing : a hands-on introduction to hacking / Georgia Weidman. pages cm Includes index. ISBN 978-1-59327-564-8 (paperback) -- ISBN 1-59327-564-1 (paperback) 1. Penetration testing (Computer security) 2. Kali Linux. 3. Computer hackers. QA76.9.A25W4258 2014 005.8'092--dc23 2014001066...

Words: 117203 - Pages: 469

Premium Essay

Computer Tricks

...EC-Council Press | The Experts: EC-Council EC-Council’s mission is to address the need for well educated and certified information security and e-business practitioners. EC-Council is a global, member based organization comprised of hundreds of industry and subject matter experts all working together to set the standards and raise the bar in Information Security certification and education. EC-Council certifications are viewed as the essential certifications needed where standard configuration and security policy courses fall short. Providing a true, hands-on, tactical approach to security, individuals armed with the knowledge disseminated by EC-Council programs are securing networks around the world and beating the hackers at their own game. The Solution: EC-Council Press The EC-Council | Press marks an innovation in academic text books and courses of study in information security, computer forensics, disaster recovery, and end-user security. By repurposing the essential content of EC-Council’s world class professional certification programs to fit academic programs, the EC-Council | Press was formed. With 8 Full Series, comprised of 27 different books, the EC-Council | Press is set to revolutionize global information security programs and ultimately create a new breed of practitioners capable of combating this growing epidemic of cybercrime and the rising threat of cyber war. This Certification: C|EH – Certified Ethical Hacker Certified Ethical Hacker is a certification...

Words: 61838 - Pages: 248

Premium Essay

Ccna

...CCNA Notes Introduction Cisco offers two options for obtaining the CCNA certification:   Pass Exam 640-802 OR Pass Exam 640-822 AND Exam 640-816 While you can use these notes to prepare for either exam, the notes are geared towards passing the single exam. I recommend you study all of the material and take the single exam option rather than taking two exams. Cisco Device Icons  The following table lists the specific icons Cisco uses to represent network devices and connections. Represents Icon Hub Bridge Switch Router Access point Network cloud Ethernet connection Serial Line connection Wireless connection Virtual Circuit The OSI Model As you study this section, answer the following questions:       What is the OSI model and why is it important in understanding networking? How does the third OSI model layer relate to administering routers? Which OSI model layer is concerned with MAC addresses? What protocols correspond to the Presentation and Session layers? What is the difference between the TCP and UDP protocols? What is the EIA/TIA 232 protocol concerned with? This section covers the following exam objectives:    103. Use the OSI and TCP/IP models and their associated protocols to explain how data flows in a network 105. Describe the purpose and basic operation of the protocols in the OSI and TCP models 110. Identify and correct common network problems at layers 1, 2, 3 and 7 using a layered model approach ...

Words: 73801 - Pages: 296

Free Essay

Hacking the Art of Exploitation

...2nd Edition Hacking the art of exploitation jon erickson PRAISE FOR THE FIRST EDITION OF HACKING: THE ART OF EXPLOITATION “Most complete tutorial on hacking techniques. Finally a book that does not just show how to use the exploits but how to develop them.” —PHRACK “From all the books I’ve read so far, I would consider this the seminal hackers handbook.” —SECURITY FORUMS “I recommend this book for the programming section alone.” —UNIX REVIEW “I highly recommend this book. It is written by someone who knows of what he speaks, with usable code, tools and examples.” —IEEE CIPHER “Erickson’s book, a compact and no-nonsense guide for novice hackers, is filled with real code and hacking techniques and explanations of how they work.” —COMPUTER POWER USER (CPU) MAGAZINE “This is an excellent book. Those who are ready to move on to [the next level] should pick this book up and read it thoroughly.” —ABOUT.COM INTERNET/NETWORK SECURITY ® San Francisco HACKING: THE ART OF EXPLOITATION, 2ND EDITION. Copyright © 2008 by Jon Erickson. All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. Printed on recycled paper in the United States of America 11 10 09 08 07 123456789 ISBN-10: 1-59327-144-1 ISBN-13: 978-1-59327-144-2 Publisher:...

Words: 139438 - Pages: 558

Premium Essay

Computer Networking

...COMPUTER NETWORKING SIXTH EDITION A Top-Down Approach James F. Kurose University of Massachusetts, Amherst Keith W. Ross Polytechnic Institute of NYU Boston Columbus Indianapolis New York San Francisco Upper Saddle River Amsterdam Cape Town Dubai London Madrid Milan Munich Paris Montréal Toronto Delhi Mexico City São Paulo Sydney Hong Kong Seoul Singapore Taipei Tokyo Vice President and Editorial Director, ECS: Marcia Horton Editor in Chief: Michael Hirsch Editorial Assistant: Emma Snider Vice President Marketing: Patrice Jones Marketing Manager: Yez Alayan Marketing Coordinator: Kathryn Ferranti Vice President and Director of Production: Vince O’Brien Managing Editor: Jeff Holcomb Senior Production Project Manager: Marilyn Lloyd Manufacturing Manager: Nick Sklitsis Operations Specialist: Lisa McDowell Art Director, Cover: Anthony Gemmellaro Art Coordinator: Janet Theurer/ Theurer Briggs Design Art Studio: Patrice Rossi Calkin/ Rossi Illustration and Design Cover Designer: Liz Harasymcuk Text Designer: Joyce Cosentino Wells Cover Image: ©Fancy/Alamy Media Editor: Dan Sandin Full-Service Vendor: PreMediaGlobal Senior Project Manager: Andrea Stefanowicz Printer/Binder: Edwards Brothers Cover Printer: Lehigh-Phoenix Color This book was composed in Quark. Basal font is Times. Display font is Berkeley. Copyright © 2013, 2010, 2008, 2005, 2003 by Pearson Education, Inc., publishing as Addison-Wesley. All rights reserved. Manufactured in the United States of...

Words: 69922 - Pages: 280

Premium Essay

Computer Engineer

...Cisco 3 Layer Model * 1-7 Summary * Chapter 2 – IP Addressing and Subnets * 2-1 IP Addresses – Composition, Types and Classes * 2-2 Private and Public IP addresses * 2-3 Subnetting * 2-4 Variable Length Subnet Masks (VLSM) * 2-5 Route Summarization * 2-6 Troubleshooting IP Addressing * Chapter 3 Introduction to Cisco Routers, Switches and IOS * 3-1 Introduction to Cisco Routers, Switches, IOS & the Boot Process * 3-2 Using the Command-Line Interface (CLI) * 3-3 Basic Configuration of Router and Switches * 3-4 Configuring Router Interfaces * 3-5 Gathering Information and Verifying Configuration * 3-6 Configuring DNS & DHCP * 3-7 Saving, Erasing, Restoring and Backing up Configuration & IOS File * 3-8 Password Recovery on a Cisco Router * 3-9 Cisco Discovery Protocol (CDP) * 3-10 Using Telnet on IOS * 3-11 CCNA Lab #1 * Chapter 4 Introduction to IP Routing * 4-1 Understanding IP Routing * 4-2 Static, Default and Dynamic Routing * 4-3 Administrative Distance and Routing Metrics * 4-4 Classes of Routing Protocols * 4-5 Routing Loops * 4-6 Route Redistribution * 4-7 Static and Default Route Lab * Chapter 5 Routing Protocols * 5-1 RIPv1 & RIPv2 * 5-2 Configuring RIPv1 & RIPv2 * 5-3 Verifying and...

Words: 95744 - Pages: 383

Premium Essay

Test Paper

...CompTIA Security+: Get Certified Get Ahead SY0-401 Study Guide Darril Gibson Dedication To my wife, who even after 22 years of marriage continues to remind me how wonderful life can be if you’re in a loving relationship. Thanks for sharing your life with me. Acknowledgments Books of this size and depth can’t be done by a single person, and I’m grateful for the many people who helped me put this book together. First, thanks to my wife. She has provided me immeasurable support throughout this project. The technical editor, Steve Johnson, provided some good feedback throughout the project. If you have the paperback copy of the book in your hand, you’re enjoying some excellent composite editing work done by Susan Veach. I’m extremely grateful for all the effort Karen Annett put into this project. She’s an awesome copy editor and proofer and the book is tremendously better due to all the work she’s put into it. While I certainly appreciate all the feedback everyone gave me, I want to stress that any technical errors that may have snuck into this book are entirely my fault and no reflection on anyone who helped. I always strive to identify and remove every error, but they still seem to sneak in. About the Author Darril Gibson is the CEO of YCDA, LLC (short for You Can Do Anything). He has contributed to more than 35 books as the sole author, a coauthor, or a technical editor. Darril regularly writes, consults, and teaches on a wide variety of technical...

Words: 125224 - Pages: 501