Use DNS spoofing to mount a trojan in a LAN

DNS domain name spoofing. I believe many of my friends have heard of it, and I often hear that some websites have been attacked by DNS spoofing, so that the websites cannot be browsed by users, so is it true that xx big station has been intruded? In fact, this is not the case. Their website is not truly intruded, but their domain name is hijacked by hackers. When users browse their website, I found out how the homepage is changed to other content. In fact, DNS Spoofing is not only implemented in the WAN, but also in the LAN, and is easier. Next let's take a look at how DNS domain name spoofing occurs in the LAN.

　　I. DNS Spoofing Principle

Next, I will perform DNS Spoofing on the host whose IP address is 192.168.0.100. First, let's take a look at our local IP configuration. 1,

　　Note: Figure 1 is invalid. The source image cannot be found.

If the host 192.168.0.100 in the LAN asks the current Gateway 192.168.0.1 about the IP address of www.google.com, We will impersonate the gateway 192.168.0.1 and return it to him as a specific Trojan IP address, therefore, when the host 192.168.0.100 browses the Internet each time, a specified webpage is opened for a specific website. In this way, DNS domain name spoofing is realized. Well, the theory is complete. Let's take a look at the actual operation.

　　2. Configure pcshare and ms06014 network horse

Open the pcshare client, click "Create Customer", enter the control IP Address: 192.168.0.92, Port: 81, and click "generate". I will save the name 123.exe to the desktop. 2, okay, after pcshare's server configuration is complete, configure the webpage Trojan ms06014 (which has been introduced many times in articles earlier than X ).

Figure 2

Open the ms06014 generator, enter the URL http: // 192.168.0.92/123.exe, and click "generate" Save name xtaflf.htm to the desktop, 3. (Note: I will launch a web server locally, but to ensure security, you 'd better upload the Web horse and server to your own space ).

Figure 3

Run "HTTP dummies server" to set up a local server, specify the directory in the F:/xtaflf folder, 4, and then copy the network horse and pcshare servers. Then insert the code in Figure 5 to your home page.

Figure 4

Figure 5

Iii. DNS Spoofing

 

After the preparations, we finally had to perform DNS Spoofing. If this step was not completed, we would have done nothing before. We took out the tool "cain2.8" and ran "Cain" 6

Figure 6

Click "sniffing", click the nic icon above "Start sniffing", and then click the Black Cross. In the displayed dialog box, the target network is displayed, select "all computers in the subnet" or select a custom range. You can select a range based on your needs. OK. The software automatically scans all computers on the Internet. 7.

Figure 7

Okay, click the "ARP" below, and then the black cross above. In the pop-up "New ARP spoofing" dialog box, select the IP address to be spoofed on the left: 192.168.0.100, select the target gateway 192.168.0.1 of the spoofed IP address on the right and click OK. 8

 

Figure 8

Click "DNS Spoofing", and then click the Black Cross, 9. a dns Spoofing dialog box is displayed.

Figure 9

Enter 192.168.0.100 in the request dns domain name column, for example, www.google.com, and fill in IP Address: 192.168.0.92 in the "ip address used to rewrite the response package" column, when the host 192.168.0.100 accesses www.google.com, it needs to jump to the IP address 192.168.0.92 we provided, and then confirm. Finally, click "start/stop ARP spoofing" to officially start DNS spoofing. 10

Figure 10

As long as he opens Google, he will browse the home page of 192.168.0.92 to download and execute the trojan program. Okay, the trojan is hooked up. Open the control terminal of pcshare, 11,

 

Figure 11

Now let's grab a screen and check the current screen of the host on the other side. On the page 12, Google changed to the home page of 192.168.0.92 !!

Figure 12