Escalating an attack using DNS redirection

If an attacker or penetration tester has compromised a host on the internal network, they can escalate the attack using DNS redirection. This is generally considered to be a horizontal attack (it compromises persons of roughly the same access privileges); however, it can also escalate vertically if the credentials from privileged persons are captured. In this example, we will use BetterCap, which acts as a sniffer, interceptor, and logger for switched LANs. It facilitates man-in-the-middle attacks, but we will use it to launch a DNS-redirection attack to divert users to sites used for our social engineering attacks.

To start the attack, the following options are available in the new version of BetterCap:

We should be able to activate any module that is required; for example, we will now try the DNS spoof attack module on the target by creating a file called dns.conf with the IP and domain details shown in the following screenshot. This will enable any request to microsoft.com on the network to be forwarded to 192.168.0.13. We will explore BetterCap more in Chapter 11, Action on the Objective and Lateral Movement:

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
44.197.191.240