DNS Cache Poisoning

Similar the ARP Poisoning, DNS poisoning is changing the destination IP of a certain Domain Name Service (DNS) address such as ServerTheory.com to one of your choosing.  By using the DNS Cache Poisoning techniques, you can effectively send someone to a malicious webpage that you created instead of them going to the whatever.com webpage that they originally wanted.

One good way to look up what the actual IP address of a DNS address is would be to use nslookup.
$ nslookup www.webpage.com
The results are the IP and addresses of whatever webpage you looked up.  This tool can also be used after you have successfully executed the attack to verify it worked; assuming you’re on the target machine to run the command.

In a DNS spoof, you will be using a file that defines where you would like to send the target victim.  It can be named anything, but make sure that the IP address is followed by the DNS address you’d like to spoof.
$ cat 192.168.1.xx www.webpage.com >> anyfile.txt

Once we have set up an ARP Spoof between the default gateway and the target victim, you can begin inserting DNS Spoofs into the picture.  To do this, use the dnsspoof command:
$ dnsspoof -i eth0 -f anyfile.txt
In this command, you’re telling the system to use the network card called eth0 and the bogus DNS info file you created.  Following running that command, the target machine should begin following the path you created to get them to your bogus web server.

As already mentioned, you can use nslookup to verify that the attack worked.  This would have to be done from the target victim’s machine, however.  So take the challenge and own a the target computer to make sure you did it right.

Scroll to top