Ethical Hacking – DNS Poisoning , Exploitation, Enumeration and Metasploit

0
46

Ethical Hacking – DNS Poisoning , Exploitation, Enumeration and Metasploit

DNS Poisoning is a technique that tricks a DNS server into believing that it has received authentic information when, in reality, it has not. It results in the substitution of false IP address at the DNS level where web addresses are converted into numeric IP addresses. It allows an attacker to replace IP address entries for a target site on a given DNS server with IP address of the server controls. An attacker can create fake DNS entries for the server which may contain malicious content with the same name.

For instance, a user types www.google.com, but the user is sent to another fraud site instead of being directed to Google’s servers. As we understand, DNS poisoning is used to redirect the users to fake pages which are managed by the attackers.

Defenses against DNS Poisoning

As an ethical hacker, your work could very likely put you in a position of prevention rather than pen testing. What you know as an attacker can help you prevent the very techniques you employ from the outside.

Here are defenses against the attacks we just covered from a pen tester’s perspective −

● Use a hardware-switched network for the most sensitive portions of your network in an effort to isolate traffic to a single segment or collision domain.

● Implement IP DHCP Snooping on switches to prevent ARP poisoning and spoofing attacks.

● Implement policies to prevent promiscuous mode on network adapters.

● Be careful when deploying wireless access points, knowing that all traffic on the wireless network is subject to sniffing.

● Encrypt your sensitive traffic using an encrypting protocol such as SSH or IPsec.

● Port security is used by switches that have the ability to be programmed to allow only specific MAC addresses to send and receive data on each port.

● IPv6 has security benefits and options that IPv4 does not have.

● Replacing protocols such as FTP and Telnet with SSH is an effective defense against sniffing. If SSH is not a viable solution, consider protecting older legacy protocols with IPsec.

● Virtual Private Networks (VPNs) can provide an effective defense against sniffing due to their encryption aspect.

● SSL is a great defense along with Ipsec.

Summary

In this content, we discussed how attackers can capture and analyze all the traffic by placing a packet sniffer in a network. With a real-time example, we saw how easy it is to get the credentials of a victim from a given network. Attackers use MAC attacks, ARP and DNS poisoning attacks to sniff the network traffic and get hold of sensitive information such as email conversations and passwords.

Ethical Hacking – Exploitation

Exploitation is a piece of programmed software or script which can allow hackers to take control over a system, exploiting its vulnerabilities. Hackers normally use vulnerability scanners like Nessus, Nexpose, OpenVAS, etc. to find these vulnerabilities.

Metasploit is a powerful tool to locate vulnerabilities in a system.

Quick Fix

Vulnerabilities generally arise due to missing updates, so it is recommended that you update your system on a regular basis, for example, once a week. In Windows environment, you can activate automatic updates by using the options available in the Control Panel → System and Security → Windows Updates.
In Linux Centos, you can use the following command to install automatic update package.

yum -y install yum-cron

Ethical Hacking – Enumeration

Enumeration belongs to the first phase of Ethical Hacking, i.e., “Information Gathering”. This is a process where the attacker establishes an active connection with the victim and try to discover as much attack vectors as possible, which can be used to exploit the systems further.

Enumeration can be used to gain information on −

● Network shares

● SNMP data, if they are not secured properly

● IP tables

● Usernames of different systems

● Passwords policies lists

Enumerations depend on the services that the systems offer. They can be −

● DNS enumeration

● NTP enumeration

● SNMP enumeration

● Linux/Windows enumeration

● SMB enumeration

Some of the tools that are widely used for Enumeration are:

NTP Suite

NTP Suite is used for NTP enumeration. This is important because in a network environment, you can find other primary servers that help the hosts to update their times and you can do it without authenticating the system.

Enum4linux

enum4linux is used to enumerate Linux systems.

Smtp-user-enum

smtp-user-enum tries to guess usernames by using SMTP service.

Quick Fix

It is recommended to disable all services that you don’t use. It reduces the possibilities of OS enumeration of the services that your systems are running.

Ethical Hacking – Metasploit

Metasploit is one of the most powerful exploit tools. Most of its resources can be found at: https://www.metasploit.com/ It comes in two versions − commercial and free edition. There are no major differences in the two versions, so in this tutorial, we will be mostly using the Community version (free) of Metasploit.

As an Ethical Hacker, you will be using “Kali Distribution” which has the Metasploit community version embedded in it along with other ethical hacking tools. But if you want to install Metasploit as a separate tool, you can easily do so on systems that run on Linux, Windows, or Mac OS X.

The hardware requirements to install Metasploit are −

● 2 GHz+ processor

● 1 GB RAM available

● 1 GB+ available disk space

Matasploit can be used either with command prompt or with Web UI.

To open in Kali, go to Applications → Exploitation Tools → metasploit.