If an attacker or penetration tester has compromised a host on the internal network, they can escalate the attack using DNS redirection. This is generally considered to be a horizontal attack (it compromises persons of roughly the same access privileges); however, it can also escalate vertically if the credentials from privileged persons are captured. In this example, we will use BetterCap, which acts as a sniffer, interceptor, and logger for switched LANs. It facilitates man-in-the-middle attacks, but we will use it to launch a DNS-redirection attack to divert users to sites used for our social engineering attacks.
To start the attack, the following options are available in the new version of BetterCap:
We should be able to activate any module that is required; for example, we will now try the DNS spoof attack module on the target by creating a file called
dns.conf with the IP and domain details shown in the following screenshot. This will enable...