O'Reilly logo

Mastering Metasploit by Nipun Jaswal

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Fake updates with the DNS-spoofing attack

A fake update with the DNS-spoofing attack is a LAN-based attack. It very handy while conducting internal audits of security and also while conducting a white box penetration test. This attack consists of ARP poisoning, DNS spoofing, and Metasploit. In this attack, we will first set up a server with a fake page that shows the download section for system updates. These updates will be our payloads for three different operating systems: one each for Windows, Linux, and Mac OS.

Next, we will ARP poison the local LAN and will send spoofed DNS entries that point every domain request to our fake Download updates page.

Whenever a client on the local LAN tries to open any website, his or her request will redirect ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required