Network Hacking - Wireless Attack: Dnspwn Attack (Python for Hackers Part-9.3)

Wireless Attack: Dnspwn Attack

This attack is created by using the airpwn tool, which is a framework for packet injection for wireless 802.11. This tool is created to listen to incoming packets and then injects content to the access point when the incoming data matches a pattern that is specified in the config file. To your 

target, your airpwn looks and behaves like the server that he is trying to communicate to. This tool was first created to target HTTP, but it can also be used to exploit DNS. 

In an essence, using a dnspwn attack entails luring your target to visit a malicious webpage that will install malware to your target through download, or to spoof a particular website to steal 

your target’s credential. To perform this attack, you will need to have Backtrack or Kali Linux installed in your computer, as well as a wireless card adapter. 

Follow these steps:

1. Setup your wireless monitor

In order to sniff your target’s wireless activity, you will need to setup your wireless card adapter to monitor mode. To do this, pull up airmon-ng from Kali Linux and then enter the following command. 

Now, you will be able to capture data right in the demo_insecure (target) network.

Once you have a monitor up and running, you can start creating the code for your attack.

2. Create your code.

You will need to make use of the scapy module in order to perform the dnspwn attack. To do this, you will need to sniff all the UDP packets that comes with the port 53 destination and then send the packet to the send_response function that you will create later. 

Now that you have the scapy module, we can now make the function that will allow you to construe the request for the needed information and then do response injection. You can do this by working up the following layers: 

•802.11 Frame – switch the “to-ds” to “from-ds” flag, which will make it seem

like the requests that you are making are coming from the access point

•802.11 Frame – change the Mac addresses of the destination and source

•IP layer – change the IP addresses of the destination and source

•UDP layer – change the ports of the destination and source

•DNS layer – Put in the “answer” flag, and then add the answer that you have

spoofed.

The scape module makes the entire process simple by removing away a lot of details that you do not need to be concerned about. Once the other details has been abstracted away by scapy, you can use the following code:

At this point, you have all the flags set for your attack. The next step is to make and add the DNS answer:

Finally, inject the response that you have spoofed:

Kick a User Out of Your Network 

This hack is a solution that you might have been dreaming of, especially if you are using a network that has a lot of other users in it. As you may have noticed, there is a certain limit when it comes to sending and receiving data through the network and your own networking interfaces. The reason for this limit is the amount of bandwidth that you have, and if other users are not hogging the bandwidth, the faster your connections will be. 

When all the bandwidth that should be available to you, you are experiencing a DoS (Denial of Service). You can actually force a DoS to another user by searching and manipulating a remote host’s service. Once you already found that service, you can make the program behave in a way that it is not supposed to do, which will cause the remote host to take up all its available resources and then take it offline. Alternatively, you can also cause a UDP flood, which is done by sending a huge quantity of UDP packets to several ports on your target’s remote host. This will cause the host to ignore any application that are listening to that particular host and then reply with a packet that says ICMP Destination Unreachable. 

To do this, all you need to do is to pull up your text editor and input the following code:

Save this code as udpflood.py, and then select all file options upon saving. To run the code, pull up IDLE and then execute the program, which will prompt you to enter all the other information that you need. Take note that this hack is directed to only one port, but if you want to exploit all other 65,535 ports that are available.