How Hackers Use DNS Spoofing to Phish Passwords (WiFi Pineapple Demo)
Вставка
- Опубліковано 17 тра 2024
- @AlexLynd demonstrates how DNS Spoofing & DNS Cache Poisoning can be used to phish your online passwords. This demo uses a WiFi Pineapple to create a Rogue Access Point that can intercept & modify WiFi traffic.
This video is sponsored by PCBWay: www.pcbway.com
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Buy a WiFi Pineapple: shop.hak5.org/products/wifi-p...
Pineapple Rogue AP / Mitm: • Create Rogue Networks ...
Nginx Setup Video: • HakByte: Learn Web Hos...
Pineapple Setup Guide: docs.hak5.org/wifi-pineapple
Phishing Page Demo: gist.github.com/AlexLynd/7fcc...
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Alex's Twitter: / alexlynd
Alex's Website: alexlynd.com
Alex's GitHub: github.com/AlexLynd
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Chapters:
Intro @AlexLynd 00:00
What is DNS? 00:19
DNS Cache Poisoning 00:54
DNS Attack Overview 01:18
Tools You'll Need 01:37
PCBWay Ad 01:43
Pineapple Setup 01:57
Rogue AP Overview 02:16
Modifying DNS Records 03:33
Clear DNS Cache 05:42
Disclaimer and Overview 05:57
Setting up a Webserver 06:28
Phishing Page Overview 07:25
Attack Demo 07:50
Mitigating Attacks 08:27
Outro 08:46
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → www.hak5.org
Shop → hakshop.myshopify.com/
Subscribe → ua-cam.com/users/Hak5Darr...
Support → / threatwire
Contact Us → / hak5
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community - where all hackers belong. - Наука та технологія
Definitely need more pineapple guides
Did you get anymore information?
Super dope tutorial Alex! Very informative too!
Love the Pineapple videos!
I really like the hosts trick. Thanks for that!
Great work! Cheers
Great video thanks for this will have to buy a wifi pinapple as well the OMG Cable for my next project :)
thanks for the info mr alex
Hi see you got version 2.0.0 firmware on the pineapple, i only find 1.1.1 on your home page, how do i get the newest version?
Can u show us how would the built in terminal in the pineapple be used?
Can u continue to utilize the pineapple wifi. How do i add storage to my pineaaple
It is even more sophisticated if theres a telco employee insider.
i love the way u don't say for equcational purpose :)
what is your laptop please
most browsers counter this pretty simply by detecting an unusual IP routing
Great
Sir please and please I request you create a video on how to hide payload under PDF file
How do get rid of all these penguin ghost and fire goblins?
This method will no longer work with new updates of browsers. SSLStrip will no longer function due to the implementation of SSL/TLS. Instead of the fake login page, users will see a warning message
I'm pretty sure that there are other ways to poison a Dns!
Does it works only for wifi pineapple? Or any wifi network?
you can use openwrt too or any home router with custom firmware
@@MrUncleLeon thanks bruh 🙏
VPN sponsorship needed
sad i can never get my hands on one
What kind of browser are you using on that phone? Must be a good one. This method does not work ....
I think he use a private windows of browser, if not , it doesn't work.
I expected a more elegant way to get the password
Can you tell about?
pain apple!
EH ALEX ITS BOY WTF IS GOING ON, THE C'S... AND THE INVESTIGATOR SAID YOUR MOM PAST AWAY!? WTF? ELUWENE BOY FROM KALIHI HAWAII OAHU
Next time make this more realistic. Not impressed
Lmao No That No longer works silly , TLS much ? No ?
throw in HSTS on top of that just for good measure
Amateurish! Who trusts an unsigned webpage these days? Hell, every browser warns you for it!
Hey I need some urgent help
One unknown person is harrasing me and now he deleted his account on insta I want to know his phone Or location associated with that account