Security+ SY0-701 · Hands-on Lab

On-Path DNS Spoofing

Authorized engagement against an isolated test segment. You'll position yourself between a workstation and its gateway, falsify a DNS answer, and redirect a domain to an attacker-controlled clone — then reason about the defenses that stop it.

Objective 2.4

Engagement brief. Cedarline Gear hired you to demonstrate the impact of an unsegmented flat network. On the lab segment 10.10.20.0/24 your Kali host is 10.10.20.50. A finance workstation, ws-finance-04 (10.10.20.115), reaches the internet through gateway 10.10.20.1. Your goal: make summitvalegear.com resolve to your own host so the workstation lands on a credential-capture clone instead of the real storefront.

Path Monitor

idle

normal route on-path interception

Host Discovery

IP address	MAC	Hostname / role
No hosts yet — run a scan of the local segment.

Target 1 (endpoint)

Target 2 (gateway)

DNS Spoof Module

Domain to forge

Redirect to IP

Add both targets and a DNS rule to arm the attack.

Victim view — ws-finance-04

🔒 https://summitvalegear.com

The workstation hasn't loaded the site yet. Reload to see what summitvalegear.com resolves to from this host.

The address bar stays the same — watch the resolved IP to see whether the answer was forged.

Task checklist

Knowledge check

Hacker name (pseudonym — no real names)

Score: 0 / 11