International Journal of Scientific & Technology Research

Home About Us Scope Editorial Board Blog/Latest News Contact Us
10th percentile
Powered by  Scopus
Scopus coverage:
Nov 2018 to May 2020


IJSTR >> Volume 9 - Issue 4, April 2020 Edition

International Journal of Scientific & Technology Research  
International Journal of Scientific & Technology Research

Website: http://www.ijstr.org

ISSN 2277-8616

Utilization Of Usbdriveby And Social-Engineer Toolkit (SET) For DNS Spoofing Attacks On Windows Operating Systems

[Full Text]



Jimmy, Ahmad Almaarif, Avon Budiono



USBDriveby, DNS Spoofing, Social Engineering, Operating System, USB-based Attack, HSTS.



Universal Serial Bus (USB) is one of the mechanisms used by many people with practical plug and play function, making data transfer fast and easy compared to other hardware. Windows has a weakness that is easily exploited on the system. There is one method of attacking social engineering using USB, USBDriveby which can exploit loopholes in Windows for people to change the hosts file and do DNS spoofing by connecting USB to the target computer. The purpose of this study is to design and analyze USBDriveby on Windows. This study is also conducted to determine whether the DNS Spoofing attack on the target computer using USBDriveby can be done. The result is that DNS Spoofing testing using USBDriveby was successfully carried out on windows systems and websites that did not activate HTTP Strict Transport Security (HSTS).



[1] K., Orrey, A Survey of USB Exploit Mechanisms, profiling Stuxnet and the possible adaptive measures that could have made it more effective. Kevin Orrey, MSc. 1–27, 2011.
[2] I., Richardus, Social Engineering E-Artikel Sistem Dan Teknologi Informasi Vol. 999., 2013.
[3] W3schools, OS Statistics, 2019, Accessed on June 28, 2019. [Online]. Available: https://www.w3schools.com/browsers/browsers_os.asp
[4] S., Vouteva, Feasibility and Deployment of Bad USB, 2015.
[5] [5] K., Samy, USBDriveby: exploiting USB in style, 2014, Accessed on Mei 20, 2019. [Online]. Available: https://samy.pl/usbdriveby/
[6] [6] S.P., Singh, & A.R., Maini, Spoofing Attacks of Domain Name System Internet, 2011.