Ethical Hacking and Penetration Testing Guide
Yüklə 22,44 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Attack Scenario
- Evil Twin Attack
|
Attack Scenario
Once the victim connects to our fake access point, we can perform various types of attacks against him. We can either perform an ARP poisoning attack or a phishing attack or just set up a mali- cious webserver to redirect all the traffic to our webserver, whenever the victim browses websites such as facebook.com or google.com. This can be easily done by editing the contents of the /etc/ hosts file. Since we are in control of the access point, we can manipulate things that would be presented to the victim. 127.0.0.1 is our home address, so we would edit the /etc/hosts file to and we would point the hosts that we want to target say Facebook, Google, twitter etc to our Home address. So this means that the next time when victim would enter the target url in his browser say facebook.com 310 ◾ Ethical Hacking and Penetration Testing Guide he would be redirected to our address where we could launch different types of client side attacks (See Chapter 8). The following screenshot explains how the edits would look like: After you have manipulated the records, whenever the victim browses his favorite websites, say google.com, facebook.com, or yahoo.com, he will be redirected to our local IP address, where we would host our malicious SET webserver or a phishing page. You can also use evil grade to compromise the client side updating process. Evil Twin Attack An evil twin attack is a very popular type of social engineering attack against the client. The idea behind this attack is to create an access point with a name similar to what our victim’s and cause denial of service to the original access point. This would make our victim connect to our fake access point thinking that it’s the original. Furthermore an attacker would also spoof the MAC address of his interface to exactly match the MAC address of the real access point, so that it becomes much more difficult to detect. Let’s see how we would perform this attack in the real world: 1. We would use airodump-ng to scan for all neighboring access points. 2. We would note down the BSSID and change the MAC address of our interface to exactly match the BSSID of the real access point. 3. Then we would launch a fake access point with the same name as the original one. 4. Finally we would perform a deauthentication attack with mk3 or aireplay. |