Hacker station pc or vm with kali linux connected to

This preview shows page 171 - 175 out of 334 pages.

Hacker station: PC or VM with Kali Linux connected to the same switch and subnet as the victim workstations. Steps: Execute steps 1 to 5 in the hacker station. 1. Enable IP forwarding: you must configure the forwarding of packets in the hacker station, so if the NIC receives packets that are not destined for it, forwards them anyway, it means working as a router (since the attack will be a “Man in the Middle Attack” we do not want to stop the flow of data between the victims). As root on Kali open a terminal and type: # echo 1 > /proc/sys/net/ipv4/ip_forward 2. Start Ettercap . Depending on the Kali version, we should find the appropriate menu (usually Sniffing & Spoofing ) and run Ettercap GUI ( ettercap-graphical ). We can see Ettercap’s GUI in Figure 160.
Image of page 171
3. Once on Ettercap select the Sniff -> Unified sniffing menu and then select the NIC that you would use for the attack in monitor mode (in this example eth0). 4. Once this step is done, we will observe that additional option menus appear. We’ll choose these submenus: Hosts -> Host lists, View -> Connections, View -> Profiles, and View -> Statistics. Figure 161 demonstrates the result. 5. The information we collect will help us later in the attack. Now start the Sniffing through the menu: Start -> Start Sniffing . From this moment we capture packets, but realize that for now we only see broadcast packets plus the traffic we generate; this is normal since we have not made any attack yet. To accelerate the discovery process we will proceed to scan the network for active hosts from the menu: Hosts -> Scan for Hosts . Figure 160 – Ettercap’s GUI
Image of page 172
Figure 161 – Additional tabs on Ettercap 6. Now we must generate traffic on the victim workstations. We could for example start an FTP server on one of the equipment and connect to it with an FTP client from the other station. We can also browse the Internet, perform ping between the two machines, etc. I suggest you download the trial version of the application Lite Serve 67 , which includes Web server, FTP, SMTP and Telnet. 7. Back on the hacker station we should review on Ettercap the information collected in the tab “Profiles”. Here we’ll find the PC’s that interest us and we will choose the two victims for our MITM attack (see Figure 162).
Image of page 173
Figure 162 – Profiles collected with Ettercap 8. We will now perform an ARP spoofing attack, also known as ARP poisoning. At this time our host list must be populated and should contain the IP and MAC addresses of discovered devices. 9. We will choose now our two victims. This is done from the Host List, select the IP of the first host and click on the Add to Target 1 button and do the same for the second host ( Add to Target 2 ). 10. At this point we can perform ARP spoofing. To do this we choose the MITM menu -> ARP Poisoning and check the Sniff Remote Connections option (see Figure 163). By reviewing the Connections tab we see that Ettercap is already capturing traffic from the victims.
Image of page 174
Image of page 175

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture