This preview shows page 171 - 175 out of 334 pages.
Hacker station:PC or VM with Kali Linux connected to the same switch and subnet as the victim workstations.Steps:Execute steps 1 to 5 in the hacker station.1.Enable IP forwarding: you must configure the forwarding of packets in the hacker station, so if the NIC receivespackets that are not destined for it, forwards them anyway, it means working as a router (since the attack will be a“Man in the Middle Attack” we do not want to stop the flow of data between the victims). As root on Kali open aterminal and type:# echo 1 > /proc/sys/net/ipv4/ip_forward2.StartEttercap. Depending on the Kali version, we should find the appropriate menu (usuallySniffing &Spoofing) and runEttercapGUI (ettercap-graphical). We can seeEttercap’sGUI in Figure 160.
3.Once onEttercapselect theSniff -> Unified sniffingmenu and then select the NIC that you would use for theattack in monitor mode (in this example eth0).4.Once this step is done, we will observe that additional option menus appear. We’ll choose these submenus:Hosts-> Host lists, View -> Connections, View -> Profiles,andView -> Statistics.Figure 161 demonstrates the result.5.The information we collect will help us later in the attack. Now start the Sniffing through the menu:Start ->Start Sniffing. From this moment we capture packets, but realize that for now we only see broadcast packets plusthe traffic we generate; this is normal since we have not made any attack yet. To accelerate the discovery processwe will proceed to scan the network for active hosts from the menu:Hosts -> Scan for Hosts.Figure 160 – Ettercap’s GUI
Figure 161 – Additional tabs on Ettercap6.Now we must generate traffic on the victim workstations. We could for example start an FTP server on one of theequipment and connect to it with an FTP client from the other station. We can also browse the Internet, performping between the two machines, etc. I suggest you download the trial version of the applicationLite Serve67,which includes Web server, FTP, SMTP and Telnet.7.Back on the hacker station we should review onEttercapthe information collected in the tab “Profiles”. Herewe’ll find the PC’s that interest us and we will choose the two victims for our MITM attack (see Figure 162).
Figure 162 – Profiles collected with Ettercap8.We will now perform an ARP spoofing attack, also known as ARP poisoning. At this time our host list must bepopulated and should contain the IP and MAC addresses of discovered devices.9.We will choose now our two victims. This is done from the Host List, select the IP of the first host and click ontheAdd to Target 1button and do the same for the second host (Add to Target 2).10.At this point we can perform ARP spoofing. To do this we choose theMITMmenu-> ARP Poisoningand checktheSniff Remote Connectionsoption (see Figure 163). By reviewing the Connections tab we see thatEttercapisalready capturing traffic from the victims.