Monday, August 10, 2015

man in the middle - hacking

use netdiscover to find out ip if uncertain which IP range it use
use nmap to find out more info
# nmap 172.20.1.30
or
# nmap 172.20.1.1/24

used command
Arpspoof
Driftnet

setup port forwarding
Change the value in your /proc/sys/net/ipv4/ip_forward from 0 to 1 - See more at: http://www.hacking-tutorial.com/tips-and-trick/how-to-set-up-port-forwarding-in-linux-and-windows/#sthash.YQIMORR4.dpuf




Victim IP address : 192.168.8.90

Attacker network interface : eth0; with IP address : 192.168.8.93

Router IP address : 192.168.8.8

And then setting up arpspoof from to capture all packet from router to victim.
# 168.8.90 192.168.8.8

After step three and four, now all the packet sent or received by victim should be going through attacker machine.
Now we can try to use driftnet to monitor all victim image traffic. According to its website,
Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. Fun to run on a host which sees lots of web traffic.
to run driftnet, we just run this
# driftnet -i eth0

To stop driftnet, just close the driftnet window or press CTRL + C in the terminal

For the next step we will try to capture the website information/data by using urlsnarf. To use urlsnarf, just run this code
# urlsnarf -i eth0

and urlsnarf will start capturing all website address visited by victim machine.

When victim browse a website, attacker will know the address victim visited.

No comments:

Post a Comment