You're reading from Ethical Hacking Workshop Explore a practical approach to learning and applying ethical hacking techniques for effective cybersecurity

Product type Paperback

Published in Oct 2023

Publisher Packt

ISBN-13 9781804612590

Length 220 pages

Edition 1st Edition

Concepts

Cybersecurity

Authors (2):

Rishalin Pillay

Mohammed Abutheraa

View More author details

Table of Contents (13) Chapters

Preface

1. Part 1:Network Fundamentals

2. Chapter 1: Networking Primer FREE CHAPTER

3. Chapter 2: Capturing and Analyzing Network Traffic

4. Chapter 3: Cryptography Primer

5. Part 2: Breaking and Entering

6. Chapter 4: Reconnaissance

7. Chapter 5: Scanning

8. Chapter 6: Gaining Access

9. Part 3: Total Immersion

10. Chapter 7: Post-Exploitation

11. Index

Why subscribe?

12. Other Books You May Enjoy

Putting what you have learned into practice

With the lab set up, let’s perform an ARP spoofing attack. In this attack, we will send malicious packets to the Windows 10 machine spoofing the MAC address of the pfSense router. In my environment, the pfSense router has an IP address of 192.168.1.1 and the Windows 10 machine has an IP address of 192.168.1.20.

Before we begin, we will enable Kali to perform packet forwarding using the following commands:

$ sudo -i
$ echo 1 > /proc/sys/net/ipv4/ip_forward

From the Kali machine, open a Terminal window and issue the following command. This will begin to spoof ARP packets toward the Windows 10 machine:

$ sudo arpspoof -i eth0 -t 192.168.1.20 192.168.1.1

The command will continue to run indefinitely until you cancel it with the Ctrl + C key sequence. The output will look as follows:

Figure 1.15 – ARP spoofing the Windows 10 machine

Since we want to intercept traffic and perform an MITM attack, we will conduct an arpspoof attack toward the router. Here, we are telling the router that all traffic destined to the MAC address belonging to 192.168.1.20 (Windows 10 machine) is our MAC address (Kali Machine). Kali will then perform the packet forwarding between the router and the Windows 10 machine.

In a new Terminal window, run the following command. This will start to spoof ARP packets towards the pfSense router:

$ sudo arpspoof -i eth0 -t 192.168.1.1 192.168.1.20

The output will look as follows:

Figure 1.16 – ARP spoofing the pfSense router

As the two commands run, both the pfSense router and the Windows 10 machine should now have poison ARP entries. From here, we can intercept the packets and see all the communication between the Windows 10 machine and the router.

A great tool to quickly view web traffic is called URLSnarf, which is part of the dSniff suite. You can try this out in your lab by entering the following command:

$ sudo urlsnarf -i eth0

This command will inspect all web traffic and provide you with the URLs that are being accessed. A sample of this can be seen in the following screenshot:

Figure 1.17 – Viewing URLs accessed by the target with urlsnarf

If you want to capture all the traffic, this is where you can make use of Wireshark. Using what you have learned earlier, launch Wireshark on Kali Linux and perform a packet capture on the interface that you are using for the ARP spoofing attack. Do you see anything interesting? Generate some web traffic from the target machine and look at the packet capture – for example, browse to a website, log in, and look at the packet captures.

You're reading from Ethical Hacking Workshop Explore a practical approach to learning and applying ethical hacking techniques for effective cybersecurity

Table of Contents (13) Chapters

Putting what you have learned into practice

Authors (2)

Personalised recommendations for you