Shulou(Shulou.com)06/01 Report--

Environment building:

Objective:

Get the password used by the server accessing the ftp for the target host

Steps:

Obtain each other's host information in various ways

Turn on the forward function in kali

Do the two-way deception of arp

Grab the password of the host for packet analysis

Step 1: scan the hosts in the network segment through nmap to obtain IP and MAC addresses, or through scripts. Using arping when using scripts can increase accuracy, or you can use namp.

Step 2: turn on forward forwarding function in KAIL LINUX

If we want to implement arp spoofing on the linux host, in order not to let the deceived people find out, we have to turn on the forward function in the local firewall architecture, so that we can pretend to be the gateway without being discovered. If we do not turn on the forward function, we can also pretend to be the gateway, but the deceived person will find that he cannot surf the Internet.

Turn on the forward function in linux:

Vim / etc/sysctl.config

Net.ipv4.ip_forward=1

Sysctl-p # to make it effective

Step 3: use arpspoof to do two-way deception

Arpspoof is a fake arp response to implement ARP spoofing on both sides of the communication.

There are many tools to implement arp spoofing in kali. We use the simplest and most effective arpspoof,arpspoof is a two-way deception tool, deceiving gateway I am A, cheating An I am gateway, of course, we can only carry out one-way deception, but in the case of not being detected, it is better to use two-way deception, and turning on the forword function is a guarantee that two-way deception can be carried out without being discovered by both parties. You can think about it. Under the premise of turning on the forward function, and at the same time carrying out two-way deception, as long as the other party is not particularly professional, can not be found at all.

Arpspoof

-I specify which network card to use

-t indicates the target and deceptive information

Caught in the phenomenon of ARP deception:

Under the premise that the host that implemented the deception turned on the forward function and two-way deception, the deceived host did not have any abnormal response and was able to surf the Internet normally, but all the data packets were recorded by the host that carried out the deception. × × can roughly know what you are doing, and of course you can also find your plaintext password, such as ftp. Of course, your password on qq can not be seen, because the password of qq is encrypted.

Check with arp-an on the windows and you will find that the mac address of the gateway is the same as the mac address of a host, indicating that someone is impersonating the gateway.

Using show ip arp on a router will also find that two hosts have the same mac address, indicating that someone is impersonating the host.

There are three ways of thinking about firewall ARP × ×.

ARP static binding is the most effective method on the host, but it is too inefficient

On the server ARP firewall

Use a technology of network equipment (switch), such as DAI, etc.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.