Scribd
Upload
184 views

Operation Sheet 3.1: Man-In-The-Middle Attack Using Ettercap

1. The document discusses setting up a man-in-the-middle attack using Ettercap on a test network with Alice and Bob as victims and Eve as the attacker. 2. It provides instructions for configuring the victim VMs for Alice and Bob and the attacker VM for Eve, and explains how to use Ettercap to perform ARP poisoning to intercept traffic between Alice and Bob. 3. The key steps involve using Ettercap to associate Eve's MAC address with the IP addresses of Alice and Bob, allowing Eve to sniff their network traffic and potentially alter it.

Uploaded by

ኣስፋ ሙሉ
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
184 views

Operation Sheet 3.1: Man-In-The-Middle Attack Using Ettercap

1. The document discusses setting up a man-in-the-middle attack using Ettercap on a test network with Alice and Bob as victims and Eve as the attacker. 2. It provides instructions for configuring the victim VMs for Alice and Bob and the attacker VM for Eve, and explains how to use Ettercap to perform ARP poisoning to intercept traffic between Alice and Bob. 3. The key steps involve using Ettercap to associate Eve's MAC address with the IP addresses of Alice and Bob, allowing Eve to sniff their network traffic and potentially alter it.

Uploaded by

ኣስፋ ሙሉ
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 19

Operation Sheet 3.

1: Man-in-
the-middle attack using
Ettercap
ICT640 – Information Security
Lab objectives

After this lab we expect all of you to know:


1. what a MITM is,
2. what are the different types of MITM attacks and
3. how you can perform them using ettercap…
4. Lastly how to save your face from such attacks...
Lab Structure

➔ Hands-On → Make yourself home

➔ Listening (ARP Poisoning)

➔ Modification (Downgrading of SSL and SSH)

➔ Save your face with some countermeasures


Lab setup

Bob
Alice
(Client/Server)
(Client/Server)

Eve
(Eavesdropper)
Victim VM → Alice
- Victim VM → ubuntu 18.10
- ifconfig
- It should be
192.168.56.7

- root password → 123


Victim VM → Alice

1. Install Apache Web Server

Sudo su

Sudo apt-get install apache2

2. Install FTP Server

Sudo apt-get install vsftpd


Victim VM → Alice

3. Configure FTP Server

Sudo nano /etc/vsftpd.conf

anonymous_enable = YES

4. Restart Apache and FTP Server


Sudo /etc/init.d/vsftpd restart Sudo
/etc/init.d/apache2 restart
Victim VM → Bob
Victim VM → Windows 7

- Open the terminal


- ipconfig
- It should be 192.168.56.8
- Start the WampServer

- root password → 123


Attacker VM → Eve
- Attacker VM → Kali Linux
ifconfig
- It should be
192.168.56.9

- root password → 123


ARP Poisoning: Concept
An attacker associates his MAC address with the IP address of another host,
causing any traffic meant for that IP address to be sent to the attacker instead.
ettercap
sudo ettercap -G
Overview Ettercap
Ettercap is a free and open source network security tool for man-in-the-middle attacks
on LAN used for computer network protocol analysis and security auditing.

It:

- intercepts and alters traffic on a network segment,


- captures passwords,
- Has powerful (and easy to use) filtering language that allows for custom scripting
- conducts active eavesdropping against a number of common protocols: TELNET,
FTP, POP, IMAP, rlogin, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, Napster, IRC, RIP,
BGP, SOCKS 5, IMAP 4, VNC, LDAP, NFS, SNMP, Half-Life, Quake 3, MSN, YMSG!
ARP Poisoning (1)
 Check victims’ arp table before the attack
○ arp -a
ARP Poisoning (2)
 In attacker’s machine:
○ on menu bar, click Sniff, → Unified sniffing…

○ select the proper network interface enp0s3

○ click OK
ARP Poisoning (3): attacker machine (cont.)
 to show list of machines connected to the interface:
○ on menu bar, click Hosts → Scan for hosts
○ Hosts → Hosts list

● to select the target for the attack


○ show hosts list
○ select server’s IP address, click Add to Target 1*
○ select victim’s IP address, click Add to Target 2*

● to see our current target:


○ on menu bar, click Targets → Current targets
○ Here we can see both the IP address in their
“boxes”.

*Can be viceversa. There is no concept of SRC or DST


ARP Poisoning (4): attacker machine (cont.)

 To perform the ARP poisoning attack:


○ on menu bar, click Mitm → ARP
Poisoning…
○ check Sniff remote connections
○ click OK
ARP Poisoning (4): attacker machine (cont.)

 To perform the ARP poisoning attack:


○ on menu bar, click Mitm → ARP
Poisoning…
○ check Sniff remote connections
○ click OK
ARP Poisoning (5): Check ARP Tables
How do we know that we are successful to
attack the victim?

 Check victim’s ARP table


○ arp -a
○ victim’s machine has attacker’s
MAC address for server’s IP
address

● or use the chk-poison plugin in Ettercap


○ on menu bar, click Plugin
○ select chk-poison
○ look at what ettercap says on the
lowerside window

You might also like