Subscription alerts

MITM Lab

MITM Lab

MITM (s one in which the attacker secretly intercepts and relays messages between two parties who believe they are communicating directly with each other.)

MITM requires 3 separate entities. The attacker, victim and web server. Since this is a lab there are multiple controlled variables like the attacker and victim reside on the same LAN subnet with a single gateway. Hence, we only need to spoof the victim and the gateway.

This Lab will be ran on Kali and Windows simultaneously. Kali user would be the attacker and Windows user would be the victim.

Note: Both these systems reside on the LAN subnet for pedagogical purpose of this lab.

Retrieve IP addresses of the Windows machine (Victim/client) and the Web server.

Open Common Prompt and type ifconfig /all. Notate the MAC and IP address.

Would the attack work if the URL is secured? http vs https: ?

Note: you can include any valid website address.

Switch the Kali.

Open three Terminal windows to make the victim believe we are the web server and the server to believer we are the victim. Terminal can be found on the dock to the left by default.

Enable IP forwarding - Type echo 1 /proc/sys/ipv4/ip_forward

Would be achieve the results without ip_forward? Why/Why not?

Use arpspoof command:

Note: I have used the IP addresses of web server and victims machine for explanation purposes only. Make sure to input the actual IP addresses of the victim and web server respectively.

Arpspoof Victim to Server - Type in arpspoof 192.168.1.15 192.168.1.1 , .15 belongs to the victim and .1 belongs to the server.

Arpspoof server to victim - arpspoof 192.168.1.1 192.168.1.15.

Executing these commands enables switching, making the victim believe YOU, this host, the attacker is the server and server believe YOU are the victim (its client)

Upload a screenshot after executing arspoof command to ensure the swap of the victim and servers address.

Now, we will make a temporary server with the help of Social Engineering toolkit.

Open a fresh terminal window and type in setoolkit to import the social engineering toolkit and press Enter.

Note: If this is your first time importing or using SET, you will have to accept the Terms and Conditions. To do so, type in y upon prompt.

To select any of the attacks/tools, press the co-related number followed by the enter key.

In this lab, we will be using Social-Engineering Attacks. Type 1 and press enter as shown below.

Next, Select Website Attack Vectors. Type 2 and press enter.

Next, Select Credential Harvester Attack Method. Type 3 and press enter.

Next, Select Site Cloner. Type 2 and press enter.

The system will prompt to put an IP address. Enter your, the attackers, IP address followed by the website you would like to clone. In this case it is 192.168.1.18

We chose Facebook but in reality, the attacker can chose any website, preferably with a username and password fields in the homepage.

Once you press Enter, SET will start cloning the login page of that website. Your screen should look similar to the screenshot below.

Note: While operating the SET at any given time you wish to go back or restart SET. Input 99.

Now that we have setup a temporary web server cloning the desired webpage, we can spoof the DNS to carry out a stealthy attack. DNS spoof will enable the attacker to re-name the cloned site to a appealing name which helps deceive the victim to open that webpage and enter their credentials.

In other words, asking the victim to open 192.168.1.18 (attackers IP) would result in getting caught. Instead, asking the victim to visit a webpage named different yet very close to the actual site. Like HYPERLINK "http://logmein.facebook.com" logmein.facebook.com".

Lets start the DNS spoofing process by creating a text file. To do so type the following in terminal and press enter.

pico hosts.txt

It will open a blank page. Type your IP (attackers) IP followed by space followed by the name you wish to provide to the cloned (fake) webpage. For example: I used HYPERLINK "http://logmein.facebook.com" logmein.facebook.com

Press CTRL + X (control and X) to save and exit.

When the system prompts to save, Press y. You will then be asked many other options as displayed below. Press Enter to exit the screen.

Open a fresh terminal window and type the following command to start DNSspoof.

dnsspoof -i eth0 -f hosts.txt

Switch to Windows and open a web browser.

Navigate to the DNS name you gave to the cloned webpage and login with valid/invalid credentials.

Note: The reason you can use valid or invalid credentials is because, the purpose of this lab is to show you how to get/extract credentials. Since the victim would not know they are being attacked, by default they would enter their valid credentials.

What would happen after you input any (valid/invalid) credentials on the cloned website?

Switch back to Kali

You should see the victims credentials in the terminal window.

Now the attacker can login with those credentials and change the password, disabling the client/victim to get access.

Upload a screenshot of your results. It should be similar to the one listed above, showing the victims credentials

This scenario facilitated to gain the victims credentials. What other scenarios can MITM be useful for? Name at least three.

Using Kali VM linux commands please solve it