⚔️Simulate MITM Attack

Introduction

Man in the Middle Attack (MITM) is a type of security attack in which an attacker infiltrates and manipulates communications between two supposedly trusted parties. These attackers can spy on, alter, or even inject data into ongoing communications without the users involved knowing.

Man in the Middle attacks have great potential for danger because they can result in the theft of personal information, such as passwords, financial information, or other sensitive data. Additionally, attackers can manipulate communications to harm one or both parties involved.

Man in the Middle Attacks can occur through a variety of techniques, but essentially, the attacker places himself in the middle of supposedly secure communications. This can be done by exploiting security holes or using certain techniques which we will discuss next.

Trying to Attack the Client With MITM

View the ARP Table Before the Positioning Process

View the ARP Table before the positioning process. ARP (Address Resolution Protocol) is a protocol used to translate IP addresses into MAC addresses on a Local Area Network. A host will send an ARP request broadcast to obtain the MAC address of the destination host.

arp -a

ip address: 11.1.25.254
mac address: 00-0c-29-2e-cd-6d

ip address: 11.1.25.2
mac address: 00:0c:29:f5:1e:f6

Windows
ip address: 11.1.25.2
mac address: 00:0c:29:f5:1e:f6

Debian10
ip address: 11.1.25.254
mac address: 00:0c:29:2e:cd:6d

ARP Posisioning Attack From KaliLinux

application>sniffing&spoofing>ettercap-graphical

*On ethercap select the menu tab:
Sniff>unifield sniffing..

*in ettercap primary interfaces select:
eth0

*Select the host menu tab:
Scan for hosts

*In the host list, there are 2 scanned IP addresses and a MAC address
a. Click to select the target computer IP and click add to target 1 (enter the target PC, namely Windows, into target1.)
b. Click to select the router computer IP and click add to target 2 (insert the router PC into target 2)
Select the MITM menu tab >ARP Positioning

*On optimal parameters select
Put a check mark on "sniff remote connection"

View the ARP Table After the Positioning Process

arp -a

ip address: 11.1.25.254
mac address: 00-0c-29-be-b6-b6

ip address: 11.1.25.2
mac address: 00:0c:29:be:b6:b6

Windows
ip address: 11.1.25.2
mac address: 00:0c:29:f5:1e:f6

Debian10
ip address: 11.1.25.254
mac address: 00:0c:29:2e:cd:6d

Information

Before the ARP process, Windows-Client provides all information to the Router's Mac Address. But after the ARP process is carried out, Windows-Client provides information to KaliLinux's Mac Address and then KaliLinux will forward the information to the Router.

So, KaliLinux will get all the information from the Windows-Client via the Router

Testing Man In The Middle Attack

Record FTP Connection

Testing the FTP password From Windows-Client, try doing FTP to the router via the command in cmd

ftp 11.1.25.254
username : rizwan1
password : 123

*results of ftp user & password records from the client

Record HTTP Connection to Database / Sensitive Data

Testing the Web Server/HTTP server password from Windows-Client by browsing the .php database to test the website http://testphp.vulnweb.com/login.php

username : rizwan1
password : rizwanpemula

*result of username & password database from client

PreviousPort Forwarding For Local SSH, WebServer, and FTP Service NextSimulate DDOS Attack

Last updated 4 months ago