Learn how to use MAC Flooding to sniff traffic and ARP Cache Poisoning to manipulate network traffic as a MITM.

While it’s not required, ideally, you should have a general understanding of OSI Model Layer 2 (L2) network switches work, what a MAC table is, what the Address Resolution Protocol (ARP) does, and how to use Wireshark at a basic level. If you’re not comfortable with these topics, please check out the Netzwerk Und Linux Fundamentals modules and Wireshark Zimmer.

Holen Sie sich Hinweise zum OSCP-Zertifikat

Antworten auf die Fragen

What is your IP address?

What’s the network’s CIDR prefix?

How many other live hosts are there?

What’s the hostname of the first host (lowest IP address) you’ve found?

Can you see any traffic from those hosts? (Yay/Nay)

Who keeps sending packets to eve?

What type of packets are sent?

What’s the size of their data section? (bytes)

What kind of packets is Alice continuously sending to Bob?

What’s the size of their data section? (bytes)

Can ettercap establish a MITM in between Alice and Bob? (Yay/Nay)

Would you expect a different result when attacking hosts without ARP packet validation enabled? (Yay/Nay)

Scan the network on eth1. Who’s there? Enter their IP addresses in ascending order.

Which machine has an open well-known port?

What is the port number?

Can you access the content behind the service from your current position? (Nay/Yay)

Can you see any meaningful traffic to or from that port passively sniffing on you interface eth1? (Nay/Yay)

Now launch the same ARP spoofing attack as in the previous task. Can you see some interesting traffic, now? (Nay/Yay)

Who is using that service?

What’s the hostname the requests are sent to?

Which file is being requested?

What text is in the file?

Which credentials are being used for authentication? (username:password)

Now, stop the attack (by pressing q). What is ettercap doing in order to leave its man-in-the-middle position gracefully and undo the poisoning?

Can you access the content behind that service, now, using the obtained credentials? (Nay/Yay)

Was ist das user.txt-Flag?

You should also have seen some  rather questionable kind of traffic. What kind of remote access (shell) does Alice have on the server?

What commands are being executed? Answer in the order they are being executed.

Which of the listed files do you want?
Was ist das root.txt-Flag?



Über den Autor

Ich erstelle Notizen zur Cybersicherheit, Notizen zum digitalen Marketing und Online-Kurse. Ich biete auch Beratung zum digitalen Marketing an, einschließlich, aber nicht beschränkt auf SEO, Google- und Meta-Anzeigen und CRM-Verwaltung.

Artikel anzeigen