The access to this course is restricted to Hakin9 Premium or IT Pack Premium Subscription
Ray holds a bachelor’s degree in computer information systems and a master’s degree in organizational leadership. His current certifications are CISSP, CEH, CCNA, N+ and the PMP. Ray freelances as an online IT instructor that includes CISSP, CEH and CCNA courses. He has also taught for various organizations on hacking with the Metasploit framework, scripting with Python and Ruby as well as other tools used for hacking. He occasionally provides IT security consultancy for various organizations. Ray resides in Augusta, Georgia USA. He has over 15 years of military and civilian IT security and project management experience.
ARP Poisoning and the Man-in-the-Middle Attack
Certificate of completion, 4 CPE credits
Course is self-paced
In this course, we will conduct an Arp Poisoning/Spoofing attack using Cain and Abel. With this type of attack we can set up a Man-in-the-Middle exploit which allows us to sniff traffic between two or more workstations and capture sensitive information such as credentials.
- The course is self-paced – you can visit the training whenever you want and your content will be there.
- Once you’re in, you keep access forever, even when you finish the course.
- There are no deadlines, except for the ones you set for yourself.
- Your time will be filled with videos, and exercises.
Module 1 – Setup lab and conduct initial ARP Poisoning
Task 1 – Setup VM workstation lab
In this task, we will setup two virtual machines using Virtual Box. By doing so, we are able to replicate an actual Ethernet LAN that we are able to conduct our lab in. We will be using Windows XP and/or Windows 7 for both victim workstation VM's and as the attacker. An unlicensed copy of Windows XP and 7 will work for this exercise in order to demonstrate ARP Poisoning and the Main-in-the-Middle Attack.
- Install Virtual Box.
- Install Operating System (Win XP and/or Windows 7).
- Setup LAN configuration.
Task 2 – Install Cain and Abel and conduct ARP Poisoning Attack
By using Cain and Abel (CaA), we will conduct an ARP poisoning attack. This allows us to fool the two victim workstations in believing that they are communicating with each other; however, since we have poisoned their ARP cache, we redirect their layer 2 destination address to us as the attacker instead.
- Initiate Arp Poisoning between to VM's.
- Conduct Man-in-the-Middle attack and capture plaintext credentials.
- Replay plaintext credentials for authentication.
Task 3 – Replay Credentials
In this task, we will replay the credentials that CaA sniffed and recorded for us. We will also crack the hash values of our victims using CaA in order to again authentication to access system resources.
- Conduct dictionary attack using CaA.
- Conduct brute force attack using CaA.
- Capture HTTPS credentials and then conduct replay attack.
Module 2 – Using Wireshark to analyze traffic and steal cookies
Task 1 – Install Wireshark
We will install Wireshark, which is an open application that allows us to analyze network traffic. It can also be used to enhance our MITM attack by sniffing information that we are looking for such as cookies.
- Install Wireshark. Go to wireshark.org and download and install on attackers computer.
- Select default location and requirements.
- Ensure that our interfaces that we using are selected for our VM and not the actual host.
Task 2 – Capturing and analyzing packets.
In this portion, we will use certain filters to allow us to look at only the critical information that we require in order to view and capture cookies.
- Understand how filters work.
- Select our virtual interface and apply filters.
- Select data stream to copy and reference later as we conduct an advanced MITM attack.
Task 3 – Log into a victim VM and surf the internet.
In order for this exploit to work, we will have to create internet activity in order to generate credentials. This allows us to simulate what an actual victim might do.
- Create a bare-bone Facebook or Gmail account.
- Ensure your password is simple and not too complex. The more complex your password is, it will take exponentially longer to crack.
- Active Wireshark and conduct packet inspection.
Module 3 – Select packet and retrieve site cookie information
Task 1 – Select filter in Wireshark
In this portion, we will use our filters in order to segregate the vast amount of data that Wireshark generated. By doing so, we are able to isolate and select the cookie that we need in order to replay a victim’s account.
- Select virtual interface on the attackers’ workstation.
- Select and input victim’s IP address and destination to sniff cookies from.
- Allow Wireshark to conduct packet inspection.
Task 2 – Capture packet inspection
Once traffic has been generated and our filters applied, we will now pull the packet information from Wireshark.
- Open Wireshark and select packet.
- Retrieve cookie information from the session layer.
- Open CaA and crack hashed credentials.
Task 3 – Replay credentials that was cracked by CaA
After we cracked the credentials using CaA, we should be able to access the account now.
- Go to the accounts’ website such as Facebook or Gmail.
- Input the cracked credentials.
- Verify if you are able to successfully log on.
If you have any questions, please contact our eLearning Manager at [email protected].