Powered by Blogger.
Home » » Module 06: Network Penetration Testing Methodology-Internal /4

Module 06: Network Penetration Testing Methodology-Internal /4

Written By AKADEMY on Wednesday, July 3, 2019 | 11:15 AM

Exercise 4: Performing Man-in-the-Middle Attack using Cain & Abel

Scenario

Unlike capturing network traffic in a hub-based network, it is not possible to capture traffic in a switch based network. Since most of the networks today are implemented on switch-based networks, it is not possible to capture traffic flowing between two hosts.
At this point, attackers implement techniques such as arp poisoning/MITM to capture clear-text traffic flowing between two machines in a network.
MITM is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.
MITM attacks come in many variations and can be carried out on a switched LAN.
As a penetration tester, you need to know how to capture plain text traffic in a switch-based network
In this lab, you will learn how to:
  1. Perform ARP Poisoning
  2. Launch a Man-in-the-Middle attack
  3. Sniff a network for password
Lab Duration25 Minutes
  1. Select Windows Server 2012 (Internal Network) from the Resources pane. Go to Commands and click Ctrl+Alt+Delete.
    Screenshot
  2. In the logon box enter the following credentials and press Enter:
    User Name: Administrator
    Password: Pa$$w0rd
    You can use the Type Password option from the Commands menu to enter the password.
    Screenshot
  3. Navigate to E:\ECSAv10 Module 06 Network Penetration Testing Methodology-Internal\Cain & Abel and double-click ca_setup.exe.
    Follow the steps to install Cain & Abel.
    Screenshot
  4. The WinPcap Installation pop-up appears; at the time of Cain & Abel installation. Click Don’t install.
    Screenshot
  5. Once the installation is completed, launch Cain & Abel application by double-clicking the shortcut icon of Cain & Abel on the desktop.
    Screenshot
  6. The main window of Cain & Abel appears as shown in the screenshot.
    Screenshot
  7. To configure the Ethernet card, click Configurefrom the menu bar.
    Screenshot
  8. The Configuration Dialog window appears.
    The window consists of several tabs. Click Sniffertab to select sniffing adapter.
    Select the Adapter associated with the IP address 172.20.20.123, click Apply and OK.
    Screenshot
  9. Click Start/StopSniffer (second icon from left) on the toolbar to begin sniffing.
    If a Cain Warning pop-up appears, click OK.
    Screenshot
  10. Now click the Sniffer tab and then, click the Plus(+) icon (or) right click in the window, and select Scan MAC Addresses to scan the network for hosts.
    Screenshot
  11. The MAC Address Scanner window appears. Click on the Range radio button, enter the range (172.20.20.2 - 172.20.20.20) and click OK.
    Cain & Abel starts scanning for MAC addresses and lists all those found.
    Screenshot
  12. After scanning is completed, a list of detected MAC addresses is displayed as shown in the screenshot.
    Screenshot
  13. Click the APR tab at the lower end of the window.
    Screenshot
  14. Click anywhere on the top most section in the right pane to activate the + icon.
    Screenshot
  15. Click the Plus (+) icon; the New ARP Poison Routing window opens, from which we can add IP’s to listen to traffic.
    Screenshot
  16. To monitor the traffic between two computers, select 172.20.20.12 (FTP Server Subnet D) and 172.20.20.9 (Advertisement Dept. Subnet D). Click OK.
    In this lab, we are going to log in to FTP server from Advertisement Dept. Subnet D machine.
    Screenshot
  17. Select the added IP address in the Configuration/Routed packets, and click Start/Stop APR (third icon from left) icon.
    Cain begins ARP poisoning in between these machines.
    Screenshot
  18. Log on to Advertisement Dept. Subnet D and Sign in as Administrator.
    For doing this, select Advertisement Dept. Subnet D machine from the Resources pane. Go to Commands and click Ctrl+Alt+Delete.
    Screenshot
  19. Select Administrator user in the login window.
    Screenshot
  20. In the logon box enter the password Pa$$w0rdpress Enter:
    Screenshot
  21. Click on the Close button at the top right corner of the Server Manager window.
    Screenshot
  22. Now launch a command prompt in the machine, type ftp 172.20.20.12 (IP address of FTP Server Subnet D machine) and press Enter.
    When prompted for the Username, type "Martin"and press Enter.
    When prompted for the password, type "mystery" and press Enter.
    Screenshot
  23. Switch back to Windows Server 2012 (Internal Network) machine by selecting the machine from the Resources pane. You will observe that Cain & Abel captured some packets which can be observed under the Packets field.
    Screenshot
  24. Click the Passwords tab in the Cain & Abel GUI.
    Select FTP from the left pane under the Passwords section.
    You will observe the credentials being captured by Cain & Abel as shown in the screenshot.
    Screenshot
  25. This way, you have successfully captured user credentials traversing in clear-text.
In this lab, you have learned how to capture user credentials in a switch based network.
Share this article :

0 comments:

Post a Comment

 
Trung Tâm Đào Tạo An Toàn Thông Tin Học Hacker Mũ Xám Online | Học An Ninh Mạng Trực Tuyến | CEH VIỆT NAM
Copyright © 2013. HACKER MŨ XÁM - All Rights Reserved
Web Master @ Võ Sĩ Máy Tính
Contact @ Đông Dương ICT