Scribd
Upload
212 views

Post Connection Attacks PDF

Nmap is a powerful network scanning tool that can discover open ports, running services, operating systems, connected clients and more on IP addresses or ranges of addresses. Man-in-the-middle (MITM) attacks involve an attacker placing themselves in the middle of communications between two parties without their knowledge. This is achieved through ARP spoofing using tools like arpspoof or frameworks like MITMf that can redirect traffic, sniff data, bypass HTTPS, and more. Rogue access points can also be created using tools like the Mana Toolkit to intercept wireless traffic and potentially compromise devices connected to the fake access point.

Uploaded by

harry
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
212 views

Post Connection Attacks PDF

Nmap is a powerful network scanning tool that can discover open ports, running services, operating systems, connected clients and more on IP addresses or ranges of addresses. Man-in-the-middle (MITM) attacks involve an attacker placing themselves in the middle of communications between two parties without their knowledge. This is achieved through ARP spoofing using tools like arpspoof or frameworks like MITMf that can redirect traffic, sniff data, bypass HTTPS, and more. Rogue access points can also be created using tools like the Mana Toolkit to intercept wireless traffic and potentially compromise devices connected to the fake access point.

Uploaded by

harry
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 25

Network Mapping

Nmap / Zenmap

● HUGE security scanner.


● From an IP/IP range it can discover:
○ Open ports.
○ Running services.
○ Operating system.
○ Connected clients.
○ + more
MITM Attacks

Victim

Resources
eg:internet

Victim MITM

Man In The Middle Resources


eg:internet
Address Resolution Protocol
(ARP)

→ Simple protocol used to map IP Address of a machine to its


MAC address.
ARP Request
Router
A . 2.6
.0
10
S
HA IP: 10.0.2.1
HO
W MAC: 00:11:22:33:44:20

Victim
IP: 10.0.2.7
B MAC: 00:11:22:33:44:55
IP: 10.0.2.6
MAC: 00:11:22:33:44:66
IP: 10.0.2.5
MAC: 00:11:22:33:44:44
AR
PR
Router
My esp
A Ih o nse
MA av
Ci e1
s0 0.0
0:1 .2.6 IP: 10.0.2.1
1:2
2:3 MAC: 00:11:22:33:44:20
3:4
4:6
6

C
IP: 10.0.2.7
B MAC: 00:11:22:33:44:55
IP: 10.0.2.6
MAC: 00:11:22:33:44:66
IP: 10.0.2.5
MAC: 00:11:22:33:44:44
Typical Network

Requ
Hacker e sts Access Point

Resp
onse
s

q u ests
Re
Resources
Victim o n ses
Re sp eg:internet
ARP Spoofing

Hacker I hav Access Point


e
mac victim’
add s
ress
I have the
router’s mac
address
Resources
Victim
eg:internet
ARP Spoofing

Hacker Req Access Point


uest
s
Res
pon
ses
Responses
Requests

Resources
eg:internet

Victim
ARP Spoofing

Hacker Req Access Point


uest
s
Res
pon
ses
Responses
Requests

Resources
eg:internet

Victim
ARP Spoofing
Using arpspoof

● arpspoof tool to run arp spoofing attacks.


● Simple and reliable.
● Ported to most operating systems including Android and iOS.
● Usage is always the same.

use:
arpspoof -i [interface] -t [clientIP] [gatewayIP]
arpspoof -i [interface] -t [gatewayIP] [clientIP]
ARP Spoofing
Using MITMf

● Framework to run MITM attacks.


● Can be used to :
○ ARP Spoof targets (redirect the flow of packets)
○ Sniff data (urls, username passwords).
○ Bypass HTTPS.
○ Redirect domain requests (DNS Spoofing).
○ Inject code in loaded pages.
○ And more!
use:
mitmf --arp --spoof -i [interface] --target [clientIP] --gateway [gatewayIP]
HTTPS
Problem:
● Data in HTTP is sent as plain text.
● A MITM can read and edit requests and responses.
→ not secure

Solution:
● Use HTTPS.
● HTTPS is an adaptation of HTTP.
● Encrypt HTTP using TLS (Transport Layer Security) or SSL (Secure Sockets
Layer).
Bypassing HTTPS

Problem:
● Most websites use HTTPS
→ Sniffed data will be encrypted.

Solution:
● Downgrade HTTPS to HTTP.
DNS Spoofing
● DNS → Domain Name System.
● Translates domain names to IP addresses.
● Eg: links www.google.com to the IP of Google’s server.

204.79.197.200
bing.com A

195.44.2.1
facebook.com A

zsecurity.org A 104.27.153.174

……..etc
live.com
live.com web server

facebook.com web server


204.79.197.200 Hacker User
195.44.2.1

Hacker web server


10.0.2.16 DNS server
live.com web server
204.79.197.200 Hacker User
facebook.com web server
e . com
195.44.2.1 liv

Hacker web server


10.0.2.16 DNS server
live.com web server

facebook.com web server


204.79.197.200 Hacker User
195.44.2.1 10.0.2.16

Hacker web server


10.0.2.16 DNS server
MITM
Code Injection

● Inject Javascript/HTML code.


● Code gets executed by the target browser
→ use the --inject plugin

Code can be
1. Stored in a file --js-file or --html-file
2. Stored online --js-url or --html-url
3. Supplied through the command line --js-payload or --html-payload
Creating a Fake Access Point
Using Mana-Toolkit

● Tools run rogue access point attacks.


● It can:
○ Automatically configure and create fake AP.
○ Automatically sniff data.
○ Automatically bypass https.
○ ….etc
Creating a Fake Access Point
Using Mana-Toolkit
● Tools run rogue access point attacks.
● It can:
○ Automatically configure and create fake AP.
○ Automatically sniff data.
○ Automatically bypass https.
○ ….etc

Mana has 3 main start scripts:


1. start-noupstream.sh - starts fake AP with no internet access.
2. start-nat-simple.sh - starts fake AP with internet access.
3. start-nat-full.sh - starts fake AP with internet access, and automatically
starts sniffing data, bypass https.
ARP Spoofing

Hacker Req Access Point


uest
s
Res
pon
ses
Responses
Requests

Resources
eg:internet

Victim
Typical Network
Client 1 Reque
sts

Respo
n ses
s
Request
Access Point
Client 2 es internet
Respons
e sts
e qu
R
n ses
o
sp
Client 3 Re
Creating a Fake Access Point

Client 1 Reque
sts

Respo
n ses
s
Request
Hacker
Client 2 es
Respons
e sts internet
e qu
R
n ses
o
sp
Client 3 Re
Creating a Fake Access Point

Hacker

internet
Creating a Fake Access Point

Wireless adapter that Any interface with


supports AP mode internet access

Hacker

internet

You might also like