Hacking tool : Man in the middle attacks 1
One of the most popular forms of spoofing attacks is known as a man in the middleattack. There are two ways that you will be able to use this one. Some hackers
will use it as a passive attack meaning that they will just get into the network and
look around, sniffing out the system and looking at information, but not causing any
issues. The hacker also has the option of doing an active attack. This is when they
start causing damage and people finally realize that they are on the network.
A man in the middle attack will be done when the hacker conducts what is known
as ARP spoofing. The hacker is able to use this in order to send out false ARP
messages over their target network. When they are successful, these fake messages
will help the hacker to link up with another user through the IP address. The user
will need to be from someone who already has access to the system or it will not
work. Once the hacker is able to link up to the IP address, they will start to
receive the data that this particular user sends over the IP address.
To keep things simple, the hacker is going to take over a valid IP address (or one
that is already allowed on the network) and then they will make it their own. The
hacker will then be able to receive communication, files, and any other
information that the original user is supposed to get. They get to choose how they
would like to use this information. They could just take a look at it and wait things
out, or they could change up the information before sending it on.
There are a few different attacks that the hacker can do once they get attached to
an IP address. These include:
Session hijacking: this type of attack will be when the hacker is able to use the
fake ARP to steal the ID of the user for that session. This allows the hacker to get
ahold of the information that goes through and at some point they can use this
information to gain access to this account.
Denial of service attack: with this attack, the ARP spoof will link several of the IP
addresses back to the target. The data that often goes to the other IP addresses willthen be sent over to one device, rather than to the separate ones they are supposed
to. This overloads the system and can shut out everyone.
Man in the middle attack: this attack will let the hacker get into a network, but they
will remain hidden. Since no one else is able to see that the hacker is there, they
can intercept messages, change information, and even more.
Now that you have a good idea of how man in the middle attacks work, it is
important to learn how to complete one. Here we will use the tool known as
Backtrack in order to create our own man in the middle attack.
First, you need to figure out what kind of data you want to collect before you get
started. You can use a tool that is known as Wireshark to help you out. These tools
help you to see what traffic is going through and it is a good starting point if you
are uncertain about this.
Now you should go to your wireless adapter and make sure that you have turned it
over to monitor mode. This is a good idea because it allows you to get a good
idea of what traffic is coming in and out of your connection. You will even be able
to see traffic that isn’t supposed to be on the network. You can use this option if
you are on a hubbed network because their security isn’t as high as you would find
on switched networks.
This can be really useful if you already know the information type that is being
sent by the users who are on the same switch. You can also work to bypass this
completely. To do this, you would need to work to make some changes to the
entries that are on your CAM table. You want to map out which IP address and
MAC address are sending out this information back and forth to each other. When
you are able to change the information on these entries, it is easy for the hacker to
get ahold of the traffic they want, the information that is supposed to go to another
computer. This is where the ARP spoofing attack comes in.
At this point, you will need to get your Backtrack software working. You can pull
it up and then make sure that all three terminals that go with it will be up as well.
Next, take the MAC address from your target user and then replace it with the
MAC address that your computer is using. The code that you will use for this part
will be “arpspoof [client IP] [server IP].
Once this is done, you can then reverse these IP addresses into the same string that
you just did. What this does is basically tell the server that instead of sending the
information to the original user, it should send it to you. This allows you the
authorization to get into your target system and perform the tasks that you want.
This method is going to turn the hacker into the client and the server, allowing
them to take the packets of information that are sent through and make changes as
needed before sending it on.
For those who are using Linux, you can use the built in feature known as
ip_forward, which will make it easier to forward the packets you are receiving.
Once you turn this feature on, you will be able to go back into Backtrack and
forward these packets with the command echo 1>/proc/sys/net/ipv4/ip_forward.
This command is important because it will help you to be located between the
server and their client. You will start to get the information that goes on with them.
In addition to reading the information, you can take it, make changes, and more.
From here, we need to take a look at the traffic. You have front row access to
seeing this information without anyone on the network being able to notice you.
The Backtrack tools will provide you with everything that you need to sniff out
your traffic and will give you a good picture of what is going on, but you must
make sure that you activate this feature so that it starts working.
At this point, it is just a waiting game. You need to wait for your client to log into
this server. Once the client is on the server, you will receive information on their
password and username without having to do any extra work since the users and
the administrators are all going to use the same credentials on the system, you can
now use these as well to get on.
These credentials are going to be important because it makes things easy to get
into the network and see the information that you would like. The hacker will be
right in the middle of the network, receiving all the information that they want, but
no one else will be able to see them there. And that is how you complete your man
in the middle attack.
will use it as a passive attack meaning that they will just get into the network and
look around, sniffing out the system and looking at information, but not causing any
issues. The hacker also has the option of doing an active attack. This is when they
start causing damage and people finally realize that they are on the network.
A man in the middle attack will be done when the hacker conducts what is known
as ARP spoofing. The hacker is able to use this in order to send out false ARP
messages over their target network. When they are successful, these fake messages
will help the hacker to link up with another user through the IP address. The user
will need to be from someone who already has access to the system or it will not
work. Once the hacker is able to link up to the IP address, they will start to
receive the data that this particular user sends over the IP address.
To keep things simple, the hacker is going to take over a valid IP address (or one
that is already allowed on the network) and then they will make it their own. The
hacker will then be able to receive communication, files, and any other
information that the original user is supposed to get. They get to choose how they
would like to use this information. They could just take a look at it and wait things
out, or they could change up the information before sending it on.
There are a few different attacks that the hacker can do once they get attached to
an IP address. These include:
Session hijacking: this type of attack will be when the hacker is able to use the
fake ARP to steal the ID of the user for that session. This allows the hacker to get
ahold of the information that goes through and at some point they can use this
information to gain access to this account.
Denial of service attack: with this attack, the ARP spoof will link several of the IP
addresses back to the target. The data that often goes to the other IP addresses willthen be sent over to one device, rather than to the separate ones they are supposed
to. This overloads the system and can shut out everyone.
Man in the middle attack: this attack will let the hacker get into a network, but they
will remain hidden. Since no one else is able to see that the hacker is there, they
can intercept messages, change information, and even more.
Now that you have a good idea of how man in the middle attacks work, it is
important to learn how to complete one. Here we will use the tool known as
Backtrack in order to create our own man in the middle attack.
First, you need to figure out what kind of data you want to collect before you get
started. You can use a tool that is known as Wireshark to help you out. These tools
help you to see what traffic is going through and it is a good starting point if you
are uncertain about this.
Now you should go to your wireless adapter and make sure that you have turned it
over to monitor mode. This is a good idea because it allows you to get a good
idea of what traffic is coming in and out of your connection. You will even be able
to see traffic that isn’t supposed to be on the network. You can use this option if
you are on a hubbed network because their security isn’t as high as you would find
on switched networks.
This can be really useful if you already know the information type that is being
sent by the users who are on the same switch. You can also work to bypass this
completely. To do this, you would need to work to make some changes to the
entries that are on your CAM table. You want to map out which IP address and
MAC address are sending out this information back and forth to each other. When
you are able to change the information on these entries, it is easy for the hacker to
get ahold of the traffic they want, the information that is supposed to go to another
computer. This is where the ARP spoofing attack comes in.
At this point, you will need to get your Backtrack software working. You can pull
it up and then make sure that all three terminals that go with it will be up as well.
Next, take the MAC address from your target user and then replace it with the
MAC address that your computer is using. The code that you will use for this part
will be “arpspoof [client IP] [server IP].
Once this is done, you can then reverse these IP addresses into the same string that
you just did. What this does is basically tell the server that instead of sending the
information to the original user, it should send it to you. This allows you the
authorization to get into your target system and perform the tasks that you want.
This method is going to turn the hacker into the client and the server, allowing
them to take the packets of information that are sent through and make changes as
needed before sending it on.
For those who are using Linux, you can use the built in feature known as
ip_forward, which will make it easier to forward the packets you are receiving.
Once you turn this feature on, you will be able to go back into Backtrack and
forward these packets with the command echo 1>/proc/sys/net/ipv4/ip_forward.
This command is important because it will help you to be located between the
server and their client. You will start to get the information that goes on with them.
In addition to reading the information, you can take it, make changes, and more.
From here, we need to take a look at the traffic. You have front row access to
seeing this information without anyone on the network being able to notice you.
The Backtrack tools will provide you with everything that you need to sniff out
your traffic and will give you a good picture of what is going on, but you must
make sure that you activate this feature so that it starts working.
At this point, it is just a waiting game. You need to wait for your client to log into
this server. Once the client is on the server, you will receive information on their
password and username without having to do any extra work since the users and
the administrators are all going to use the same credentials on the system, you can
now use these as well to get on.
These credentials are going to be important because it makes things easy to get
into the network and see the information that you would like. The hacker will be
right in the middle of the network, receiving all the information that they want, but
no one else will be able to see them there. And that is how you complete your man
in the middle attack.
