Port stealing and ARP poisoning attack simulation with NETKIT
Man-in-the-Middle in ARP/DNS Poisoning Phishing site
-
Upload
willyfoofoo -
Category
Technology
-
view
244 -
download
3
description
Transcript of Man-in-the-Middle in ARP/DNS Poisoning Phishing site
![Page 1: Man-in-the-Middle in ARP/DNS Poisoning Phishing site](https://reader033.fdocuments.in/reader033/viewer/2022052307/55937cdf1a28ab003b8b47ec/html5/thumbnails/1.jpg)
Razumevanje Man-in-the-Middle in ARP/DNS Poisoning
Phishing siteNapadi znotraj LAN/WLAN
Omrežja
![Page 2: Man-in-the-Middle in ARP/DNS Poisoning Phishing site](https://reader033.fdocuments.in/reader033/viewer/2022052307/55937cdf1a28ab003b8b47ec/html5/thumbnails/2.jpg)
Možni napadi
• ARP spoofing -• DNS spoofing• DNS poisoning -• Port stealing/mirroring• DHCP spoofing• ICMP redirection• Traffic tunneling
![Page 3: Man-in-the-Middle in ARP/DNS Poisoning Phishing site](https://reader033.fdocuments.in/reader033/viewer/2022052307/55937cdf1a28ab003b8b47ec/html5/thumbnails/3.jpg)
ARP spoofing
• Dve napravi v omrežju računalnik in router
![Page 4: Man-in-the-Middle in ARP/DNS Poisoning Phishing site](https://reader033.fdocuments.in/reader033/viewer/2022052307/55937cdf1a28ab003b8b47ec/html5/thumbnails/4.jpg)
ARP spoofing
![Page 5: Man-in-the-Middle in ARP/DNS Poisoning Phishing site](https://reader033.fdocuments.in/reader033/viewer/2022052307/55937cdf1a28ab003b8b47ec/html5/thumbnails/5.jpg)
ARP spoofing
• Router odgovori z IP-jem in MAC naslovom
![Page 6: Man-in-the-Middle in ARP/DNS Poisoning Phishing site](https://reader033.fdocuments.in/reader033/viewer/2022052307/55937cdf1a28ab003b8b47ec/html5/thumbnails/6.jpg)
ARP spoofing
• Računalnik si zapomni mac/IP routerja za nadaljnjo komunikacijo
![Page 7: Man-in-the-Middle in ARP/DNS Poisoning Phishing site](https://reader033.fdocuments.in/reader033/viewer/2022052307/55937cdf1a28ab003b8b47ec/html5/thumbnails/7.jpg)
ARP spoofing
• Napadalec pošlje prirejen ARP odgovor ki vsebuje routerjev IP in napadalčev MAC
![Page 8: Man-in-the-Middle in ARP/DNS Poisoning Phishing site](https://reader033.fdocuments.in/reader033/viewer/2022052307/55937cdf1a28ab003b8b47ec/html5/thumbnails/8.jpg)
man in the middle
• Žrtev popravi prejšnji vnos v tabeli • Tako začne pošiljati ves promet k napadalcu
![Page 9: Man-in-the-Middle in ARP/DNS Poisoning Phishing site](https://reader033.fdocuments.in/reader033/viewer/2022052307/55937cdf1a28ab003b8b47ec/html5/thumbnails/9.jpg)
![Page 10: Man-in-the-Middle in ARP/DNS Poisoning Phishing site](https://reader033.fdocuments.in/reader033/viewer/2022052307/55937cdf1a28ab003b8b47ec/html5/thumbnails/10.jpg)
Tabela naprav v omrežju
• Prikaz naprav v programu Cain & Abel• Izberemo med katerimi napravami želimo
prestrezati promet
![Page 11: Man-in-the-Middle in ARP/DNS Poisoning Phishing site](https://reader033.fdocuments.in/reader033/viewer/2022052307/55937cdf1a28ab003b8b47ec/html5/thumbnails/11.jpg)
Cain & Abel
• Pregled komunikacije med napravami
![Page 12: Man-in-the-Middle in ARP/DNS Poisoning Phishing site](https://reader033.fdocuments.in/reader033/viewer/2022052307/55937cdf1a28ab003b8b47ec/html5/thumbnails/12.jpg)
Cain & Abel
• Pogled katere spletne strani žrtev obiskuje, in možna uporabniška imena in gesla
![Page 13: Man-in-the-Middle in ARP/DNS Poisoning Phishing site](https://reader033.fdocuments.in/reader033/viewer/2022052307/55937cdf1a28ab003b8b47ec/html5/thumbnails/13.jpg)
Wireshark
• Lahko filtriramo promet glede na to kaj iščemo
• V našem primerju iščemo cookie (http)
![Page 14: Man-in-the-Middle in ARP/DNS Poisoning Phishing site](https://reader033.fdocuments.in/reader033/viewer/2022052307/55937cdf1a28ab003b8b47ec/html5/thumbnails/14.jpg)
Primer cookia
![Page 15: Man-in-the-Middle in ARP/DNS Poisoning Phishing site](https://reader033.fdocuments.in/reader033/viewer/2022052307/55937cdf1a28ab003b8b47ec/html5/thumbnails/15.jpg)
DNS poisoning
![Page 16: Man-in-the-Middle in ARP/DNS Poisoning Phishing site](https://reader033.fdocuments.in/reader033/viewer/2022052307/55937cdf1a28ab003b8b47ec/html5/thumbnails/16.jpg)
Kako se zaščititi pred napadi
• Uporabljajte HTTPS• Ne uporabljajte zastarelih certifikatov• VPN oz. SSL/TLS povezave• Uporabljajte posododobljen brskalnik• Statične arp tabele• Posodobljena programska oprema
![Page 17: Man-in-the-Middle in ARP/DNS Poisoning Phishing site](https://reader033.fdocuments.in/reader033/viewer/2022052307/55937cdf1a28ab003b8b47ec/html5/thumbnails/17.jpg)
Phishing site
• Z DNS poisoning lahko žrtev preusmerimo na lažno spletno stran ki pobira gesla in uporabniška imena
• Lahko vsebuje tudi zlonamerno kodo, ki izkorišča varnostne pomankljivosti v javi, pdf, flashplayer-ju itd.
• Lahko celo prevzamemo nadzor nad računalnikom, ki ga uporabimo za nadalnje napade
![Page 18: Man-in-the-Middle in ARP/DNS Poisoning Phishing site](https://reader033.fdocuments.in/reader033/viewer/2022052307/55937cdf1a28ab003b8b47ec/html5/thumbnails/18.jpg)
Phishing site primer
• Primer spletne strani ki pobira prijavna gesla in uporabniška imena
• Po izgledu je enaka kot original razlikuje se le v URL-ju (paypal.com paypa1.com)
• Največkrat nima varne povezave HTTPS • Po vnesenem geslu/uporabniškem imenu nas
preusmeri na pravo spletno stran• Potrebuje več časa da se stran naloži
![Page 19: Man-in-the-Middle in ARP/DNS Poisoning Phishing site](https://reader033.fdocuments.in/reader033/viewer/2022052307/55937cdf1a28ab003b8b47ec/html5/thumbnails/19.jpg)
Primer phishing strani
![Page 20: Man-in-the-Middle in ARP/DNS Poisoning Phishing site](https://reader033.fdocuments.in/reader033/viewer/2022052307/55937cdf1a28ab003b8b47ec/html5/thumbnails/20.jpg)
SET-social engineering toolkit
![Page 21: Man-in-the-Middle in ARP/DNS Poisoning Phishing site](https://reader033.fdocuments.in/reader033/viewer/2022052307/55937cdf1a28ab003b8b47ec/html5/thumbnails/21.jpg)
Izberemo 3 (Credential harvester...)
![Page 22: Man-in-the-Middle in ARP/DNS Poisoning Phishing site](https://reader033.fdocuments.in/reader033/viewer/2022052307/55937cdf1a28ab003b8b47ec/html5/thumbnails/22.jpg)
2. Site Cloner
![Page 23: Man-in-the-Middle in ARP/DNS Poisoning Phishing site](https://reader033.fdocuments.in/reader033/viewer/2022052307/55937cdf1a28ab003b8b47ec/html5/thumbnails/23.jpg)
Žrtev se vpiše
![Page 24: Man-in-the-Middle in ARP/DNS Poisoning Phishing site](https://reader033.fdocuments.in/reader033/viewer/2022052307/55937cdf1a28ab003b8b47ec/html5/thumbnails/24.jpg)
Phishing site
• Kako spraviti uporabnika na phishing spletno stran
• DNS spoofing/poisoning • Social engineering • E-mail (pošlješ link)• tabnabbing attack
![Page 25: Man-in-the-Middle in ARP/DNS Poisoning Phishing site](https://reader033.fdocuments.in/reader033/viewer/2022052307/55937cdf1a28ab003b8b47ec/html5/thumbnails/25.jpg)
Java applet attack method
![Page 26: Man-in-the-Middle in ARP/DNS Poisoning Phishing site](https://reader033.fdocuments.in/reader033/viewer/2022052307/55937cdf1a28ab003b8b47ec/html5/thumbnails/26.jpg)
Zloraba Jave
![Page 27: Man-in-the-Middle in ARP/DNS Poisoning Phishing site](https://reader033.fdocuments.in/reader033/viewer/2022052307/55937cdf1a28ab003b8b47ec/html5/thumbnails/27.jpg)
![Page 28: Man-in-the-Middle in ARP/DNS Poisoning Phishing site](https://reader033.fdocuments.in/reader033/viewer/2022052307/55937cdf1a28ab003b8b47ec/html5/thumbnails/28.jpg)
![Page 29: Man-in-the-Middle in ARP/DNS Poisoning Phishing site](https://reader033.fdocuments.in/reader033/viewer/2022052307/55937cdf1a28ab003b8b47ec/html5/thumbnails/29.jpg)
![Page 30: Man-in-the-Middle in ARP/DNS Poisoning Phishing site](https://reader033.fdocuments.in/reader033/viewer/2022052307/55937cdf1a28ab003b8b47ec/html5/thumbnails/30.jpg)
Pwned!!
![Page 31: Man-in-the-Middle in ARP/DNS Poisoning Phishing site](https://reader033.fdocuments.in/reader033/viewer/2022052307/55937cdf1a28ab003b8b47ec/html5/thumbnails/31.jpg)
Viri
• http://www.social-engineer.org SET• http://www.backtrack-linux.org BT5• http://www.wireshark.com • http://www.oxid.it Cain & Abel • http://www.kali.org novi BT6• http://www.metasploit.com msf• http://www.fastandeasyhacking.com Armitage• http://www.offensive-security.com