Ethical Hacking 简明教程

Ethical Hacking - ARP Poisoning

地址解析协议 (ARP) 是一种无状态协议,用于将 IP 地址解析为计算机的 MAC 地址。网络上需要进行通信的所有网络设备都会在系统中广播 ARP 查询,以找出其他计算机的 MAC 地址。ARP 欺骗也称为 ARP Spoofing

Address Resolution Protocol (ARP) is a stateless protocol used for resolving IP addresses to machine MAC addresses. All network devices that need to communicate on the network broadcast ARP queries in the system to find out other machines’ MAC addresses. ARP Poisoning is also known as ARP Spoofing.

以下是 ARP 的工作原理:

Here is how ARP works −

  1. When one machine needs to communicate with another, it looks up its ARP table.

  2. If the MAC address is not found in the table, the ARP_request is broadcasted over the network.

  3. All machines on the network will compare this IP address to MAC address.

  4. If one of the machines in the network identifies this address, then it will respond to the ARP_request with its IP and MAC address.

  5. The requesting computer will store the address pair in its ARP table and communication will take place.

What is ARP Spoofing?

可以伪造 ARP 数据包以将数据发送到攻击者的计算机。

ARP packets can be forged to send data to the attacker’s machine.

  1. ARP spoofing constructs a large number of forged ARP request and reply packets to overload the switch.

  2. The switch is set in forwarding mode and after the ARP table is flooded with spoofed ARP responses, the attackers can sniff all network packets.

攻击者用伪造的条目随机填充目标计算机的 ARP 缓存,这也称为 poisoning 。ARP 欺骗使用中间人访问来污染网络。

Attackers flood a target computer ARP cache with forged entries, which is also known as poisoning. ARP poisoning uses Man-in-the-Middle access to poison the network.

What is MITM?

中间人攻击(缩写为 MITM、MitM、MIM、MiM、MITMA)暗示一种主动攻击,其中 adversaries 冒充用户,通过在受害者之间创建连接并发送他们之间的消息来进行攻击。在这种情况下,受害者认为他们在彼此通信,但实际上,恶意行为者控制着通信。

The Man-in-the-Middle attack (abbreviated MITM, MitM, MIM, MiM, MITMA) implies an active attack where the adversary impersonates the user by creating a connection between the victims and sends messages between them. In this case, the victims think that they are communicating with each other, but in reality, the malicious actor controls the communication.

third person

存在第三人来控制和监视两方之间的通信流量。诸如 SSL 等一些协议有助于阻止这种类型的攻击。

A third person exists to control and monitor the traffic of communication between two parties. Some protocols such as SSL serve to prevent this type of attack.

ARP Poisoning − Exercise

在本练习中,我们在安装了 Kali Linux 和 Ettercap 工具以嗅探 LAN 中本地流量的 VMware 工作站中,使用 BetterCAP 在 LAN 环境中执行 ARP 欺骗。

In this exercise, we have used BetterCAP to perform ARP poisoning in LAN environment using VMware workstation in which we have installed Kali Linux and Ettercap tool to sniff the local traffic in LAN.

For this exercise, you would need the following tools −

  1. VMware workstation

  2. Kali Linux or Linux Operating system

  3. Ettercap Tool

  4. LAN connection

Note − This attack is possible in wired and wireless networks. You can perform this attack in local LAN.

Step 1 − 安装 VMware 工作站并安装 Kali Linux 操作系统。

Step 1 − Install the VMware workstation and install the Kali Linux operating system.

Step 2 − 使用用户名和密码“root, toor”登录到 Kali Linux。

Step 2 − Login into the Kali Linux using username pass “root, toor”.

Step 3 − 确保已连接到本地 LAN,并通过在终端中键入命令 ifconfig 来检查 IP 地址。

Step 3 − Make sure you are connected to local LAN and check the IP address by typing the command ifconfig in the terminal.

ifconfig

Step 4 - 打开终端并键入“Ettercap –G”以启动 Ettercap 的图形化版本。

Step 4 − Open up the terminal and type “Ettercap –G” to start the graphical version of Ettercap.

ettercap

Step 5 - 现在点击菜单栏中的“嗅探”标签并选择“统一嗅探”,然后点击“好”选择接口。我们将使用“eth0”,这意味着以太网连接。

Step 5 − Now click the tab “sniff” in the menu bar and select “unified sniffing” and click OK to select the interface. We are going to use “eth0” which means Ethernet connection.

ettercap input

Step 6 - 现在点击菜单栏中的“主机”标签,然后点击“扫描主机”。它将开始扫描整个网络以查找活动主机。

Step 6 − Now click the “hosts” tab in the menu bar and click “scan for hosts”. It will start scanning the whole network for the alive hosts.

Step 7 - 接下来,单击“hosts”选项卡并选择“hosts list”以查看网络中可用的主机数量。此列表还包括默认网关地址。我们在选择目标时必须小心。

Step 7 − Next, click the “hosts” tab and select “hosts list” to see the number of hosts available in the network. This list also includes the default gateway address. We have to be careful when we select the targets.

host tab

Step 8 - 现在我们必须选择目标。在 MITM 中,我们的目标是主机,并且路由将是转发流量的路由器地址。在 MITM 攻击中,攻击者会拦截网络并嗅探数据包。所以,我们将受害者作为“目标 1”添加进去,并将路由器地址作为“目标 2”添加进去。

Step 8 − Now we have to choose the targets. In MITM, our target is the host machine, and the route will be the router address to forward the traffic. In an MITM attack, the attacker intercepts the network and sniffs the packets. So, we will add the victim as “target 1” and the router address as “target 2.”

在 VMware 环境中,默认网关将始终以“2”结尾,因为“1”已分配给物理机。

In VMware environment, the default gateway will always end with “2” because “1” is assigned to the physical machine.

Step 9 − In this scenario, our target is “192.168.121.129” and the router is “192.168.121.2”. So we will add target 1 as victim IP and target 2 as router IP.

target

Step 10 − Now click on “MITM” and click “ARP poisoning”. Thereafter, check the option “Sniff remote connections” and click OK.

mitm attack

Step 11 − Click “start” and select “start sniffing”. This will start ARP poisoning in the network which means we have enabled our network card in “promiscuous mode” and now the local traffic can be sniffed.

Note - 我们仅允许使用 Ettercap 进行 HTTP 嗅探,因此不要指望使用此进程嗅探 HTTPS 数据包。

Note − We have allowed only HTTP sniffing with Ettercap, so don’t expect HTTPS packets to be sniffed with this process.

Step 12 - 现在是查看结果的时候了;如果受害者登录了某些网站。你可以在 Ettercap 的工具栏中查看结果。

Step 12 − Now it’s time to see the results; if our victim logged into some websites. You can see the results in the toolbar of Ettercap.

result

以下是嗅探是如何运作的。您一定已经明白了,只需启用 ARP 欺骗就可以轻松获得 HTTP 凭据。

This is how sniffing works. You must have understood how easy it is to get the HTTP credentials just by enabling ARP poisoning.

ARP 欺骗有可能会给公司环境造成巨大损失。这就是任命道德黑客来保护网络的地方。

ARP Poisoning has the potential to cause huge losses in company environments. This is the place where ethical hackers are appointed to secure the networks.

与 ARP 欺骗类似,还有其他攻击,例如 MAC 泛洪、MAC 欺骗、DNS 欺骗和 ICMP 欺骗,它们都可能给网络造成重大损失。

Like ARP poisoning, there are other attacks such as MAC flooding, MAC spoofing, DNS poisoning, ICMP poisoning, etc. that can cause significant loss to a network.

在下一章,我们将会讨论另一种称为 DNS poisoning 的攻击类型。

In the next chapter, we will discuss another type of attack known as DNS poisoning.