>> Let's execute a Man in the Middle attack.I'm using Remote Desktop Connection on my Windows 10 machine, and have connectedto a Windows 7 machine, which is running as a VM on a Mac, through virtual box.This set up allows me to show you both victim and attacker in this demo,without having to switch the recording back and forth from multiple machines.Having the victim machine as a VM on this Windows 10 host machine would be problematic.Let's look at the configuration of the Windows 7 machine, the victim machine.It has an IP address of 192.168.1.118.You'll also notice the ARP cache contains an entry for its default gateway,with the MAC address ending in E4.On the Windows 10 attacker machine, I've started the able service,and now it's time to launch the Cane executable.[ Windows sound ]I'm going to click Configure to verify that the correct interface has been selected......in the APR ARP Poison routing tab, I'm going to make surethat the Radio button use ARP request packets, more network traffic is selected.I've also changed the poison remote ARP caches every value to 10 seconds.Now I'm going to start the sniffer.I'm also going to start APR.Clicking the Sniffer tab allows me to click the Add To List button.I'm going to select all tests and target all hosts in my subnet.[silence]Down below, I'm going to click the APR tab, and then I'm going to click in the upper regionto activate the Add To List button.Warning, APR ARP poison routing enables you to hijack IP traffic between the selected hoston the left list, and all selected hosts on the right list, in both directions.If a selected host has routing capabilities where traffic will be intercepted as well.Please note that since your machine has not the same performance of a router,you could cause DOS, Denial Of Service,if you set a PR between your default gateway and all other hosts on your LAN.Let's hijack traffic in both directions between the default gateway and the Windows 7 machine.[silence]Back to the Windows 7 machine, let's re-check the ARP cache.The default gateway, 192.168.1.1 used to be associatedwith its legitimate MAC address ending in E4.Now, 192.168.1.1 is associated with the new MAC address, ending in 52, and as you can seefrom the second row, it's the MAC address of my Windows 10 machine.I've even captured the spoofed ARP in Wireshark.[silence]I've opened up Firefox on the Windows 7 victim machine.And I'm going to go to my courses.RIT.edu.Your connection is not secure.Hmmmm...Yeah that should be okay, let's add an exception.Okay good, here I am.[silence]Let's go to the edX page.Your connection is not secure.[silence]Let's add an exception.[silence]Let's do some online banking.Your connection is not secure.Let's add an exception.[silence]I've switched over from Firefox to Chrome.Notice that the warnings are much more explicit.Your connection is not private, attackers might be trying to steal your informationfrom mycourses.RIT.edu, for example passwords, messages, or credit cards.This server could not prove that it is mycourses.RIT.edu.Its security certificate is not trusted by your computer's operating system.This may be caused by a misconfiguration or an attacker intercepting your connection.Proceed to mycourses.RIT.edu.Unsafe.[silence]Proceed to shibboleth.main.ED.RIT.edu.Unsafe.[silence]Back in Cain, on the attacker machine.[silence]I'm going to click the Passwords tab at the bottom.[silence]If I was entering my actual credentials, I would've logged in successfully,and the websites I just went to would have looked normal, but as you can see,the attacker now has the usernames, and passwords, no matter how long or complex,all because a user ignored a browser's certificate error message,and in turn allowed a man in the middle attack to capture the traffic.
转载于:https://www.cnblogs.com/sec875/articles/10049623.html
相关资源:BIOS-UEFI安全培训.7z