Intro

I am a Digital Forensics student studying at university in the UK. I also do some Cyber Security modules.
I am currently in my 2nd year.
I have mainly started this to post interesting things I have learned and problems I have encountered.
However, I will use it to do write ups about useful things I want to remember such as commands and tools I have used so I don't forget them! (To be honest, I don't expect anyone to read this!)

Wednesday 18 February 2015

Arpspoof Issues and Success

Over the past week, we have been learning about Arp Spoofing and DNS Spoofing.

I didn't fancy doing it the way everyone else was doing it, with PackETH. I wanted to do it the more manual way. I prefer learning to do it the manual way as I think you learn alot more in the process, even if it is Extremely frustrating.

Whilst I started on this last week, I am only writing the blog now (as I only made it 10 mins ago!!), so I cant remember the extent of all the issues i ran into.

What i finally realised was that i was doign the commands wrong. All the tutorials on the internet were obviously using an older version of Arpspoof as when i finally figured it out, the syntax was different.


To start with I used this website: http://null-byte.wonderhowto.com/how-to/hack-like-pro-conduct-simple-man-middle-attack-0147291/

I find Null-Byte an extremely good resource for beginners in Cyber Security.

To start with I entered the command to forward packets coming through my machine so it does not kill the internet on the targets machine.
echo 1 > /proc/sys/net/ipv4/ip_forward
Then i entered the two commands to Arpspoof the target AND Arpspoof the router.(This is where i found other resources from the link above).

arpspoof -i wlan0 -t 192.168.0.10 192.168.0.1
arpspoof -i wlan0 -t 192.168.0.1 192.168.0.10
Now, this is where people sometimes miss out a step.
You have to Arpspoof BOTH the target AND the router.
This is so both the target and the router get updated with the new Spoofed address.

So, when I ran this, everything looked like it was running as it should be.
However, when my friend tried to use his laptop, his internet was dead.

I spent many hours Googling and messing around until i came up with a solution. The commands need to be changed to this:

arpspoof -i wlan0 -t 192.168.0.10 -r 192.168.0.1
arpspoof -i wlan0 -t 192.168.0.1 192.168.0.10
Note the addition of an "-r" flag in the first command and not the second.

This finally got it working and internet was restored on the targets machine with the data redirected through my laptop, verified with Wireshark.

REMEMBER, THE FIRST COMMAND I USED TO FORWARD THE PACKETS RESETS WHENEVER YOU REBOOT THE KALI MACHINE.


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)