1
00:00:00,990 --> 00:00:01,440
Oh, yes.

2
00:00:01,440 --> 00:00:02,820
There's plenty more to do.

3
00:00:03,380 --> 00:00:09,830
There are several tools to perform an arpspoof attack such as Arpspoof, the command line tool which

4
00:00:09,830 --> 00:00:11,240
is embedded in Kali.

5
00:00:11,600 --> 00:00:17,390
But we're going to use Ettercap for the demonstration of the ARP spoof attack.

6
00:00:18,230 --> 00:00:20,060
Ettercap is a.

7
00:00:20,710 --> 00:00:27,580
Free and open source network security tool for man in the middle Attacks on land.

8
00:00:28,290 --> 00:00:35,940
It works by putting the network interface into promiscuous mode and by ARP poisoning the target machines.

9
00:00:36,240 --> 00:00:42,090
Thereby, it can act as a man in the middle and unleash various attacks on the victims.

10
00:00:42,830 --> 00:00:48,500
Ettercap has both a command line interface version and a graphical user interface version.

11
00:00:48,950 --> 00:00:50,450
Let's see them both in action.

12
00:00:52,590 --> 00:00:55,620
First, let me show you the command line version of Ettercap.

13
00:00:56,210 --> 00:00:59,540
So this is my network created in Genus three.

14
00:01:00,440 --> 00:01:05,600
I have a collie, an Owasp BWA and a metasploitable VM in the network.

15
00:01:06,510 --> 00:01:14,760
To use Ifconfig inside the VMs to check the IP addresses and the other interface configurations as well.

16
00:01:15,680 --> 00:01:18,830
So pushing each other to be sure that they can communicate.

17
00:01:19,130 --> 00:01:19,790
Okay.

18
00:01:21,180 --> 00:01:26,130
Now I go to Cali, open a terminal screen and do the same here.

19
00:01:26,490 --> 00:01:30,720
Check the interface configuration and ping other VMs.

20
00:01:36,450 --> 00:01:36,750
Yep.

21
00:01:36,780 --> 00:01:37,980
Everything's okay.

22
00:01:38,760 --> 00:01:46,320
So let's look at the table of Metasploitable Type N and press enter.

23
00:01:46,980 --> 00:01:54,480
So currently there are two records in the table of Metasploitable, one for Kali and one for Owasp BWA.

24
00:01:55,680 --> 00:01:57,360
Now let me show you something.

25
00:01:57,600 --> 00:02:04,830
If you want to perform an arpspoof attack, you should enable IP forwarding in your attacker system

26
00:02:04,830 --> 00:02:11,280
so that the packets will not end on your attacker system and be forwarded to the destination system.

27
00:02:11,430 --> 00:02:15,510
Otherwise you'll block the traffic between the victim and the spoofed system.

28
00:02:16,160 --> 00:02:17,270
Check that out.

29
00:02:18,060 --> 00:02:23,400
So the IP address is managed by a variable IP forward like in Kali.

30
00:02:24,370 --> 00:02:27,430
And to look at the file content type.

31
00:02:28,470 --> 00:02:33,450
Cat slash proc slash, cis slash.

32
00:02:33,480 --> 00:02:38,580
Net slash ipv four slash IP Forward and press.

33
00:02:38,580 --> 00:02:39,060
Enter.

34
00:02:40,230 --> 00:02:41,550
Its value is zero.

35
00:02:41,550 --> 00:02:43,890
So to enable it, it has to be one.

36
00:02:44,190 --> 00:02:45,270
So I'll change it.

37
00:02:45,970 --> 00:02:49,750
You can open the file with a text editor and change the value.

38
00:02:49,930 --> 00:02:53,680
But here I'll just simply use the echo command for this purpose.

39
00:02:54,800 --> 00:02:55,760
Echo one.

40
00:02:56,480 --> 00:02:59,960
Greater than sign the entire file name.

41
00:03:02,690 --> 00:03:04,370
So check the file again.

42
00:03:05,480 --> 00:03:07,970
And yes, its value is now one.

43
00:03:09,250 --> 00:03:16,570
Now, please note that Ettercap enables IP forwarding automatically even though you don't enable it

44
00:03:16,570 --> 00:03:17,560
manually.

45
00:03:17,610 --> 00:03:17,890
All right.

46
00:03:17,890 --> 00:03:21,970
I want you to know what's happening behind the scenes, so to speak.

47
00:03:23,340 --> 00:03:23,700
All right.

48
00:03:23,700 --> 00:03:25,470
So now is the time of the attack.

49
00:03:25,800 --> 00:03:30,210
Before creating the command, let's see the manual of Ettercap.

50
00:03:30,630 --> 00:03:34,590
So, type man Ettercap and press enter.

51
00:03:35,310 --> 00:03:40,950
So here's the short definition and the long description targets.

52
00:03:43,890 --> 00:03:44,850
Options.

53
00:03:48,010 --> 00:03:49,600
M for man in the middle.

54
00:03:49,630 --> 00:03:51,430
MIT m attack.

55
00:03:51,850 --> 00:03:55,240
So these are the mitm attack types.

56
00:03:55,270 --> 00:03:57,100
ARP Is it the first line?

57
00:03:57,100 --> 00:03:58,000
And the others?

58
00:03:58,030 --> 00:04:00,940
ICMP, Dhcp, etcetera.

59
00:04:04,270 --> 00:04:10,270
And here are the user interface options t for the text only interface.

60
00:04:10,420 --> 00:04:12,760
Anyway, let's just create the command.

61
00:04:12,910 --> 00:04:15,130
So first the command itself.

62
00:04:15,250 --> 00:04:23,050
Ettercap i the interface E0T for the text only interface type.

63
00:04:24,180 --> 00:04:31,800
M to make it a mint em attack and select a mint em attack type arp column remote.

64
00:04:32,900 --> 00:04:39,980
So the first IP specifies the IP address which will be spoofed, and the second IP address is the victim

65
00:04:39,980 --> 00:04:40,660
system.

66
00:04:40,670 --> 00:04:47,960
So that means there will be a row in the Metasploitable ARP table with a Carly's Mac address and Owasp

67
00:04:47,990 --> 00:04:49,970
Bue's IP address.

68
00:04:50,480 --> 00:04:58,310
And that means when Metasploitable wants to send a packet to Owasp BWA, it will be sent to Kali instead.

69
00:04:58,520 --> 00:04:59,060
Right.

70
00:04:59,480 --> 00:05:05,810
And with the help of IP forwarding, the packet will arrive at Owasp BWA.

71
00:05:05,840 --> 00:05:06,800
Finally.

72
00:05:08,500 --> 00:05:14,950
Now, please don't forget to use these slashes at the beginning and end of each IP address.

73
00:05:15,730 --> 00:05:17,420
The command is ready to run.

74
00:05:17,470 --> 00:05:19,270
So let's see what it does.

75
00:05:19,300 --> 00:05:19,570
Hit.

76
00:05:19,570 --> 00:05:20,080
Enter.

77
00:05:21,640 --> 00:05:23,860
And here's a summary of the attack.

78
00:05:24,160 --> 00:05:25,420
The victims.

79
00:05:26,600 --> 00:05:28,430
Interface type, etcetera.

80
00:05:29,180 --> 00:05:34,370
Now we'll go to Metasploitable RPN to see the ARP table again.

81
00:05:34,970 --> 00:05:38,330
And as you can see here, the first record is for Colley.

82
00:05:39,410 --> 00:05:41,660
So please look at the Mac address.

83
00:05:41,660 --> 00:05:45,590
And the second record is for Owasp BWA.

84
00:05:46,070 --> 00:05:53,660
But with the attacker's Mac address, any packet sent from Metasploitable to Owasp, BWA will visit

85
00:05:53,660 --> 00:05:54,560
Kali now.

86
00:05:55,380 --> 00:06:00,930
So let's create a telnet connection to Port 80 of Owasp BWA.

87
00:06:02,620 --> 00:06:03,250
Type.

88
00:06:03,280 --> 00:06:09,160
Telnet Owasp, BWA IP and the port 80.

89
00:06:09,550 --> 00:06:10,690
Now hit Enter.

90
00:06:11,590 --> 00:06:12,180
Type.

91
00:06:12,190 --> 00:06:18,880
Get slash http, slash 1.0 and press enter twice.

92
00:06:19,600 --> 00:06:25,150
And here is the Http response, the main page of Owasp BWA.

93
00:06:27,240 --> 00:06:29,700
Now let's go back to Cali and see what happens.

94
00:06:30,550 --> 00:06:38,740
So these are all the TCP packets sent from Metasploitable to Owasp, BWA Act packet fin packet and scroll

95
00:06:38,740 --> 00:06:41,350
up a bit and here's a Telnet connection.

96
00:06:41,350 --> 00:06:42,220
Results.

97
00:06:42,460 --> 00:06:44,320
Http Response.

98
00:06:44,350 --> 00:06:45,610
Keep going up.

99
00:06:45,760 --> 00:06:48,490
We can find some other critical data here too.

100
00:06:50,930 --> 00:06:53,780
And here are some credentials, for example.

101
00:06:55,190 --> 00:06:58,310
In the terminal screen where Ettercap is running.

102
00:06:58,310 --> 00:07:01,260
You can use control C to end the attack.

103
00:07:01,280 --> 00:07:02,660
So there it is.

104
00:07:02,660 --> 00:07:03,440
It stopped.

105
00:07:04,760 --> 00:07:08,330
Now go back to Metasploitable and look at the table again.

106
00:07:09,240 --> 00:07:15,000
Now the IP address of Owasp BWA is matched with a correct Mac address.

107
00:07:17,510 --> 00:07:20,590
Now, you might remember what I told you before that.

108
00:07:20,600 --> 00:07:27,950
Well, I hope you remember everything that I told you before, but in particular, Ettercap has a graphical

109
00:07:27,950 --> 00:07:29,520
user interface as well.

110
00:07:29,540 --> 00:07:32,450
So let's have a look at Ettercap Gooey right now.

111
00:07:33,550 --> 00:07:34,030
Again.

112
00:07:34,030 --> 00:07:35,020
We're in Cali.

113
00:07:35,050 --> 00:07:39,880
Click show applications, menu item and type Ettercap.

114
00:07:39,880 --> 00:07:40,870
And here you go.

115
00:07:40,900 --> 00:07:42,700
You'll find the Ettercap GUI app.

116
00:07:43,200 --> 00:07:45,810
So these are both ettercap gooey apps.

117
00:07:45,810 --> 00:07:48,120
You can just simply click one of them.

118
00:07:48,980 --> 00:07:52,130
I want to show you, though, another way to start the app.

119
00:07:52,220 --> 00:07:54,110
From the upper left corner.

120
00:07:54,380 --> 00:08:01,490
Applications go to sniffing, spoofing tools and select Ettercap GUI.

121
00:08:02,750 --> 00:08:07,430
Okay, so here we are at the main panel of the Ettercap GUI.

122
00:08:08,240 --> 00:08:09,680
We'd better check the network.

123
00:08:09,680 --> 00:08:15,230
So I'll open up a terminal screen and ping the other VMs, Metasploitable and Owasp BWA.

124
00:08:22,330 --> 00:08:24,190
Yeah, everything looks okay.

125
00:08:24,490 --> 00:08:30,220
So go to the sniff menu and ettercap and select unified sniffing.

126
00:08:31,150 --> 00:08:32,679
Asking for input interface.

127
00:08:32,710 --> 00:08:34,000
Eth0 is good.

128
00:08:34,090 --> 00:08:34,570
Click.

129
00:08:34,570 --> 00:08:35,320
Okay.

130
00:08:35,860 --> 00:08:39,460
If you look at the Ettercap menu, it's totally different now.

131
00:08:40,320 --> 00:08:44,039
So go to hosts and select scan for hosts.

132
00:08:44,660 --> 00:08:48,890
It's a kind of a ping scan to find out the devices of the network.

133
00:08:49,060 --> 00:08:52,280
It found five devices and added them to the hosts list.

134
00:08:53,090 --> 00:08:55,010
So go back to hosts again.

135
00:08:55,190 --> 00:08:57,950
And now select hosts lists.

136
00:08:58,100 --> 00:08:59,300
And here's a list.

137
00:08:59,300 --> 00:09:00,200
Very nice.

138
00:09:00,450 --> 00:09:01,850
Works well.

139
00:09:02,770 --> 00:09:08,020
192.168.10.11 is a wasp bwr.

140
00:09:08,500 --> 00:09:14,770
So this is a system that will spoof, so I'll select it and click add to target to.

141
00:09:15,960 --> 00:09:16,500
So.

142
00:09:16,500 --> 00:09:20,760
192.168.10.12 is Metasploitable.

143
00:09:20,760 --> 00:09:22,010
That's our victim.

144
00:09:22,050 --> 00:09:27,840
So we'll change its ARP table, select it and click add to Target one.

145
00:09:30,190 --> 00:09:31,870
I think now we're ready to attack.

146
00:09:31,870 --> 00:09:32,800
What do you think?

147
00:09:32,950 --> 00:09:33,280
All right.

148
00:09:33,280 --> 00:09:37,960
So let's go to MIT and click ARP Poisoning.

149
00:09:39,460 --> 00:09:43,900
Okay, check the sniff remote connections option and click okay.

150
00:09:44,530 --> 00:09:46,000
And the final step.

151
00:09:46,180 --> 00:09:50,020
Go to start and select start sniffing.

152
00:09:50,780 --> 00:09:52,400
So the attack has begun.

153
00:09:53,210 --> 00:10:01,340
Let's go to metasploitable and see the attack result to see the ARP table type arp n and press enter.

154
00:10:02,140 --> 00:10:07,300
The first row is for Owasp BWA, but the Mac address is Carly's Mac.

155
00:10:07,330 --> 00:10:11,650
To show it now, I'll ping Carly to create the ARP record.

156
00:10:13,380 --> 00:10:15,060
Run the command again.

157
00:10:15,060 --> 00:10:22,740
And now I have another row for Kali and both Kali and Owasp BWA of the same Mac address.

158
00:10:23,500 --> 00:10:23,980
Okay.

159
00:10:23,980 --> 00:10:25,030
You know the rest.

160
00:10:25,060 --> 00:10:28,230
The packets will be sent to Kali instead of Owasp BWA.

161
00:10:28,240 --> 00:10:34,030
So if you'd like, you can open Wireshark and collect the fruits of your labor.

162
00:10:34,030 --> 00:10:34,930
Enjoy it.