Wireless penetration-from the external network to the internal network series of MITM man in the middle attacks-vulnerability warning-the black bar safety net

ID MYHACK58:62200921829
Type myhack58
Reporter 佚名
Modified 2009-01-06T00:00:00


Author:Christopher Yang "ZerOne" , Welcome reproduced, reproduced please indicate the author and source)** Preface: recently busy faint day secretly, but not many people can share, all the important things are to hands-on force, tired........ Finally have free when get previous articles sort, the article detailed content, please refer tothe wireless network security offensive and defensive combat ofa book.

MITM*, the full name for theMan In The Middle*that is commonly said in the middle attack. As the name suggests, as a man in the middle attacks, that is, in the target host with the other host, gateway or server, the normal connection process, the malicious attacker to intercept, insert, forge, interrupt, data packet, reaches to intercept the other login account and password, falsification of identity and other purposes. This attack is the specific implementation there are many ways, such as*ARPdeception,* DNSspoofing, phishing, etc.*。*

*When the attacker through a wireless network intrusion of the internal network, the man in the middle attacks would be some considerable patience and experience for the hackers preferences, often, and other attacks with the use. Especially in the target network using the Exchange environment, perform man in the middle attacks can allow an attacker to more efficiently intercepted within the network the user's password and secret information. InBackTrack2 Linux*environment we use a powerfulEtterCap*to achieve, of course, for the General environment, you can also simply use*ArpSpoofthe tool can be. In BackTrack2/3 a Linux environment, mainly in the ettercap is more famous.

EtterCapthatan Ethernet environment network under surveillance, stopped the download and recording tool that supports multiple active or passive Protocol Analysis, such as basic FTP, SMTP, Telnet, HTTP, and encryption-related SSH, HTTPS, etc., have data insertion, filtering, maintaining the connection synchronization and other functions, also has a can support a variety of sniff mode, powerful and complete sniffing Suite, supports plug-ins, be able to check the network environment, whether it is a switched LAN, and can use Active or passive of theoperating systemthe fingerprint recognition technology to allow you to understand the current LAN.

**InBackTrack2/3 Linux*the graphical interface menu to open theEttercap*the. Select the corresponding network card,* in*Targetspecify the pre-trick goal*IPand the Gateway server*IPthe. Down, in*Mitmbox*Arp poisoningthat*Arp*deception mode.


The following figure the Black Box can be seen, the hackers intercepted by the network user login*Telnet*Server login account and the corresponding password.


Can also be used*Wiresharkto fit*ARPdeception, the figure below the black box at The of the successful intercept to the forum login account and the corresponding password. For landing, some not enabled*SSL*the encrypted web site in particular should be noted.


By can see in through a wireless connection to access points deep within the network, for have the patience of the attacker indeed can be easily intercepted to almost all of the network connected to the content, whether it is Forum account password or the remote server access password, etc., have become transparent. Privacy and company secrets are of great threat.