Lab 4 ARP and DNS Cache Poisoning PDF
Lab 4 ARP and DNS Cache Poisoning PDF
1. Kali Linux VM
2. Debian Linux VM as a Client
3. Debian Linux VM as a Server
In this lab we will gain first-hand experience on TCP/IP vulnerabilities, as well as attacks against these vulnerabilities.
Vulnerabilities of the TCP/IP protocols occur at several layers. This lab is we will be exploiting ARP which is Layer 2
protocol and DNS which is Layer 7 protocol.
To conduct this lab, we need 3 VMs connected in NAT Network. The tools being used for this lab are
Netwox/Netwag, Ettercap and SET.
LAB
ENVIRONMENT
Reference: http://ntwox.sourceforge.net/
The ARP cache is an important part of the ARP protocol. Once a mapping between a MAC address and an IP address
is resolved as the result of executing the ARP protocol, the mapping will be cached. Therefore, there is no need to
repeat the ARP protocol if the mapping is already in the cache. However, because the ARP protocol is stateless, the
cache can be easily poisoned by maliciously crafted ARP messages. Such an attack is called the ARP cache poisoning
attack.
Attackers may use spoofed ARP messages to trick the victim to accept an invalid MAC-to IP mapping, and store the
mapping in its cache. There can be various types of consequences depending on the motives of the attackers. For
example, attackers can launch a DoS attack against a victim by associating a non-existent MAC address to the IP
address of the victim’s default gateway; attackers can also redirect the traffic to and from the victim to another
machine, etc.
sudo arp -a
Step 4: After verifying the connectivity, check the ARP table of client.
sudo arp -a
You can see that MAC address of server has been mapped with IP of server in ARP cache.
***********************************************************************************************
Student Task
***********************************************************************************************
Step 6: Go to the client machine and Open a browser and type the IP of server
Step 7: To perform ARP cache poisoning we will use netwag in Attacker VM.
Start netwag:
sudo netwag
You can see that IP of server has been mapped to MAC address of Attacker machine. We have successfully poisoned
the ARP cache.
Step 10: Try to access apache2 webpage using the IP of the server.
***********************************************************************************************
Student Task
Provide the screenshot of the output and briefly explain the output.
***********************************************************************************************
Step 11: Run the following command to enable 2nd IP on eth0 on Attacker machine
***********************************************************************************************
Student Task
***********************************************************************************************
• Social-Engineering Attacks
• Website Attack Vectors
• Credential Harvester Attack Method
• Web Templates
• Use the IP of Attacker
• Use Google as templates
***********************************************************************************************
Student Task
***********************************************************************************************
Step 2: After successfully running SET, go to the Client’s browser and type Server IP
***********************************************************************************************
Student Task
***********************************************************************************************
If yes than congratulations, you have successfully redirected the web request which was for server
to the attacker.
***********************************************************************************************
Student Task
Now try with Email as Your name and Password as your learner number and provide screenshot below.
***********************************************************************************************
“DNS spoofing, also referred to as DNS cache poisoning, is a form of computer security hacking in which corrupt
Domain Name System data is introduced into the DNS resolver's cache, causing the name server to return an
incorrect result record, e.g. an IP address. This results in traffic being diverted to the attacker's computer (or any
other computer).”
Reference: https://en.wikipedia.org/wiki/DNS_spoofing
***********************************************************************************************
Student Task
***********************************************************************************************
“Ettercap is a free and open source network security tool for man-in-the-middle attacks on LAN. It can be used for
computer network protocol analysis and security auditing. It runs on various Unix-like operating systems including
Linux, Mac OS X, BSD and Solaris, and on Microsoft Windows. It is capable of intercepting traffic on a network
segment, capturing passwords, and conducting active eavesdropping against a number of common protocols. Its
original developers later founded Hacking Team.”
Reference: https://en.wikipedia.org/wiki/Ettercap_(software)
Web: https://www.ettercap-project.org/
Step 2: Navigate to the end of the file and insert the following
Save and Exit the file. By now you might have been master on it
***********************************************************************************************
Student Task
***********************************************************************************************
Step 3: Clear the cache of Firefox and run Firefox in private window.
Select Everything
***********************************************************************************************
Student Task
***********************************************************************************************
Step 1: Use the browser of Client machine and type the following
www.google.com
Email: [email protected]
***********************************************************************************************
Student Task
Provide the screenshot of the terminal running SET with the credentials captured.
***********************************************************************************************
***********************************************************************************************
Challenge
Use Ettercap to perform ARP cache poisoning and provide the steps and output.
***********************************************************************************************