Suren white hat Posted May 18, 2012 Share Posted May 18, 2012 what if you have two ip address assigned in a single adaptor card ? the two ip address have two mac address ? ist ? i guess yes !! and in that case how do i find which one is authorative MAC adress for the card among the two ip address associated mac address ? So do i need to clear the last IP settings and again setting a single ip address in the adaptor to find the authorative mac address burned for the card ? what is the best ways to maually add the static entry of my machine mac address into the targeted network gateway so that i can start intercept thier connections ! this is just mi picturization for an instance ? Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted May 18, 2012 Share Posted May 18, 2012 what if you have two ip address assigned in a single adaptor card ? the two ip address have two mac address ? ist ? i guess yes !! Technically speaking, you are still required to have two separate LAN interfaces on the card, for the two MAC addresses to be used individually. By design, its not possible to have two MAC addresses operating on the same interface. and in that case how do i find which one is authorative MAC adress for the card among the two ip address associated mac address ? Let me guess, are you trying to set up some kind of load balancing or redundancy? If that's the case, you can't assign more than one MAC address to a single NIC. You can change the MAC address, but that's as far as you can go. A single NIC can only operate with a single MAC address, you will need an additional NIC if you want to have two separate MAC addresses. what is the best ways to manually add the static entry of my machine mac address into the targeted network gateway so that i can start intercept thier connections ! This will need to be hard coded in the router's firmware, however you can use ARP Poisoning to redirect your victims traffic into your attacker's machine. if you haven't done ARP poisoning before, check out this Backtrack arp poisoning article. http://forum.intern0t.org/offensive-guides-information/603-arp-poisoning-mitm-attack.html Quote Link to comment Share on other sites More sharing options...
Suren white hat Posted May 18, 2012 Author Share Posted May 18, 2012 (edited) its possible bro, i have tried on during my lab session.. you can assign two ip address , in a one lan interface...you can assign one for The computer IP address and another one for by asssuming router IP address(but in reality u don have router in ur hand) thats how i used during in my lab set up ...so after tat try look up arp cache table c:> arp -a now u can see two ip address, and two different mac address but onli one network interface card Edited May 18, 2012 by Suren white hat Quote Link to comment Share on other sites More sharing options...
Suren white hat Posted May 18, 2012 Author Share Posted May 18, 2012 Let me guess, are you trying to set up some kind of load balancing or redundancy? If that's the case, you can't assign more than one MAC address to a single NIC. You can change the MAC address, but that's as far as you can go. A single NIC can only operate with a single MAC address, you will need an additional NIC if you want to have two separate MAC addresses. nah bro am not setting up any load balancing and all , i jus executed the arp poisoning process in mind and want to make the things clear abt process...and the link you are givven has all the tings wat is needed to learn Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted May 18, 2012 Share Posted May 18, 2012 its possible bro, i have tried on during my lab session.. you can assign two ip address , in a one lan interface...you can assign one for The computer IP address and another one for by asssuming router IP address(but in reality u don have router in ur hand) thats how i used during in my lab set up ...so after tat try look up arp cache table c:> arp -a now u can see two ip address, and two different mac address but onli one network interface card Oh yes the APIPA address. But one thing you got to remember is that the MAC address is imprinted on the NIC's ROM, so it doesn't change only the IP address. Quote Link to comment Share on other sites More sharing options...
Suren white hat Posted May 18, 2012 Author Share Posted May 18, 2012 This will need to be hard coded in the router's firmware, however you can use ARP Poisoning to redirect your victims traffic into your attacker's machine. if you haven't done ARP poisoning before, check out this Backtrack arp poisoning article. http://forum.intern0...itm-attack.html Hard coded in the routers firmware means ? aceesing the firmware files through the backtrack Terminal ? in that i can see only the firmware codes , and few html files loaded on the firmware.. Quote Link to comment Share on other sites More sharing options...
Suren white hat Posted May 18, 2012 Author Share Posted May 18, 2012 Oh yes the APIPA address. But one thing you got to remember is that the MAC address is imprinted on the NIC's ROM, so it doesn't change only the IP address. not the APIPA Bro, apipa canoot help you to connect to domain or internet connectivity ..it only talk to its own broadcast range..!! if u have two or more computer with one modem take one computer go to the lan card change ip address to any u want , (login to router make static from dynamic ip ) and again go back to the same lan card add another ip into the same now go back to the command c:> arp -a type this and u will see the arp entries with two ip address with unique mac address slap me if its not worked Quote Link to comment Share on other sites More sharing options...
Suren white hat Posted May 18, 2012 Author Share Posted May 18, 2012 before checking the arp entries make sure , ping from the system to router 192.168.1.1 , and the system 2 Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted May 18, 2012 Share Posted May 18, 2012 (edited) not the APIPA Bro, apipa canoot help you to connect to domain or internet connectivity ..it only talk to its own broadcast range..!! if u have two or more computer with one modem take one computer go to the lan card change ip address to any u want , (login to router make static from dynamic ip ) and again go back to the same lan card add another ip into the same now go back to the command c:> arp -a type this and u will see the arp entries with two ip address with unique mac address slap me if its not worked Correct if I am wrong, but wouldn't the Modem and the LAN card have its own MAC address. And as result, you would have two different MAC addresses. Edited May 18, 2012 by Infiltrator Quote Link to comment Share on other sites More sharing options...
digip Posted May 18, 2012 Share Posted May 18, 2012 (edited) This thread is going nowhere. I'm having trouble following the op, mainly because I think English is not his/her first language... Bottom line, learn what you are seeing in "arp -a". You should by default, see your router's IP and MAC address(which is your gateway and should always have an arp entry for if connected to the router). Any other IP's are what your machine has discovered, most likely pinged another IP on your lan or some other machine has pinged you, or you might see a multi-cast address, like " 224.0.0.22" with a mac address. If you want to know your own MAC address for each NIC you have installed, type "ipconfig /all" in windows, or "ifconfig" in linux. It will show each interface that is up and what their IP and MAC addresses are. What, if anything, is it you are trying to accomplish, because your topic mentions "arp poisoning". If you want to do MAC address spoofing and MITM, you need a tool that sends arp replies to the router and your victim, sending them false IP to MAC address relationships and getting the false data into each devices mac address table and arp cache. To spoof the router, you have to tell the victim your IP is associated with the routers MAC, and tell the Router, that your IP is associated with the MAC of your victim. This is often an issue on wired networks due to how switches work and will rediscover more than one IP with the same MAC and can bring the network down, but on wireless, usually works without a hitch. If you are looking to create static entries in your ARP table, you can do that as well, but that won't effect victims PC in arp poisoning, you would have to add static entries in their machines to force MITM traffic, and even then you would need a program/listener, to forward the traffic between you and the router. Edited May 18, 2012 by digip Quote Link to comment Share on other sites More sharing options...
Suren white hat Posted May 19, 2012 Author Share Posted May 19, 2012 Correct if I am wrong, but wouldn't the Modem and the LAN card have its own MAC address. And as result, you would have two different MAC addresses. yo are right bro , but thats how i practiced in my lab set up where i have only switch , but jus to consider the router i add two ip address in a snigle etherent card interface .! thats how i did it it showed two unique mac address in the arp cache table Quote Link to comment Share on other sites More sharing options...
Suren white hat Posted May 19, 2012 Author Share Posted May 19, 2012 This thread is going nowhere. I'm having trouble following the op, mainly because I think English is not his/her first language... To spoof the router, you have to tell the victim your IP is associated with the routers MAC, and tell the Router, that your IP is associated with the MAC of your victim. This is often an issue on wired networks due to how switches work and will rediscover more than one IP with the same MAC and can bring the network down, ok bro, wen the switch re discover more than ip with same mac address wha would happen ? the interception would not be possible ?? or how to come up from such situation ? but on wireless, usually works without a hitch. If you are looking to create static entries in your ARP table, you can do that as well, but that won't effect victims PC in arp poisoning, you would have to add static entries in their machines to force MITM traffic, and even then you would need a program/listener, to forward the traffic between you and the router. yeah yo right in wireless case we don have a switch instead Access points ! how do i add static entries in their machines ? when i have no access to thier system ? sniffing from the gateway interface would not enough to look up the victims encrypted passwords and in and out using ettercap ? Quote Link to comment Share on other sites More sharing options...
digip Posted May 19, 2012 Share Posted May 19, 2012 ok bro, wen the switch re discover more than ip with same mac address wha would happen ? the interception would not be possible ?? or how to come up from such situation ? yeah yo right in wireless case we don have a switch instead Access points ! how do i add static entries in their machines ? when i have no access to thier system ? sniffing from the gateway interface would not enough to look up the victims encrypted passwords and in and out using ettercap ? Use a tool like CAIN or Ettercap, or some other MITM tool that does arp cache poisoning. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted May 20, 2012 Share Posted May 20, 2012 ok bro, wen the switch re discover more than ip with same mac address wha would happen ? the interception would not be possible ?? or how to come up from such situation ? yeah yo right in wireless case we don have a switch instead Access points ! how do i add static entries in their machines ? when i have no access to thier system ? sniffing from the gateway interface would not enough to look up the victims encrypted passwords and in and out using ettercap ? Digip is right on the money, watch this video for more information. http://www.securitytube.net/video/3868 Quote Link to comment Share on other sites More sharing options...
Suren white hat Posted May 23, 2012 Author Share Posted May 23, 2012 thanks guys i have used to etercap ! its awesome tool ! like this is there a way to sniff someone system outside the network ! Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted May 23, 2012 Share Posted May 23, 2012 (edited) thanks guys i have used to etercap ! its awesome tool ! like this is there a way to sniff someone system outside the network ! It's possible but you need to be in between the victim and his ISP, which would be a very challenging thing to do. That requires having direct access to their routers. Another scenario would be, via a wireless access point, if he/she has one. Or you could use RATs, to do some keylogging. Edited May 23, 2012 by Infiltrator Quote Link to comment Share on other sites More sharing options...
digip Posted May 23, 2012 Share Posted May 23, 2012 The jist of it is no, you won't be able to MITM someone from your house to theirs between ISP's using ARP poisoning. Mainly because ARP poisoning is a layer 2 protocol, and works in your local area network and not across routers/routes. Its a non routing protocol. IP on the other hand, could be messed with somewhat, but I doubt there is some sort of Layer 3 IP MITM attack that could be done, but like mentioned above, you would need to pwn the routers between you and the victim(all the routers), and once it leaves your network, it could take multiple different paths to reach someone, avoiding one of your pwned routers. If one path goes down or gets hosed, it could easily take another routers path if they have their shit together and redundancy in place, which is the way it should work. For example, do a traceroute to any site. You would have to control every router across each hop to your victim, and that in itself, is highly unlikely, you would need to be able to keep control of them like you could in a single wifi network. You can construct packets to send fake sender info, and in turn cause various different kinds of DoS attacks, using relfection and fake return addresses, but most that would do is cause time outs and won't allow you to intercept the traffic. Quote Link to comment Share on other sites More sharing options...
Suren white hat Posted May 24, 2012 Author Share Posted May 24, 2012 thanks a lot bros for making me a clear pictutre abt this !! i go this now Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.