Jump to content

Not A Real Hack Attempt, But A Mind Probe


Suren white hat

Recommended Posts

what if you have two ip address assigned in a single adaptor card ? the two ip address have two mac address ? ist ? i guess yes !!

and in that case how do i find which one is authorative MAC adress for the card among the two ip address associated mac address ?

So do i need to clear the last IP settings and again setting a single ip address in the adaptor to find the authorative mac address burned for the card ?

what is the best ways to maually add the static entry of my machine mac address into the targeted network gateway so that i can start intercept thier connections !

this is just mi picturization for an instance ?

Link to comment
Share on other sites

what if you have two ip address assigned in a single adaptor card ? the two ip address have two mac address ? ist ? i guess yes !!

Technically speaking, you are still required to have two separate LAN interfaces on the card, for the two MAC addresses to be used individually. By design, its not possible to have two MAC addresses operating on the same interface.

and in that case how do i find which one is authorative MAC adress for the card among the two ip address associated mac address ?

Let me guess, are you trying to set up some kind of load balancing or redundancy? If that's the case, you can't assign more than one MAC address to a single NIC. You can change the MAC address, but that's as far as you can go. A single NIC can only operate with a single MAC address, you will need an additional NIC if you want to have two separate MAC addresses.

what is the best ways to manually add the static entry of my machine mac address into the targeted network gateway so that i can start intercept thier connections !

This will need to be hard coded in the router's firmware, however you can use ARP Poisoning to redirect your victims traffic into your attacker's machine.

if you haven't done ARP poisoning before, check out this Backtrack arp poisoning article.

http://forum.intern0t.org/offensive-guides-information/603-arp-poisoning-mitm-attack.html

Link to comment
Share on other sites

its possible bro, i have tried on during my lab session..

you can assign two ip address , in a one lan interface...you can assign one for The computer IP address and another one for by asssuming router IP address(but in reality u don have router in ur hand)

thats how i used during in my lab set up ...so after tat try look up arp cache table

c:> arp -a

now u can see two ip address, and two different mac address

but onli one network interface card

Edited by Suren white hat
Link to comment
Share on other sites

Let me guess, are you trying to set up some kind of load balancing or redundancy? If that's the case, you can't assign more than one MAC address to a single NIC. You can change the MAC address, but that's as far as you can go. A single NIC can only operate with a single MAC address, you will need an additional NIC if you want to have two separate MAC addresses.

nah bro am not setting up any load balancing and all , i jus executed the arp poisoning process in mind and want to make the things clear abt process...and the link you are givven has all the tings wat is needed to learn

Link to comment
Share on other sites

its possible bro, i have tried on during my lab session..

you can assign two ip address , in a one lan interface...you can assign one for The computer IP address and another one for by asssuming router IP address(but in reality u don have router in ur hand)

thats how i used during in my lab set up ...so after tat try look up arp cache table

c:> arp -a

now u can see two ip address, and two different mac address

but onli one network interface card

Oh yes the APIPA address. But one thing you got to remember is that the MAC address is imprinted on the NIC's ROM, so it doesn't change only the IP address.

Link to comment
Share on other sites

This will need to be hard coded in the router's firmware, however you can use ARP Poisoning to redirect your victims traffic into your attacker's machine.

if you haven't done ARP poisoning before, check out this Backtrack arp poisoning article.

http://forum.intern0...itm-attack.html

Hard coded in the routers firmware means ?

aceesing the firmware files through the backtrack Terminal ? in that i can see only the firmware codes , and few html files loaded on the firmware..

Link to comment
Share on other sites

Oh yes the APIPA address. But one thing you got to remember is that the MAC address is imprinted on the NIC's ROM, so it doesn't change only the IP address.

not the APIPA Bro, apipa canoot help you to connect to domain or internet connectivity ..it only talk to its own broadcast range..!! if u have two or more computer with one modem take one computer go to the lan card change ip address to any u want , (login to router make static from dynamic ip ) and again go back to the same lan card add another ip into the same

now go back to the command

c:> arp -a

type this and u will see the arp entries with two ip address with unique mac address

slap me if its not worked

Link to comment
Share on other sites

not the APIPA Bro, apipa canoot help you to connect to domain or internet connectivity ..it only talk to its own broadcast range..!! if u have two or more computer with one modem take one computer go to the lan card change ip address to any u want , (login to router make static from dynamic ip ) and again go back to the same lan card add another ip into the same

now go back to the command

c:> arp -a

type this and u will see the arp entries with two ip address with unique mac address

slap me if its not worked

Correct if I am wrong, but wouldn't the Modem and the LAN card have its own MAC address. And as result, you would have two different MAC addresses.

Edited by Infiltrator
Link to comment
Share on other sites

This thread is going nowhere. I'm having trouble following the op, mainly because I think English is not his/her first language...

Bottom line, learn what you are seeing in "arp -a". You should by default, see your router's IP and MAC address(which is your gateway and should always have an arp entry for if connected to the router). Any other IP's are what your machine has discovered, most likely pinged another IP on your lan or some other machine has pinged you, or you might see a multi-cast address, like " 224.0.0.22" with a mac address.

If you want to know your own MAC address for each NIC you have installed, type "ipconfig /all" in windows, or "ifconfig" in linux. It will show each interface that is up and what their IP and MAC addresses are.

What, if anything, is it you are trying to accomplish, because your topic mentions "arp poisoning". If you want to do MAC address spoofing and MITM, you need a tool that sends arp replies to the router and your victim, sending them false IP to MAC address relationships and getting the false data into each devices mac address table and arp cache. To spoof the router, you have to tell the victim your IP is associated with the routers MAC, and tell the Router, that your IP is associated with the MAC of your victim. This is often an issue on wired networks due to how switches work and will rediscover more than one IP with the same MAC and can bring the network down, but on wireless, usually works without a hitch. If you are looking to create static entries in your ARP table, you can do that as well, but that won't effect victims PC in arp poisoning, you would have to add static entries in their machines to force MITM traffic, and even then you would need a program/listener, to forward the traffic between you and the router.

Edited by digip
Link to comment
Share on other sites

Correct if I am wrong, but wouldn't the Modem and the LAN card have its own MAC address. And as result, you would have two different MAC addresses.

yo are right bro , but thats how i practiced in my lab set up where i have only switch , but jus to consider the router i add two ip address in a snigle etherent card interface .! thats how i did it it showed two unique mac address in the arp cache table

Link to comment
Share on other sites

This thread is going nowhere. I'm having trouble following the op, mainly because I think English is not his/her first language...

To spoof the router, you have to tell the victim your IP is associated with the routers MAC, and tell the Router, that your IP is associated with the MAC of your victim. This is often an issue on wired networks due to how switches work and will rediscover more than one IP with the same MAC and can bring the network down,

ok bro, wen the switch re discover more than ip with same mac address wha would happen ? the interception would not be possible ?? or how to come up from such situation ?

but on wireless, usually works without a hitch. If you are looking to create static entries in your ARP table, you can do that as well, but that won't effect victims PC in arp poisoning, you would have to add static entries in their machines to force MITM traffic, and even then you would need a program/listener, to forward the traffic between you and the router.

yeah yo right in wireless case we don have a switch instead Access points ! how do i add static entries in their machines ? when i have no access to thier system ? sniffing from the gateway interface would not enough to look up the victims encrypted passwords and in and out using ettercap ?

Link to comment
Share on other sites

ok bro, wen the switch re discover more than ip with same mac address wha would happen ? the interception would not be possible ?? or how to come up from such situation ?

yeah yo right in wireless case we don have a switch instead Access points ! how do i add static entries in their machines ? when i have no access to thier system ? sniffing from the gateway interface would not enough to look up the victims encrypted passwords and in and out using ettercap ?

Use a tool like CAIN or Ettercap, or some other MITM tool that does arp cache poisoning.

Link to comment
Share on other sites

ok bro, wen the switch re discover more than ip with same mac address wha would happen ? the interception would not be possible ?? or how to come up from such situation ?

yeah yo right in wireless case we don have a switch instead Access points ! how do i add static entries in their machines ? when i have no access to thier system ? sniffing from the gateway interface would not enough to look up the victims encrypted passwords and in and out using ettercap ?

Digip is right on the money, watch this video for more information.

http://www.securitytube.net/video/3868

Link to comment
Share on other sites

thanks guys i have used to etercap ! its awesome tool

! like this

is there a way to sniff someone system outside the network !

It's possible but you need to be in between the victim and his ISP, which would be a very challenging thing to do. That requires having direct access to their routers.

Another scenario would be, via a wireless access point, if he/she has one.

Or you could use RATs, to do some keylogging.

Edited by Infiltrator
Link to comment
Share on other sites

The jist of it is no, you won't be able to MITM someone from your house to theirs between ISP's using ARP poisoning. Mainly because ARP poisoning is a layer 2 protocol, and works in your local area network and not across routers/routes. Its a non routing protocol. IP on the other hand, could be messed with somewhat, but I doubt there is some sort of Layer 3 IP MITM attack that could be done, but like mentioned above, you would need to pwn the routers between you and the victim(all the routers), and once it leaves your network, it could take multiple different paths to reach someone, avoiding one of your pwned routers. If one path goes down or gets hosed, it could easily take another routers path if they have their shit together and redundancy in place, which is the way it should work. For example, do a traceroute to any site. You would have to control every router across each hop to your victim, and that in itself, is highly unlikely, you would need to be able to keep control of them like you could in a single wifi network. You can construct packets to send fake sender info, and in turn cause various different kinds of DoS attacks, using relfection and fake return addresses, but most that would do is cause time outs and won't allow you to intercept the traffic.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...