5/21/2023 0 Comments Zenmap topology![]() ![]() Within the Client’s browser, the browsing history is deleted, including temporary internet files and website files. The Client VM is used to access the http:\\Server site, which contains some functionality that responds as one would expect. In the Server VM, Wireshark is used to capture Ethernet based packets of type tcp port 80. This attack overwhelms the target system making it unresponsive. There are multiple ways to implement a DoS attack, but the particular type that is examined in this lab, is a flood-type attack. The final network attack is a Denial of Service (DoS) attack. The captured packets look different to the original capture that was first recorded, as the MitM attack has been logged within the packets. The Wireshark’s packet capture can also be stopped. Netsh interface ipv4 add neighbors Ethernet 10.1.0.130 00-50-56-aa-2d-77Īre used within the Rogue’s command prompt to configure the Server and Client IP’s to static type rather than dynamic. Netsh interface ipv4 add neighbors Ethernet 10.1.01 00-50-56-aa-cf-72 The command arp -a provides a view of the ARP cache which is used to verify the Server’s and Client’s IP MAC addresses. This is likewise for the command, ping CLIENT. When the command, ping SERVER, is used, the Server’s IP address should show up. Within the Rogue VM, an elevated command prompt needs to be opened. In command prompt in Client, the command arp -a is used to view the ARP cache. Once the connection is verified, the script is initiated through a Run box. The Client VM is then used to ping to the server to ensure that there is connectivity between them before the Rogue starts the MitM attack. In the Server VM, the files ftproot and wwwroot are copied from c:\GTSLABS to c:\inetpub. For local networks, a powerful technique that is used, is known as ARP spoofing. MitM attacks are often used to determine information and potentially alter any transmissions between two hosts on a network. The next network-based attack is Man-in-the-Middle (MitM) with ARP spoofing. The ‘Stop Capture’ button in Wireshark stops any further packet processing. The packets captured include broadcast packets, the pinged ICMP packets, and link-local multicast name resolution protocol-based packets. Still within the Client VM, the Rogue VM can be pinged through command prompt with the command, ping ROGUE.īack in the Rogue VM, Wireshark will have captured packets. ![]() This is done through the search inputs of \\SERVER and http:\\SERVER for the respective Explorer applications. The Client VM is used to browse File Explorer and Internet Explorer for resources on the Server VM. Within the Rogue VM, Wireshark is used, with its ‘Capture Options’ set to Capture Filter: IP, then started. Wireshark is a packet sniffing tool that processes unicast packets sent to the host, and broadcast packets that are on the same subnet as the host. Zenmaps provides the Rogue VM with the information of which host and service is able to be compromised through a network attack. The Services tab organizes the services into a list in which the hosts running the specific service are displayed. The Ports/Hosts tab provides a list of the ports that are open on the each host. The bomb icon is indicative of the host have multiple open ports. The Host Details tab contains information based upon the scan’s attempt to determine the operating system of the hosts. The topology map shows the three VMs in the local subnet, and also whether the hosts are secure or not, as indicated by the lock next to the IP address. Once the scan is completed, the topology tab shows all the hosts found in the local subnet. Within the Zenmap’s target box, the IP address: 10.1.0.0/24 is scanned. The scanning tool used by the Rogue VM is called Zenmap, which is a GUI version of the tool, nmap. Another method, fingerprinting, is used to determine the services and configuration of a host. Footprinting is used to determine the layout of the network through its protocols and topology. The first attack that the lab focuses upon, is network footprinting. This lab involves network-based attacks such as spoofing, footprinting, and Denial of Service. ![]()
0 Comments
Leave a Reply. |