What is a man-in-the-middle attack?

It's a method where an attacker intercepts communication between two parties to eavesdrop or manipulate the data being exchanged.

What tools are used for the demonstration?

Nmap, Cain & Abel, and EtherReel are the main tools used in this demonstration.

What is ARP cache poisoning?

It's a technique used to associate the attacker's MAC address with the IP address of another device, allowing interception of their traffic.

How can one protect themselves from such attacks?

Using secure protocols like SSL/TLS for communications and ensuring proper network security measures are in place.

Can all passwords be sniffed using these tools?

Only unencrypted passwords can be intercepted; encrypted communications (like those using SSL) are secure.

Hak5 - Hacking wireless networks with Man in the Middle techniques [Cyber Security Education]

00:07:05

https://www.youtube.com/watch?v=N86xJpna9Js

Zusammenfassung

TLDRThe video features Harrison demonstrating a man-in-the-middle attack, specifically ARP cache poisoning. He explains how ARP (Address Resolution Protocol) can be exploited to intercept communications between devices on a network. The demonstration involves using Nmap for network scanning and Cain & Abel for packet sniffing. During the demonstration, Harrison shows how to gather traffic, including instant messages and FTP credentials. He emphasizes the vulnerabilities present in unsecured networks and recommends using SSL for safe communications. The video concludes with a practical test at a coffee shop to showcase the attack in real-world conditions.

Mitbringsel

🔍 Understanding ARP cache poisoning
⚙️ Tools used: Nmap and Cain & Abel
📡 Sniffing traffic between devices
💻 Demonstrating network vulnerabilities
🔑 Intercepting passwords and messages
🌐 Importance of using secure connections
🚀 Real-world application at a coffee shop
🚫 Risks of unprotected Wi-Fi
💡 Recommendations for network security
🔒 Importance of SSL for encryption

Zeitleiste

00:00:00 - 00:07:05
In today's demonstration, Harrison explains the concept of a man-in-the-middle attack, specifically focusing on ARP cache poisoning. This attack targets the Address Resolution Protocol, where devices build a table mapping MAC addresses to IP addresses. By exploiting the vulnerability in this communication, an attacker can intercept traffic between devices, creating opportunities to eavesdrop on data exchanges. Harrison outlines the tools needed for the attack, including Nmap for network scanning to identify devices and their open ports, and Cain & Abel for running the ARP attack. After conducting the scan, they initiate the attack, tricking the firewall and a computer into thinking they are communicating with each other, enabling them to monitor the traffic. They also demonstrate how to capture and filter specific communication, like instant messages. Harrison highlights that while credentials can be sniffed, the use of SSL encryption, like that provided by Gmail, can help protect against such attacks. The session wraps up with plans to conduct similar activities at a coffee shop using someone else's network, emphasizing the potential risks of public Wi-Fi.

Mind Map

Video-Fragen und Antworten

What is a man-in-the-middle attack?
It's a method where an attacker intercepts communication between two parties to eavesdrop or manipulate the data being exchanged.
What tools are used for the demonstration?
Nmap, Cain & Abel, and EtherReel are the main tools used in this demonstration.
What is ARP cache poisoning?
It's a technique used to associate the attacker's MAC address with the IP address of another device, allowing interception of their traffic.
How can one protect themselves from such attacks?
Using secure protocols like SSL/TLS for communications and ensuring proper network security measures are in place.
Can all passwords be sniffed using these tools?
Only unencrypted passwords can be intercepted; encrypted communications (like those using SSL) are secure.

Weitere Video-Zusammenfassungen anzeigen

Erhalten Sie sofortigen Zugang zu kostenlosen YouTube-Videozusammenfassungen, die von AI unterstützt werden!

Untertitel

Automatisches Blättern:

00:00:00
joining us here today is Harrison to
00:00:01
demonstrate a manin the-middle attack
00:00:03
Harrison thank you for coming what is a
00:00:05
manin the-middle attack all right well
00:00:08
for the sake of being technical I'm
00:00:09
going to refer to this as an ARP cach
00:00:10
poisoning attack now an ARP is an
00:00:13
address resolution protocol um now each
00:00:16
device on a network uses this to build a
00:00:18
table of all the other devices on a
00:00:19
network um now in the table it contains
00:00:22
um each device's Mac address and its
00:00:25
corresponding IP address um now they do
00:00:27
this by sending out a series of R
00:00:29
requests and r responses the problem
00:00:31
with this is uh it's susceptible to
00:00:33
attack um we can exploit this
00:00:35
vulnerability uh between two computers
00:00:37
am or two devices um by telling each one
00:00:41
that or the other so this will allow us
00:00:44
to kind of uh intercept the traffic like
00:00:46
e drop yeah all we're doing is position
00:00:48
ourself in between two devices for
00:00:50
example your computer and the firewall
00:00:53
and we can pick up all the network
00:00:54
traffic in between them sounds great so
00:00:56
what do we need to get this done uh well
00:00:58
we're going to use uh a couple of tools
00:01:00
the first thing I like to do is get a
00:01:01
little bit of uh do a little bit of
00:01:03
enumeration on the network um with a
00:01:04
security scanner in this case I'm going
00:01:06
to use inmap um because the the tool
00:01:09
that we'll use to do the ARP attack
00:01:11
actually has a built-in scanner but it's
00:01:13
not quite as detailed and uh it doesn't
00:01:16
allow us to do Port scans well end Maps
00:01:18
also open source and hey you know it's
00:01:19
cool cuz it was in The Matrix it was in
00:01:21
The Matrix I yeah there was a real
00:01:22
attack in The Matrix uh Matrix 2 so I'm
00:01:26
going to use
00:01:27
inmap and uh since I'm already on the
00:01:29
network I know the subnet so I can
00:01:31
simply scan and find out what all the
00:01:33
other devices
00:01:36
are okay um now I can tell by the uh
00:01:41
names of the computers that since you
00:01:43
are using the Solomon extreme
00:01:45
International that your IP address is
00:01:50
192.168.1.10 hey it's an extreme
00:01:51
interface man and obviously the router
00:01:54
is 1
00:01:55
192.168.1.1 um so I'm going to do a port
00:01:59
scan on that way I can get an idea of
00:02:01
what kind of uh apps you're running and
00:02:04
what ports you have open and while
00:02:05
that's running I'm going to go ahead and
00:02:06
start up cane enable which is a totally
00:02:09
script Kitty tool I know but uh I'm
00:02:12
assuming that all of our viewers or most
00:02:13
of them are are running Windows and uh
00:02:17
it works hey as long as it gets the job
00:02:19
done right exactly uh if you are using
00:02:20
Unix though um which I do mainly I would
00:02:23
definitely uh suggest you check out a
00:02:25
tool called Eder cap which does the job
00:02:27
you know just as well if not better than
00:02:29
came
00:02:30
so we're going to go ahead and start our
00:02:32
sniffer and cane and scan the Mac
00:02:35
addresses now as you can see it builds a
00:02:38
pretty good list of all of the uh
00:02:40
devices on the network so we'll switch
00:02:42
tabs
00:02:43
here select the
00:02:46
firewall and Darren's
00:02:49
computer and go ahead and press this
00:02:52
button with uh button which will start
00:02:54
the attack so now we're poisoning and so
00:02:58
the firewall thinks I'm Darren's
00:03:00
computer and Darren's computer thinks
00:03:01
I'm the firewall so I'm going to pull up
00:03:04
ether reel and as you can see our in map
00:03:07
scan just
00:03:08
finished
00:03:11
um so let's make sure that you when
00:03:14
you're running other wheel you choose
00:03:15
the right uh the right Network device
00:03:18
I'm I'm actually plugged into the
00:03:20
network so I'm going to use my wired
00:03:23
ethernet uh ethernet
00:03:26
device
00:03:28
and now I am I'm scanning the
00:03:33
network so why don't you go ahead and
00:03:35
send Wes an instant message you know
00:03:38
what uh Wes signed off but I will talk
00:03:41
to John or anyone else online right now
00:03:44
now as as you probably can see um I can
00:03:47
type in AIM which is the name of the
00:03:49
protocol in other re hit enter and it'll
00:03:51
filter
00:03:53
out so that we uh it'll filter um the
00:03:57
traffic so we only see the aim traffic
00:03:59
now I can I I can look through the
00:04:02
traffic and uh I noticed that you're
00:04:04
talking to somebody called the wine cork
00:04:06
yep that's one of our viewers and the
00:04:08
message you just sent him says you there
00:04:11
with a question mark right
00:04:17
um I just noticed an incoming
00:04:19
transmission that says hey mhm uh and
00:04:22
another outgoing that
00:04:26
said we're doing a segment right now so
00:04:29
there you go as you can see see uh we're
00:04:30
picking up all the traffic and um uh the
00:04:33
other thing I want to point out is using
00:04:34
cam we can also sniff up passwords HTTP
00:04:37
passwords unless of course using uh like
00:04:39
SSL and that's one of the
00:04:41
countermeasures and we'll get into that
00:04:42
another time with how to protect
00:04:43
yourself from this attack which I would
00:04:45
highly recommend using Gmail if you
00:04:47
don't have it already because that's SSL
00:04:49
they're they're SSL all right Harrison
00:04:51
that looks pretty neat let's see if you
00:04:52
can get my FTP password for hack V.T
00:04:54
which is where we keep the episode files
00:04:57
thing logging into FTP now with a test
00:05:03
account I got it right here uh let's see
00:05:06
username is test Haack 5.two is lame
00:05:10
password that's exactly right well it
00:05:13
certainly is a lame password um all
00:05:15
right well uh now that we have
00:05:17
demonstrated it on our Network you want
00:05:18
to go try it out on somebody else's okay
00:05:21
you want to hit up the campus with the
00:05:22
coffee shop sounds good to me all right
00:05:23
let's go let's go
00:05:28
[Music]
00:05:44
all right so there's a guy behind us
00:05:46
he's inside the coffee shop okay and he
00:05:49
is can you hear
00:05:50
me yeah sorry about the volume we don't
00:05:53
have any wireless mics yet uh buy
00:05:56
T-shirts maybe we can afford them is a
00:05:57
guy using his little eyeb G4 and he
00:06:01
looks like a total sucker in college
00:06:03
stud let's go see okay all right so here
00:06:06
we are we're connected to the Link's
00:06:07
wireless network here at the coffee
00:06:10
shop okay bam all right we've got
00:06:12
traffic what do we have
00:06:14
here oh we got it right as he
00:06:16
disconnected from his IMAP server oh
00:06:19
Yahoo messenger o Yahoo messenger ymsg
00:06:22
so
00:06:23
ymsg
00:06:25
great we got uh full routing on two
00:06:28
different uh two different computers so
00:06:30
we're uping two different computers at
00:06:31
the same time switch over to and if we
00:06:33
head over to e real you can check out
00:06:35
here's Yahoo insta messenger traffic as
00:06:38
well as IMAP traffic for email scroll
00:06:41
down we just got some more uh so we can
00:06:43
just go down this list and there's tons
00:06:45
of traffic to go through but we could
00:06:47
save this and Kane will save any of the
00:06:49
passwords that are going through this
00:06:51
list so there we go Miss successful
00:06:59
sh