Hak5 - Hacking wireless networks with Man in the Middle techniques [Cyber Security Education]

00:07:05
https://www.youtube.com/watch?v=N86xJpna9Js

概要

TLDRThe video features Harrison demonstrating a man-in-the-middle attack, specifically ARP cache poisoning. He explains how ARP (Address Resolution Protocol) can be exploited to intercept communications between devices on a network. The demonstration involves using Nmap for network scanning and Cain & Abel for packet sniffing. During the demonstration, Harrison shows how to gather traffic, including instant messages and FTP credentials. He emphasizes the vulnerabilities present in unsecured networks and recommends using SSL for safe communications. The video concludes with a practical test at a coffee shop to showcase the attack in real-world conditions.

収穫

  • 🔍 Understanding ARP cache poisoning
  • ⚙️ Tools used: Nmap and Cain & Abel
  • 📡 Sniffing traffic between devices
  • 💻 Demonstrating network vulnerabilities
  • 🔑 Intercepting passwords and messages
  • 🌐 Importance of using secure connections
  • 🚀 Real-world application at a coffee shop
  • 🚫 Risks of unprotected Wi-Fi
  • 💡 Recommendations for network security
  • 🔒 Importance of SSL for encryption

タイムライン

  • 00:00:00 - 00:07:05

    In today's demonstration, Harrison explains the concept of a man-in-the-middle attack, specifically focusing on ARP cache poisoning. This attack targets the Address Resolution Protocol, where devices build a table mapping MAC addresses to IP addresses. By exploiting the vulnerability in this communication, an attacker can intercept traffic between devices, creating opportunities to eavesdrop on data exchanges. Harrison outlines the tools needed for the attack, including Nmap for network scanning to identify devices and their open ports, and Cain & Abel for running the ARP attack. After conducting the scan, they initiate the attack, tricking the firewall and a computer into thinking they are communicating with each other, enabling them to monitor the traffic. They also demonstrate how to capture and filter specific communication, like instant messages. Harrison highlights that while credentials can be sniffed, the use of SSL encryption, like that provided by Gmail, can help protect against such attacks. The session wraps up with plans to conduct similar activities at a coffee shop using someone else's network, emphasizing the potential risks of public Wi-Fi.

マインドマップ

ビデオQ&A

  • What is a man-in-the-middle attack?

    It's a method where an attacker intercepts communication between two parties to eavesdrop or manipulate the data being exchanged.

  • What tools are used for the demonstration?

    Nmap, Cain & Abel, and EtherReel are the main tools used in this demonstration.

  • What is ARP cache poisoning?

    It's a technique used to associate the attacker's MAC address with the IP address of another device, allowing interception of their traffic.

  • How can one protect themselves from such attacks?

    Using secure protocols like SSL/TLS for communications and ensuring proper network security measures are in place.

  • Can all passwords be sniffed using these tools?

    Only unencrypted passwords can be intercepted; encrypted communications (like those using SSL) are secure.

ビデオをもっと見る

AIを活用したYouTubeの無料動画要約に即アクセス!
字幕
en
オートスクロール:
  • 00:00:00
    joining us here today is Harrison to
  • 00:00:01
    demonstrate a manin the-middle attack
  • 00:00:03
    Harrison thank you for coming what is a
  • 00:00:05
    manin the-middle attack all right well
  • 00:00:08
    for the sake of being technical I'm
  • 00:00:09
    going to refer to this as an ARP cach
  • 00:00:10
    poisoning attack now an ARP is an
  • 00:00:13
    address resolution protocol um now each
  • 00:00:16
    device on a network uses this to build a
  • 00:00:18
    table of all the other devices on a
  • 00:00:19
    network um now in the table it contains
  • 00:00:22
    um each device's Mac address and its
  • 00:00:25
    corresponding IP address um now they do
  • 00:00:27
    this by sending out a series of R
  • 00:00:29
    requests and r responses the problem
  • 00:00:31
    with this is uh it's susceptible to
  • 00:00:33
    attack um we can exploit this
  • 00:00:35
    vulnerability uh between two computers
  • 00:00:37
    am or two devices um by telling each one
  • 00:00:41
    that or the other so this will allow us
  • 00:00:44
    to kind of uh intercept the traffic like
  • 00:00:46
    e drop yeah all we're doing is position
  • 00:00:48
    ourself in between two devices for
  • 00:00:50
    example your computer and the firewall
  • 00:00:53
    and we can pick up all the network
  • 00:00:54
    traffic in between them sounds great so
  • 00:00:56
    what do we need to get this done uh well
  • 00:00:58
    we're going to use uh a couple of tools
  • 00:01:00
    the first thing I like to do is get a
  • 00:01:01
    little bit of uh do a little bit of
  • 00:01:03
    enumeration on the network um with a
  • 00:01:04
    security scanner in this case I'm going
  • 00:01:06
    to use inmap um because the the tool
  • 00:01:09
    that we'll use to do the ARP attack
  • 00:01:11
    actually has a built-in scanner but it's
  • 00:01:13
    not quite as detailed and uh it doesn't
  • 00:01:16
    allow us to do Port scans well end Maps
  • 00:01:18
    also open source and hey you know it's
  • 00:01:19
    cool cuz it was in The Matrix it was in
  • 00:01:21
    The Matrix I yeah there was a real
  • 00:01:22
    attack in The Matrix uh Matrix 2 so I'm
  • 00:01:26
    going to use
  • 00:01:27
    inmap and uh since I'm already on the
  • 00:01:29
    network I know the subnet so I can
  • 00:01:31
    simply scan and find out what all the
  • 00:01:33
    other devices
  • 00:01:36
    are okay um now I can tell by the uh
  • 00:01:41
    names of the computers that since you
  • 00:01:43
    are using the Solomon extreme
  • 00:01:45
    International that your IP address is
  • 00:01:50
    192.168.1.10 hey it's an extreme
  • 00:01:51
    interface man and obviously the router
  • 00:01:54
    is 1
  • 00:01:55
    192.168.1.1 um so I'm going to do a port
  • 00:01:59
    scan on that way I can get an idea of
  • 00:02:01
    what kind of uh apps you're running and
  • 00:02:04
    what ports you have open and while
  • 00:02:05
    that's running I'm going to go ahead and
  • 00:02:06
    start up cane enable which is a totally
  • 00:02:09
    script Kitty tool I know but uh I'm
  • 00:02:12
    assuming that all of our viewers or most
  • 00:02:13
    of them are are running Windows and uh
  • 00:02:17
    it works hey as long as it gets the job
  • 00:02:19
    done right exactly uh if you are using
  • 00:02:20
    Unix though um which I do mainly I would
  • 00:02:23
    definitely uh suggest you check out a
  • 00:02:25
    tool called Eder cap which does the job
  • 00:02:27
    you know just as well if not better than
  • 00:02:29
    came
  • 00:02:30
    so we're going to go ahead and start our
  • 00:02:32
    sniffer and cane and scan the Mac
  • 00:02:35
    addresses now as you can see it builds a
  • 00:02:38
    pretty good list of all of the uh
  • 00:02:40
    devices on the network so we'll switch
  • 00:02:42
    tabs
  • 00:02:43
    here select the
  • 00:02:46
    firewall and Darren's
  • 00:02:49
    computer and go ahead and press this
  • 00:02:52
    button with uh button which will start
  • 00:02:54
    the attack so now we're poisoning and so
  • 00:02:58
    the firewall thinks I'm Darren's
  • 00:03:00
    computer and Darren's computer thinks
  • 00:03:01
    I'm the firewall so I'm going to pull up
  • 00:03:04
    ether reel and as you can see our in map
  • 00:03:07
    scan just
  • 00:03:08
    finished
  • 00:03:11
    um so let's make sure that you when
  • 00:03:14
    you're running other wheel you choose
  • 00:03:15
    the right uh the right Network device
  • 00:03:18
    I'm I'm actually plugged into the
  • 00:03:20
    network so I'm going to use my wired
  • 00:03:23
    ethernet uh ethernet
  • 00:03:26
    device
  • 00:03:28
    and now I am I'm scanning the
  • 00:03:33
    network so why don't you go ahead and
  • 00:03:35
    send Wes an instant message you know
  • 00:03:38
    what uh Wes signed off but I will talk
  • 00:03:41
    to John or anyone else online right now
  • 00:03:44
    now as as you probably can see um I can
  • 00:03:47
    type in AIM which is the name of the
  • 00:03:49
    protocol in other re hit enter and it'll
  • 00:03:51
    filter
  • 00:03:53
    out so that we uh it'll filter um the
  • 00:03:57
    traffic so we only see the aim traffic
  • 00:03:59
    now I can I I can look through the
  • 00:04:02
    traffic and uh I noticed that you're
  • 00:04:04
    talking to somebody called the wine cork
  • 00:04:06
    yep that's one of our viewers and the
  • 00:04:08
    message you just sent him says you there
  • 00:04:11
    with a question mark right
  • 00:04:17
    um I just noticed an incoming
  • 00:04:19
    transmission that says hey mhm uh and
  • 00:04:22
    another outgoing that
  • 00:04:26
    said we're doing a segment right now so
  • 00:04:29
    there you go as you can see see uh we're
  • 00:04:30
    picking up all the traffic and um uh the
  • 00:04:33
    other thing I want to point out is using
  • 00:04:34
    cam we can also sniff up passwords HTTP
  • 00:04:37
    passwords unless of course using uh like
  • 00:04:39
    SSL and that's one of the
  • 00:04:41
    countermeasures and we'll get into that
  • 00:04:42
    another time with how to protect
  • 00:04:43
    yourself from this attack which I would
  • 00:04:45
    highly recommend using Gmail if you
  • 00:04:47
    don't have it already because that's SSL
  • 00:04:49
    they're they're SSL all right Harrison
  • 00:04:51
    that looks pretty neat let's see if you
  • 00:04:52
    can get my FTP password for hack V.T
  • 00:04:54
    which is where we keep the episode files
  • 00:04:57
    thing logging into FTP now with a test
  • 00:05:03
    account I got it right here uh let's see
  • 00:05:06
    username is test Haack 5.two is lame
  • 00:05:10
    password that's exactly right well it
  • 00:05:13
    certainly is a lame password um all
  • 00:05:15
    right well uh now that we have
  • 00:05:17
    demonstrated it on our Network you want
  • 00:05:18
    to go try it out on somebody else's okay
  • 00:05:21
    you want to hit up the campus with the
  • 00:05:22
    coffee shop sounds good to me all right
  • 00:05:23
    let's go let's go
  • 00:05:28
    [Music]
  • 00:05:44
    all right so there's a guy behind us
  • 00:05:46
    he's inside the coffee shop okay and he
  • 00:05:49
    is can you hear
  • 00:05:50
    me yeah sorry about the volume we don't
  • 00:05:53
    have any wireless mics yet uh buy
  • 00:05:56
    T-shirts maybe we can afford them is a
  • 00:05:57
    guy using his little eyeb G4 and he
  • 00:06:01
    looks like a total sucker in college
  • 00:06:03
    stud let's go see okay all right so here
  • 00:06:06
    we are we're connected to the Link's
  • 00:06:07
    wireless network here at the coffee
  • 00:06:10
    shop okay bam all right we've got
  • 00:06:12
    traffic what do we have
  • 00:06:14
    here oh we got it right as he
  • 00:06:16
    disconnected from his IMAP server oh
  • 00:06:19
    Yahoo messenger o Yahoo messenger ymsg
  • 00:06:22
    so
  • 00:06:23
    ymsg
  • 00:06:25
    great we got uh full routing on two
  • 00:06:28
    different uh two different computers so
  • 00:06:30
    we're uping two different computers at
  • 00:06:31
    the same time switch over to and if we
  • 00:06:33
    head over to e real you can check out
  • 00:06:35
    here's Yahoo insta messenger traffic as
  • 00:06:38
    well as IMAP traffic for email scroll
  • 00:06:41
    down we just got some more uh so we can
  • 00:06:43
    just go down this list and there's tons
  • 00:06:45
    of traffic to go through but we could
  • 00:06:47
    save this and Kane will save any of the
  • 00:06:49
    passwords that are going through this
  • 00:06:51
    list so there we go Miss successful
  • 00:06:59
    sh
タグ
  • man-in-the-middle
  • ARP cache poisoning
  • network security
  • Nmap
  • Cain & Abel
  • packet sniffing
  • data interception
  • vulnerability
  • SSL
  • encryption