diannaosec

  The aim of this lab was to gain a better understanding of man in the middle attacks and the (outdated) tools Cain and Abel. To start with, I used Remote Desktop to connect to an auditing machine on the target network. Cain was already installed on the machine, so I fired it up and started an ARP scan of the network. Wireshark shows that these ARP requests were sent to all of the machines on the subnet as they were sent to the ff:ff:ff:ff:ff:ff broadcast address. My next task was to launch a man in the middle attack against the machine @ 172.16.5.5 and its default gateway @ 172.16.5.1 This attack tricks the two targeted machines into sending their data to my attacking machine which allows me to view and / or edit the data before passing it on to the correct destination - a man in the middle attack. This works because we are able to send gratuitous ARP replies in which we tell a machine that our MAC address is at a specified IP. When we do this to two different machines, telling ea...

  The goal of this lab was to retrieve a valid set of credentials and establish a shell on one of the machines on a LAN. I started by scanning the network to find live hosts and then which ports and services they were running. Via this scanning, I determined the following: The host @ 10.10.10.5 had filtered or closed ports for TCP connections, but it had port 161 open for UDP connections as it was running SNMP Version 1 on that port. Furthermore, nmap found a valid community string (public) for that service. The host @ 10.10.10.20 was possibly running SNMP, but not definitely as port 161 returned an open | filtered state when tested using UDP The host @ 10.10.10.20 had ports 139 and 445 open (139 for TCP connections for NetBIOS over IP sessions using SMB and port 445 for SMB over IP) The host @ 10.10.10.20 was running an old server OS (Service Pack 1) All of this was interesting, and bearing in mind the goals of the lab, it seemed most likely that I would be able to find credential...