Man in the middle attack penetration test

First step , Open the network topology , Start the experimental virtual machine , View the virtual machines separately IP Address ：

Kali Linux

Linux

Windows XP

1. Enter the client Windows XP, stay CMD View the local arp Operation of cache table , And take the command used in this operation as Flag Value submission ;

Flag：arp -a

2.  On the client side Windows XP Of CMD Clear local from the command line arp Cache table , And take the command used in this operation as Flag Value submission ;

Flag：arp -d

3. Through the infiltration machine Kali Linux Client side Windows XP And target aircraft Linux Conduct man in the middle attack penetration test , Use echo Command to start the infiltration machine Kali Linux The routing and forwarding function of , And take the absolute path of the configuration file as Flag Value submission ;

Flag：/proc/sys/net/ipv4/ip_forward

4. Through the infiltration machine Kali Linux Client side Windows XP And target aircraft Linux Conduct man in the middle attack penetration test , adopt arpspoof Command to client （Windows XP） And target aircraft （Linux） Conduct arp Pollution , And take the parameters that must be used in this operation as Flag Value submission ;

Flag：t

5. After the successful man in the middle penetration attack , Infiltration machine Kali Linux Can listen to the client Windows XP To the target （Linux） Medium login.php The login website user name submitted by the page 、 Password and other information . Using client Windows XP On the table Chrome Browser access Linux Target's Web Site http://Linux Drone aircraft ip/login.php, Use the saved user name , Password direct login , And in Kali Linux Use packet capture software on Wireshark Carry out the bag , Set up Wireshark Filtering rules , Filter all requests by POST Of HTTP Request package , Use the filter expression you want to use as Flag Value submission ;（== Don't put a space before or after the symbol ）

First enter the infiltration machine kali On , Use command wireshark Open the packet capture software , Turn on eth0 Network card monitoring

Then enter the client and open Chrome browser , visit http://172.16.1.200/login.php page , User name and password have been automatically filled , Click on Login Log in

After successful login, return to the penetration machine , Use filter rules to filter

Flag：http.request.method==POST

6. The analysis caught POST Request package , And will POST The client in the request content （Windows XP） To the target （Linux） Medium login.php Page submitted admin The user's password is used as Flag Value submission ;

Flag：iNDs1r3Q