Disclaimer : This topic is for Educational Purpose only. I will not encourage you to perform this knowledge for the purpose of harassing or gaining advantage for others. Let's be aware that there are Laws pertaining to Cyber Attack, but this topic is actually used by Penetration Testers who have the consent to perform this, for the sake of knowing the weakness of such PC-Network System. As in the movie Spiderman- said " Great Powers comes with Great Responsibility ", so you are Responsible for your Action. Just do this in your Lab whether at school, home or at work.
Lab Tools Needed :
-- A PC or Laptop with at least 4GB of memory and CPU Processor Dual Core and up.
-- CPU that support Virtualization Technology
-- Any of Virtual Machine Platform - Virtual Box, VMWare, Virtual PC, but I prefer Virtual Box by Oracle because it is FREE.
-- Backtrack 5 Release 3 or Kali Linux ( the updated version of Backtrack)
In this experiment I made my Laptop to run under two Operating System, the first OS is Windows 7 which is my physical machine and the second OS is BackTrack 5 Release 3 running in Virtual Box Virtual Machine. I made my physical machine (Windows 7) as the target or the victim and the Virtual Machine as attacker or a hacker. The great benefits of Virtual Machine is you will not need another physical computer just to make an experiment. Using only 1 PC, you will set-up a real world simulation in a physical and virtual environment, soon I will make a tutorial regarding Virtualization or creating a virtual machine.
I will demonstrate in this experiment the SSLSTRIP technique widely known in Hacking world. This technique or exploit was discovered or implemented by Moxie Marlinspike in Defcon 17 Conference entitled More Tricks for Defeating SSL. You may watch the video for more detailed information, under the links below.
Moxie Marlinspike is a pseudonym in computer hacking world, a ethical hacker who exposed this threat . He outlined many problems regarding the security on the Internet and thus shape the world of securing authenticity we have now.
Although there are many technique available, I'd rather use this technique because it's shape the world of how authenticity should be. So let's move on and do the action for better understanding.
Let's do the simulation, for example you are surfing the net in a cafe, you do your normal online work, checking Facebook, Twitter, email and sometimes doing online banking transaction, let's say a hacker is also in the cafe, then he launch the attack unknown to you, then the rest will definitely change your online life.
Time for Action :
In our virtual machine running Backtrack 5r3, type this command in terminal command line, to begin the packet forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
Then we have to adjust the ip tables to redirect the traffic to port that SSLStrip are going to use
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
Now that the packet forwarding is enabled and path is redirected to the destination port that SSLStrip will use, we're going to verify if it's successful. Issue the ff. command
iptables -L -t nat
Everything is set, let's run the SSLSTRIP and start listening to the designated redirected port.
sslstrip -k -l 10000
So the SSLSTRIP is now running, we need to know what actually SSLSTRIP gathers, the data will display in plain text, so that we have the idea what information is actually present, in direct term, Is the log-in credentials like username and passwords successfully captured when the hacker launch the attack ?. Open another terminal command line, type the command below. This will capture all the log-in credentials. Let it running.
tail -f sslstrip.log
Then the second part of the attack, a hacker needs to know some information regarding the network, like the i.p addressing scheme and how many clients are connected. When the information is now sufficient then the hacker have now the idea when and where to launch the attack.
In this second part a hacker will use a packet sniffing software capable of launching a " man in the middle attack ".Open another terminal command line, then select Unified Sniffing.
ettercap -G
A drop down box will appear showing the network interface you will use, if you are using a WiFi USB Adaptor when doing this test select wlan0, if not select eth0.
After the right network interface is now set, a hacker start to scan the whole network, displaying the I.P address and all the connected clients, thus enabling to launch the attack, and have the option to attack the whole network or only choose a single client. It's not ideal to attack the whole network, because it will turn into a crawl, thus the effectiveness of the attack might fail.
You will see now that there are 2 hosts added, In a Internet cafe, expect a higher number of connected hosts.
In order for you to see the I.P address of each host just click the Hosts > Host List
Now that the hosts are identified, the Internet Gateway must be identify also, open another command line terminal then type
netstat -r
When you refer to the output of the host list in Ettercap, you will notice the 192.168.254.1, and when you type the netstat -r, you see that the gateway is 192.168.254.1, this I.P address is the address of the Router or the WiFi access point. Now that the gateway and the host are identified, a hacker will launch the attack by performing the so called " Man in the Middle Attack ". I will explain this attack later.
To perform MITM , just click the I.P address of a client and click Add to target 1, click the I.P address of the router and click Add to Target 2.
Then click MITM menu and select ARP Poisoning, and choose Sniff Remote Connections.
Then the last part Start the sniffing by clicking start menu in Ettercap and click Start Sniffing.
All is set, the hacker just wait if the victim open any social media account, email or banking account, and all the data comes across the network is intercepted, thus capturing any log-in credentials like username and passwords.
You might remember that in this experiment I place my physical machine as the victim and the virtual machine as an attacker. I log-in to my Humanatic account and also open my Facebook account using dummy account for testing. Below is the result of intercepted data. And that's explain how SSLSTRIP and Ettercap works in real world.
You see that I was able to intercept the credentials, the passwords and username for each account in the log of SSLSTRIP. This is happening and this is deadly,and might compromised a single account or even many accounts just by launching this kind of attack in a public WIFI, or in a Internet Cafe or any home or business entities that are susceptible to this kind of threat.
As I've said I present this experiment to let the reader beware and take necessary precautions, I do not encourage anyone to do this for the sake of gaining advantage for others. It is a big crime in any society and anyone caught might be penalized.
Look at the two images below of how SSLSTRIP works and Man in the Middle Attack, this simple images will give you the idea of how this sophisticated attack when combined gives a disaster and might compromised any individual account.
 |
| Source : bahansen.info |
 |
| Source : snak3187.blogspot.com |
This post takes too long, just follow this coz I will present some possible solutions in order to detect it and prevent you as the next victim, but for the meantime you have now the ideas of how using public internet or WiFi possesses threat to your sensitive accounts. Just take necessary precautions or I might suggest that do not transact any sensitive transactions, like banking online when you are in the public Internet.
Hope you learn from this article.
This is very helpful. Thanks for sharing!
ReplyDeleteVery informative indeed! I see the post is more than 6 months old and I don't see new posts. It would be coo if you had the time to make a follow up post to this and also another humanatic post with more tips you might have learned during these months. I'm a begginer Human reviewer and I'm following your advice. A million thanks!
ReplyDeleteThanks for visiting! O.k, I will soon write more regarding topic that your interested in. I was too busy then with my other job. By the way, how far have you gone through to Humanatic?
DeleteIf you have specific question about Humanatic, just post your comment in Humanatic Infos Topic, so that others will see also. Thanks again!