hfut network offensive and defensive project two
When I first came into contact with this experiment, although I have used some Linux systems, I am relatively unfamiliar with the construction of a virtual network environment. This article mainly talks about how to configure a virtual network environment.
topic
Use VMware's NAT mode or Host mode to build a virtual network similar to the figure below.
Attack experiment
Please select one host as the attacker in the above experiment environment, and the others as normal hosts. Use the attacker to carry out any three of the following experiments (install appropriate tools such as wireshark on the attacker or normal host to capture the traffic proof):
(1) MAC flooding;
(2) VLAN spanning;
(3) ARP DOS ;
(4) ARP Middleman,
(5) IP address spoofing;
(6) ICMP DOS;
Configure network steps
download
Due to computer performance, I chose to use the ubuntu server without graphics . This download can be any version, which has no effect on the experiment. Of course, your computer is powerful (the memory is larger than mine), and you can directly use it with ubuntu and kali. Graphical system (actually, you must download a text with graphics, because when doing experiments, the attacker needs to capture packets while attacking)
Install virtual machine
In this step, you can find the tutorial corresponding to the mirror version you downloaded on the Internet and install it.
Install the necessary packages
The following operations need to be performed after each virtual machine is installed, of which dsniff and tcpdump only need to be installed in the attacking machine
sudo apt update
apt list --upgradable
sudo apt upgrade
sudo apt install dsniff
sudo apt install net-tools
sudo apt install tcpdump
sudo apt install arping
Build the left half
First, create a VMnet2 in the virtual network editor in VMware (the name is not important, the configuration is the most important), and the specific settings are as follows. The
subnet ip can be set by yourself. Set
the IP of ubuntu3.
First select the network adapter, select the one created above
Configure ip Configure the ip of
ubuntu3 and ubuntu4
设置IP和掩码
sudo ifconfig ens33 192.168.42.1
# 这个ip是自己设置的,最后一位可以更改
After the setting is completed, you can use the ifconfig command to view
Check if it is successful
Ping each other:
ubuntu3 ping ubuntu4:
ubuntu4 ping ubuntu3:
Ubuntu3 and ubuntu4 can ping each other, which proves that VMnet2 is successfully built
Build the right half
The operation is the same, the step is to create a new network, and then set the ip of ubuntu1 and ubuntu5
Configure routing
Configure two network cards for ubuntu2, ens33 points to VMnet2, and ens38 points to VMnet3.
Click Add and select the network adapter to create a second network
card. Set ip for the two network cards respectively:
# 我的操作是:
sudo ifconfig ens33 192.168.42.3
sudo ifconfig ens38 192.168.2.3
# 这个ip是自己设置的,最后一位可以更改
Set the gateway Set the gateway
for ubuntu3 and ubuntu4 to the ens33 address of ubuntu2: 192.168.42.3
sudo route add default gw 192.168.42.3
Set the gateway for ubuntu1 and ubuntu5 to the ens38 address of ubuntu3: 192.168.2.3
sudo route add default gw 192.168.2.3
Start ip forwarding
sudo nano /etc/sysctl.conf
Modify the content and uncomment the status of net.ipv4.ip_forward = 1
Reboot
sudo sysctl -p
192.168.42.0:3307 forwarded to 192.168.2.0:3307
sudo iptables -t nat -A PREROUTING -p tcp --dport 3307 -j DNAT --to-destination 192.168.42.0:3307
sudo iptables -t nat -A POSTROUTING -d 192.168.42.0 -p tcp --dport 3307 -j SNAT --to 192.168.2.0
Save changes
sudo service iptables save
Test: If you
can ping each other to ping across routes, it means success
So far, the network has been successfully built
conduct experiment
I will not give a detailed process here, only the ideas
mac flood
ubuntu2: man-in-the-middle attack machine
ubuntu3: client
ubuntu4: ftp server
- Deploy FTP service on ubuntu4
- Test whether ftp is normal on the client
- Open three windows on the attacker at the same time and use the macof command to fill up the address table in a short time
- Use tcpdump on the man-in-the-middle attack machine to start capturing packets
- The client logs in to ftp normally
- Check the packet capture result on the attacking machine, which contains the account and password for the client to log in
ARP DOS attack
Ubuntu5: the attacked machine
Ubuntu1: the attacked machine
- ubuntu1 sends a large number of arp responses to ubuntu5
- ubuntu1 uses tcpdump to capture packets and finds a large number of arp packets
- The attacked machine ubuntu5 cannot ping the gateway normally
- After the attack stops (stop sending arp response), the attacked machine ubuntu5 can ping the gateway normally
ARP Middleman attack
Ubuntu5: the attacked machine
Ubuntu1: the attacked machine
- Enable the IP forwarding of the attacker ubunut1 (the operation is similar to the configuration routing)
- Attack the victim ubuntu5 and forward its traffic to the gateway
- Attacker ubuntu1 uses tcpdump to capture packets
- The attacked machine ubuntu5 normally logs in to FTP
- Check the packet capture result on the attacking machine, which contains the account and password for the client to log in