Book Image

Penetration Testing with the Bash shell

By : Keith Harald Esrick Makan
Book Image

Penetration Testing with the Bash shell

By: Keith Harald Esrick Makan

Overview of this book

Table of Contents (13 chapters)

Man-in-the-middle attacks


Using what we've learned in the ARP abuse subsection of this chapter, we can actually perform more elaborate man-in-the-middle (MITM)-style attacks building on the ability to abuse address resolution and host identification schemes. This section will focus on the methods you can use to do just that.

MITM attacks are aimed at fooling two entities on a given network into communicating by the proxy of an unauthorized third party, or allowing a third party to access information in transit, being communicated between two entities on a network. For instance, when a victim connects to a service on the local network or on a remote network, a man-in-the-middle attack will give you as an attacker the ability to eavesdrop on or even augment the communication happening between the victim and its service. By service, we could mean a web (HTTP), FTP, RDP service, or really anything that doesn't have the inherent means to defend itself against MITM attacks, which turns out to be...