Popular Ethical Hacking Tricks on LAN

By
Birla Institute of Technology, Mesra has a large Local Area Network. Several computers are connected through hundreds of routers and switches. The local network has served several purposes whether it is file sharing through DC or organizing an online event. Such interconnection has made it vulnerable to attacks. The LAN is based on old ethernet technology. It is a good playground to practice ethical hacking. I am going to list you some working techniques that can be easily tried. I won't be telling you complete steps on how to do it. Please use it for learning purpose only.

1. Brute-force to any local website

Everyone has to login to Cyberoam before they can access the fast Internet available on the ethernet. There are several automated scripts written in various languages to login to Cyberoam. Since Cyberoam is available on a local network, it is much faster to get the response for login credentials. Once the path is resolved, it takes a maximum of 5 hops for the packet to reach Cyberoam and reply back. 

You can try out thousands of password per minute. Think about the freshers, their password is some combination of Date of Birth. A maximum of 1000 trial is required to get their password.

Here is an automated login script in Python.

2. Eavesdropping

From listening comes Wisdom.
Eavesdropping is listening to network traffic without doing any harm. You can listen to all the packets being sent or received on your subnet. Each hostel has its own subnet so you can only listen to packets being sent or received by someone within your hostel. Think about what you can do if the packets are unencrypted.

Wireshark is a popular tool to capture all the packets in the network. It is available for both Windows and Linux.

3. ARP Poisoning

ARP poisoning is one of the most powerful man-in-the-middle attacks. It makes your system send poisoned ARP packets to the network. Your system starts to claim that the specified IPs within the subnet belong to your MAC address and you start receiving all the packets that you can save and forward to maintain the MITM state.

I would recommend you to use Ettercap on Kali Linux (no virtual but on a physical machine). Most of the servers on LAN are unencrypted whose passwords can be easily known using ARP poisoning. Let me give you an example. The online portal of the college's ERP and college's Training and Placement portal is unencrypted. Here is a cheatsheet for Ettercap for handy use.

4. DNS Spoofing

DNS spoofing is an active attack in which your computer claim's to the Domain Name Server of the network. Your replies are so active that it fools other systems to believe that you are a legal DNS and you can use this to redirect them to an incorrect server for insecure websites (for the secure ones you have to use SSL Stripping which is very difficult nowadays after the introduction of HSTS protocol).

Again, Ettercap on Kali Linux is recommended for DNS spoofing as well. It can be easily used for phishing. Just redirect them to servers hosted by you and you can get all their details. For example, once we spoofed all the domains to our servers which hosted a Cyberoam login page. Upon seeing the page, users were convinced that they are not logged in and entered their username and password which was received by us. We got hundreds of accounts using this trick (Ethical hacking is an art indeed. You have to think of a creative way to do it). Here is a cheatsheet for Ettercap for handy use.

5. Denial of Service 

This is very difficult on the local network because of the high bandwidth. But, with proper file size, it's possible. All you need to do is to a multicast of a huge amount of data using UDP. Make sure you use multicast as broadcasted packets are easily detected and sometimes not accepted.

6. Scanning

There are a lot of tools like ARP, Ping, Nmap etc which can be used to scan a network and open ports. This can help you discover some hidden systems. For example, all the switches and routers on the local network are accessible on LAN. As of April 2019, their password is the default password provided by the manufacturer. You can easily log in to them and close ports or redirect the packets to your system. 

7. Metasploit

Metasploit framework is a popular tool to scan a system on the network and find vulnerabilities. Use the framework to scan routers or special systems like DC Hub. You can find a lot of open ports which can be used to attack the system. Ethical hacking required practice. Vulnerabilities are everywhere. You have to search for them. And metaspoilt is a very tool for the same.

All the tools listed above have been tested to work. You might need a little practice before you can get competent.

Comments

  1. jeya sofiaApril 18, 2020 at 12:36 AM

    Nice article you have posted here.Thank you for sharing this information. Share more like this.
    Ethical Hacking Course in Anna Nagar
    DevOps Course in Tambaram
    German Classes in Anna Nagar
    RPA Training in T Nagar
    Selenium Training in Anna Nagar
    Software Testing Training in T Nagar
    SEO Training in omr
    Selenium Training in Velachery
    Software Testing Training in chennai
    German Classes in T Nagar

    ReplyDelete
  2. Banu RaviMay 11, 2020 at 6:14 AM

    Outstanding blog with lots of information. Keep posting more like this.
    Ethical Hacking Course in Chennai
    Ethical Hacking Training in Chennai
    Hacking Course in Chennai
    Ethical Hacking Training in Bangalore
    Ethical Hacking Institute in Bangalore
    Ethical Hacking course in Coimbatore
    Ethical Hacking Course in Anna Nagar
    Ethical Hacking course in Bangalore

    ReplyDelete
  3. William JessieNovember 6, 2020 at 2:24 AM

    I admire this article for well-researched content and excellent wording. Thank you for providing such a unique information here. school grade hacker online

    ReplyDelete
  4. getanhackerDecember 9, 2020 at 3:50 AM

    Very valuable information, it is not at all blogs that we find this, congratulations I was looking for something like that and found it here. Professional Cell Phone Hackers

    ReplyDelete
  5. aaronnssdFebruary 8, 2021 at 3:12 PM

    You have shared a nice article here about the -hacker . Your article is very informative and nicely describes the causes and natural remedies of Snoring. I am thankful to you for sharing this article here.Professional hacker for hire

    ReplyDelete
  6. getanhackerFebruary 12, 2021 at 5:31 AM

    You have a genuine capacity to compose a substance that is useful for us. Much obliged to you for your endeavors in sharing such sites to us. Hire Someone To Hack A Phone

    ReplyDelete
  7. BITA AcademyFebruary 23, 2021 at 5:07 AM

    Great blog, finding an institute that provides the best Ethical Hacking training in Chennai is difficult. Glad to come across this.

    ReplyDelete
  8. Enterprise SystemsMarch 17, 2021 at 11:28 AM

    You have posted such excellent information about the hacking tricks on LAN. It is beneficial for everyone.Fortinet Houston. Keep posting.

    ReplyDelete
  9. techpersondigiApril 1, 2021 at 4:14 AM

    I haven’t seen such quality work in a long time. Great job!
    local network

    ReplyDelete
  10. christian bushMay 1, 2021 at 2:22 PM

    Very well written article. It was an awesome article to read. Complete rich content and fully informative. I totally Loved it. Hire A Professional Website Hacker

    ReplyDelete
  11. HackersphaseSeptember 2, 2021 at 11:14 PM

    wonderful post about hacking. this is very well written and unique. Thank you for sharing this post here. keep sharing this in future. Ethical Hacker For Hire

    ReplyDelete
  12. Laura BushSeptember 4, 2021 at 12:48 PM

    I generally check this kind of article and I found your article which is related to my interest.spy software

    ReplyDelete
  13. christian bushSeptember 8, 2021 at 7:51 PM

    Excellent job, this is great information which is shared by you. This info is meaningful and factual for us to increase our knowledge about it. So please always keep sharing this type of information. Read more info about Hire a hacker

    ReplyDelete
  14. HackersphaseSeptember 11, 2021 at 6:04 AM

    I am grateful that I was able to learn something useful from this article about . Hire A Cell Phone Hacker . After reading it, I believe you possess excellent expertise. Thank you for sharing that. Keep up the good workl.

    ReplyDelete
  15. Swift HackersOctober 16, 2021 at 5:47 AM

    This is really a good source of information, I will often follow it to know more information and expand my knowledge, I think everyone should know it, thanks Best hire a hacker to get a password service provider

    ReplyDelete
  16. Thomas millerOctober 29, 2021 at 8:50 AM

    Looking great work dear, I really appreciated to you on this quality work. Nice post!! these tips may help me for future. if you want to get one of the best Professional hackers. then visit our website.

    ReplyDelete
  17. Hire Guru HackersOctober 30, 2021 at 1:54 AM

    Hey what a brilliant post I have come across and believe me I have been searching out for this similar kind of post for past a week and hardly came across this. Thank you very much and will look for more postings from you Best Genuine hackers for hire Services Provider

    ReplyDelete
  18. reachcreativelyyoursNovember 3, 2021 at 4:31 AM

    Extremely useful information which you have shared here about Digital Real Estate Marketing. This is a great way to enhance knowledge for us, and also beneficial for us. Thank you for sharing an article like this.

    ReplyDelete
  19. Lucy senNovember 11, 2021 at 11:28 AM

    The information you've provided here is fantastic because it provides a wealth of information that is really useful to me. Thank you for sharing for this post. if you want to get one of the best Cell phone hacker. then visit our website.

    ReplyDelete
  20. EntropiaNovember 13, 2021 at 1:09 PM

    The delightful article you have posted here. This is a good way to increase our knowledge.Undetected Private Overwatch hacks Continue sharing this kind of articles, Thank you.

    ReplyDelete
  21. HackvistNovember 18, 2021 at 9:43 AM

    You have given important data for us. It is excellent and informative for everyone. Always keep posting. I am very thankful to you. Read more info about Ethical Hackers for Hire

    ReplyDelete
  22. Revive hackerNovember 22, 2021 at 1:28 AM

    This comment has been removed by the author.

    ReplyDelete
  23. Revive hackerNovember 22, 2021 at 1:31 AM


    This is really a good source of information, I will often follow it to know more information and expand my knowledge, I think everyone should know it, thanks.Best professional hacker for hire service provider

    ReplyDelete
  24. HackvistDecember 20, 2021 at 2:29 PM

    You have given essential data for us. about Social Medial Hackers for Hire It is excellent and good for everyone. Keep posting always. I am very thankful to you.

    ReplyDelete
  25. uniqueaimincDecember 24, 2021 at 10:33 AM

    This is a very interesting post. Your information is very important to me. Thanks for sharing.Cisco certification online

    ReplyDelete
  26. Revive hackerJanuary 7, 2022 at 11:18 PM

    It’s great to come across a blog every once in a while that isn’t the same out of date rehashed material. Fantastic read. Best hacker for hire usa service provider.

    ReplyDelete
  27. Mary JamesJanuary 20, 2022 at 4:28 AM

    This article provided me with a wealth of information. The article is both educational and helpful. Thank you for providing this information. Keep up the good work. Hire A Cell Phone Hacker

    ReplyDelete
  28. ITGOLD SolutionsFebruary 25, 2022 at 8:52 PM

    I am thankful to this blog giving unique and helpful knowledge about this topic. Vonex NBN

    ReplyDelete
  29. ITGOLD SolutionsFebruary 25, 2022 at 9:00 PM

    I found one successful example of this truth through this blog. I am going to use such information now. Cyber security stress test

    ReplyDelete
  30. MorganApril 6, 2022 at 9:21 AM

    On the offensive side, Cybersecurity can spur development and increase the skill sets of residents in counties like Prince George's County, OPM Cybersecurity

    ReplyDelete
  31. Revive hackerApril 7, 2022 at 9:07 PM

    After a long time, I read a very beautiful and very important article that I enjoyed reading. I have found that this article has many important points, I sincerely thank the admin of this website for sharing it. Best Best Hacker for social media service provider.

    ReplyDelete
  32. Enfortra IncMay 17, 2022 at 2:07 PM

    I generally check this kind of article and I found your article which is related to my interest. Genuinely it is good and instructive information, Identity Theft Protection Software Thankful to you for sharing an article like this.

    ReplyDelete
  33. primaryhackersFebruary 1, 2023 at 5:05 PM

    I just need to say this is a well-informed article which you have shared here about topic. Cell Phone Hacking Services It is an engaging and gainful article for us. Continue imparting this sort of info, Thanks to you.

    ReplyDelete

Post a Comment

Popular posts from this blog

Hack-A-BIT 2018

By
A WhatsApp group named "BIT Hackathon" on 9th May 2018. It was an initiative no senior has taken to date. I was supposed to the biggest initiative ever taken by a BITian. Discussion started immediately about the name. Ayush came up with a suggestion - Hack-A-BIT. Everyone immediately accepted the name. At the same time, Ankit formed a separate group of K16 juniors to keep them updated with the Hackathon. No work was done during the entire summer. It seemed like everyone had lost their interest in organizing the Hackathon. Finally, on 20th July, the first meeting was held. All the core members (except girls) were part of that meeting. The initial estimates of the Budget were made. All the points related to the Hackathon was noted. We could not have let the slack loose. On the same day, the core team was finalized and event details were also documented. A permission letter was drafted which was signed by the three presidents - Anuj, Aashray and Aakarshit.  The initial eve
Read more

DDoS Attack on Bitotsav '19 Website

By
Image
This is not a technical write up. This is a story that I want to share which might be a lesson for several Web & App developers out there. Bitotsav is the annual cultural fest of BIT Mesra and the Tech Team was responsible for developing the Website and the Android App. There were 46 events in the fest and we were responsible for sending out updates (announcements, results, etc.) for each event to the app. 16th February 2019, on the 2nd day of the fest, the website started experiencing problems. The website got slower and slower. The website was hosted on Microsoft Azure Virtual Machine. It was evening around at 5:00 PM. I checked the logs for the Virtual Machine. In the past 6 hours, 700 GB of data was uploaded and downloaded from the server. The Virtual Machine had 4 VCPUs and all of them were being rigorously used. Due to such huge traffic, all the APIs stopped responding. The app was no longer usable. No updates could be sent to the participants. What was happening? In the
Read more