Popular ethical hacking tricks on LAN

Birla Institute of Technology, Mesra has a large Local Area Network. Several computers are connected through hundreds of routers and switches. The local network has served several purposes whether it is file sharing through DC or organizing an online event. Such interconnection has made it vulnerable to attacks. The LAN is based on old ethernet technology. It is a good playground to practice ethical hacking. I am going to list you some working techniques that can be easily tried. I won't be telling you complete steps on how to do it. Please use it for learning purpose only.

1. Brute-force to any local website

Everyone has to login to Cyberoam before they can access the fast Internet available on the ethernet. There are several automated scripts written in various languages to login to Cyberoam. Since Cyberoam is available on a local network, it is much faster to get the response for login credentials. Once the path is resolved, it takes a maximum of 5 hops for the packet to reach Cyberoam and reply back. 

You can try out thousands of password per minute. Think about the freshers, their password is some combination of Date of Birth. A maximum of 1000 trial is required to get their password.

Here is an automated login script in Python.

2. Eavesdropping

From listening comes Wisdom.
Eavesdropping is listening to network traffic without doing any harm. You can listen to all the packets being sent or received on your subnet. Each hostel has its own subnet so you can only listen to packets being sent or received by someone within your hostel. Think about what you can do if the packets are unencrypted.

Wireshark is a popular tool to capture all the packets in the network. It is available for both Windows and Linux.

3. ARP Poisoning

ARP poisoning is one of the most powerful man-in-the-middle attacks. It makes your system send poisoned ARP packets to the network. Your system starts to claim that the specified IPs within the subnet belong to your MAC address and you start receiving all the packets that you can save and forward to maintain the MITM state.

I would recommend you to use Ettercap on Kali Linux (no virtual but on a physical machine). Most of the servers on LAN are unencrypted whose passwords can be easily known using ARP poisoning. Let me give you an example. The online portal of the college's ERP and college's Training and Placement portal is unencrypted.

4. DNS Spoofing

DNS spoofing is an active attack in which your computer claim's to the Domain Name Server of the network. Your replies are so active that it fools other systems to believe that you are a legal DNS and you can use this to redirect them to an incorrect server for insecure websites (for the secure ones you have to use SSL Stripping which is very difficult nowadays after the introduction of HSTS protocol).

Again, Ettercap on Kali Linux is recommended for DNS spoofing as well. It can be easily used for phishing. Just redirect them to servers hosted by you and you can get all their details. For example, once we spoofed all the domains to our servers which hosted a Cyberoam login page. Upon seeing the page, users were convinced that they are not logged in and entered their username and password which was received by us. We got hundreds of accounts using this trick (Ethical hacking is an art indeed. You have to think of a creative way to do it).

5. Denial of Service 

This is very difficult on the local network because of the high bandwidth. But, with proper file size, it's possible. All you need to do is to a multicast of a huge amount of data using UDP. Make sure you use multicast as broadcasted packets are easily detected and sometimes not accepted.

6. Scanning

There are a lot of tools like ARP, Ping, Nmap etc which can be used to scan a network and open ports. This can help you discover some hidden systems. For example, all the switches and routers on the local network are accessible on LAN. As of April 2019, their password is the default password provided by the manufacturer. You can easily log in to them and close ports or redirect the packets to your system. 

7. Metasploit

Metasploit framework is a popular tool to scan a system on the network and find vulnerabilities. Use the framework to scan routers or special systems like DC Hub. You can find a lot of open ports which can be used to attack the system. Ethical hacking required practice. Vulnerabilities are everywhere. You have to search for them. And metaspoilt is a very tool for the same.

All the tools listed above have been tested to work. You might need a little practice before you can get competent.


Popular posts from this blog

DDoS Attack on Bitotsav '19 Website

Setting up Machine Learning environment on High Performance Computing Server

Architecture of High Performance Computing Server at BIT Mesra