5

I would like to clarify that this is not aimed at being a malicious attack and is being assisted by my school's IT department and my computer science teacher. It is fully sanctioned.

The primary goal is to intercept a computer, then using the driftnet program to intercept all pictures being loaded to the client's computer.

The syntax of my commands is correct (proved by me testing at home with perfect results), but I think my failure is related the school's networking. This is supported by the fact that when I run bettercap with targets specified correctly, it returns that it is unable to determine the router's MAC. When I run arpspoof, the output appears to be completely normal, but the client's Internet is completely interrupted, it is stuck at loading then displays a connection error. This is fixed when I stop arpspoof. And yes, I have run: $sudo sysctl -w net.ipv4.ip_forward=1

My procedure:

  • 10.47.68.107 is the client
  • 10.47.0.1 is what the client says is the router in preferences

Other clients are always assigned 10.47.x.x, the x appears to increase as the spots are leased. All clients show 10.47.0.1 as the router. However there are clearly around 100 access points in the school.

I start an arpspoof session from the client (10.47.68.107) to the router (10.47.0.1) and vice versa. Next, I start driftnet. This same exact procedure worked at my house, which leads me to the conclusion that this is a networking problem. What am I doing wrong?

I'm using Parrot Sec OS 3.5 (Full)

schroeder
  • 123,438
  • 55
  • 284
  • 319
Lukas
  • 61
  • 4
  • Are the arp messages being blocked by the router? Are arp packets being filtered by the target client if they do not originate from a defined dhcp server? Does the target computer have a static IP? Is the computer you are on in a different VLAN than the computer you are targeting? – CaffeineAddiction Mar 10 '17 at 03:36
  • Sounds like something is blocking external communication. One thing to look at are the firewall/iptables settings in case you've used a different device for home demonstration. Also, is this happening on any machine you are trying to spoof inside the LAN or just one in particular? – user633551 Mar 10 '17 at 09:56

1 Answers1

1

First of all, I always prefer MITMF tool to practice a "Man In The Middle Attack".

In addition, monitor the network traffic during the attack using Wireshark to identify what is really going on in the network.

Moreover, you should make sure about DNS settings of your school. The DNS settings can be different between your home and your school. Large public areas such as schools, universities usually configure their own proxy and DNS settings. The difference in DNS settings usually the cause of "no internet" problem while trying a MITM attack.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Pilfility
  • 442
  • 4
  • 14
  • The OP is reporting layer 2 problems, which seems to indicate that DNS is not an issue. – schroeder May 22 '18 at 12:33
  • But it is mentioned that arpspoof has solved the layer 2 problem, however the client's display connection error. Well, that was the reason, I have advised to use MITMF tool which I believe that it very configurable and poison effectively. Also, a good analyzing of the report from Wireshark is needed to identify if they are really layer 2 problems or not. – Pilfility May 22 '18 at 12:49
  • arpspoof still showed a layer 2 problem, though – schroeder May 22 '18 at 13:19