Options
Linux question
hi all.
i'm doing a pentest on my internal network. I have 2 vms, one client and one server. I was able to get 1 root password by performing a man in the middle attack, the client was sending its credentials across the network (over ftp). I want to force the other to do the same. is there any way to do this?
i'm doing a pentest on my internal network. I have 2 vms, one client and one server. I was able to get 1 root password by performing a man in the middle attack, the client was sending its credentials across the network (over ftp). I want to force the other to do the same. is there any way to do this?
Comments
-
Options
JDMurray
Admin Posts: 13,035 Admin
Are the two VMs communicating over a wired network with a hub or a switch, or inside of a virtual server through a vSwitch?
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray -
Options
SephStorm
Member Posts: 1,731 ■■■■■■■□□□
wired network. (they are both on a laptop connected to a switch) -
OptionsJDMurray
Admin Posts: 13,035 Admin
Where is your man-in-the-middle? Is it on one of the endpoints, or is it a third box sniffing the management port on the switch? And are you just sniffing, or are you attempting to hijack the FTP session?
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray -
OptionsSephStorm
Member Posts: 1,731 ■■■■■■■□□□
I used Ettercap to perform the attack from a third vm. ALL of the three vms involved are on the same PC hooked into a switchport and using bridged networking in vmware.
-
OptionsSephStorm
Member Posts: 1,731 ■■■■■■■□□□
bump (sry, been running a bruteforce for three days, would prefer to avoid hitting a week.
)