Linux question
hi all.
i'm doing a pentest on my internal network. I have 2 vms, one client and one server. I was able to get 1 root password by performing a man in the middle attack, the client was sending its credentials across the network (over ftp). I want to force the other to do the same. is there any way to do this?
i'm doing a pentest on my internal network. I have 2 vms, one client and one server. I was able to get 1 root password by performing a man in the middle attack, the client was sending its credentials across the network (over ftp). I want to force the other to do the same. is there any way to do this?
Comments
-
JDMurray
Admin Posts: 13,082 Admin
Are the two VMs communicating over a wired network with a hub or a switch, or inside of a virtual server through a vSwitch? -
SephStorm
Member Posts: 1,731 ■■■■■■■□□□
wired network. (they are both on a laptop connected to a switch) -
JDMurray
Admin Posts: 13,082 Admin
Where is your man-in-the-middle? Is it on one of the endpoints, or is it a third box sniffing the management port on the switch? And are you just sniffing, or are you attempting to hijack the FTP session?
-
SephStorm
Member Posts: 1,731 ■■■■■■■□□□
I used Ettercap to perform the attack from a third vm. ALL of the three vms involved are on the same PC hooked into a switchport and using bridged networking in vmware.
-
SephStorm
Member Posts: 1,731 ■■■■■■■□□□
bump (sry, been running a bruteforce for three days, would prefer to avoid hitting a week.
)