|
|||||||
| Newbie Area Welcome to the BackTrack Forums! Please check this section and post to it if you are new to BackTrack, the Forums, or both. |
 |
|
|
LinkBack | Thread Tools | Display Modes |
11-29-2009, 04:19 AM
|
|||
|
|||
Backtrack 4 Arpspoof Within VMWare Player
I'm having problems using arpspoof in backtrack 4 from within VMWare player. I was trying out sslstrip which i found from episode 610 from hak5. All of my settings are correct, i have ip forwarding on and everything. I have backtrack 4 running in vmware player on windows 7, and the victim is a windows xp vm running in vmware workstation on ubuntu 9.04. My problem occurs when I try to arpspoof using backtrack and the victim computer loses their internet connection. Is this a problem with running it from VMWare? I have the vm's connection setup as bridged replicating the physical network, and i believe the same on the victim too. Any help would be greatly appreciate!! Thanks so much!
|
|
11-29-2009, 05:15 AM
|
||||
|
||||
|
Quote:
I currently have bt4pf installed on a vm machine and I obtained best results by using ettercap as the arp poisoning program (and sniffer, of course), thus eliminating the need for the extra program (arpspoof) while performing the attack. Try that out and post your results.
|
|
11-29-2009, 06:25 AM
|
|||
|
|||
|
well this stinks, basically got the same result as i got with arpspoof. I started ettercap with:
Code:
ettercap -T -M ARP -i eth0 /192.168.1.50/ /192.168.1.1/ Last edited by xander787; 11-29-2009 at 10:29 AM. Reason: Double Post
|
|
11-29-2009, 10:27 AM
|
||||
|
||||
|
Quote:
__________________
Please visit the new forums for any and all help with Back Track 4 Final. BackTrack-Linux is the new home.
|
|
11-29-2009, 02:01 PM
|
||||
|
||||
|
Quote:
|
|
11-29-2009, 08:19 PM
|
|||
|
|||
|
Yes I have enabled IP Tables. Here are all the commands i used from start to finish:
1. Turn on IP Forwarding: Code:
echo "1" > /proc/sys/net/ipv4/ip_forward Code:
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080 Code:
ettercap -T -M ARP -i eth0 /192.168.1.50/ /192.168.1.1/
|
|
11-29-2009, 11:25 PM
|
|||
|
|||
|
Edit:
Looks like the arp poison is taking on the physical adapter mac. The arp poison needs to have the virtual mac Verified by doing arp -n on the host (arp -a if windows). Also nmap -sP to the attacker ip from the victim. Anyone know how to have the arp from the virtual machine use the virtual mac ? I hit a wall... Can it be done with a static arp entry(would it go in the virtual host or physical I tried to play with this but so many options) ? proxy Arp ? tap interface in the virtual environment ? Answer has to be in getting the arp correct.... Anyone get this working ? I like the concept of running backtrack in a seemless virtualbox so I can use winders and still do pen/audit testing and not have to reboot. Thought my only limitation would be wireless testing..... ############# info below is before I figure out above ############# I'm having a hard time with this as well using virtual box and backtrack 4. I think I understand the concept of arp poisoning my theory is it's a virtual issue. Has anyone successfully arp poisoned a test physical box from a virtual attacker ? I can successfully attack from my physical eee laptop and the internet works on the victim. When I make the virtual box the attacker the physical has no internet access. From the victim I can ping the virtual attacker. I did an arp -n (linux) from the victim and the gateway mac and attacker mac are the same (successful poison). I can't ping/trace route anything external (using a verified pingable wan dns ip). I did the same procedure from the physical box as an attacker (using backtrack 4 and it works) then repeated the same procedure in a virtual backtrack 4 and it doesn't work (virtual is actually an image of the physical). I've played with ip forwarding and ip tables and doesn't seem to matter. I think the issue is the data is hitting the virtual box and not getting forwarded to the gateway to make it out the internet. Any tools/commands I can use to troubleshoot the attacker box to verify correct ip forwarding and traffic when mitm ? I've read all of the following, with the same issue and none seem to have a solution. I wish someone would just say you can't do mitm with virtual so I can stop banging my head  forums.remote-exploit.org/newbie-area/29183-backtrack-4-arpspoof-within-vmware-player.html forums.remote-exploit.org/wireless/29028-problem-ettercap-sslstrip-wlan-network-very-strange-my-internet-network-down.html forums.remote-exploit.org/newbie-area/29053-arpsoofing-vmware-guest-possible.html macshadows.com/forums/index.php?showtopic=8158]Ettercap: ARP poisoning does not allow victim to have internet - TSF - Mac Security Forums # talks about not doing ip forwarding (echo "1" > /proc/sys/net/ipv4/ip_forward) because ettercap does (last post) forums.remote-exploit.org/pentesting/9231-ettercap-arp-poisoning-question.html # ettercap manual says this as well linux.die.net/man/8/ettercap]ettercap(8) - Linux man page Last edited by kinchyle; 11-30-2009 at 08:21 AM.
|
|
11-30-2009, 09:24 AM
|
|||
|
|||
|
Just a thought, have you checked the network interface of your virutal box.. I know with VM you can set you network card as host, Bridge and NAT.. try setting it to Bridge, I have been able to using backtrack with Ettercap gui to sniff and poison the ARP.. but to be 100% honest I have mix results.
|
|
11-30-2009, 10:43 AM
|
||||
|
||||
|
Quote:
|
|
| Bookmarks |
| Tags |
| backtrack, hak5, sslstrip, vmware |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 12:32 AM.
