How to Capture Traffic On Target System (Credentials)
Hacky Hack Concept
The article today is about capturing traffic on a target machine. The scenario we are playing out is this:
1. Attacker machine gains access to target through exploit
2. Attacker captures all traffic on target machine and automatically sends the data back to attacking machine
3. Desired traffic being captured is credentials
4. From target machine a user, who has no idea all traffic is being captured logs on to service (we are doing an FTP login)
Set up Lab Environment
For my lab environment I have configured it as follows.
a. M1 (Kali), M2 (metasploitable/primary target), M3 (metasploitable/ftp server)
b. All machines on a host only DHCP network
M1 start listener that will append all data received to a file called "creds.txt"
Now we need to generate traffic on M2 (target). We start by sending a few ICMP packets.
I closed the packet capture from the terminal running the metasploit exploit. Next I check if there is any data in the "creds.txt" file. Good news! there is! Let's open it up.
This next step can be done with grep just as easily, however I wanted the visual of leafpad. Additionally, like with any text editor ctrl + f is very useful for finding things.
I scroll down a few more packets and I can see my next favourite word "pass"