EvilZone

Hacking and Security => Hacking and Security => : L0pht April 12, 2015, 12:01:11 PM

: attack in a LAN
: L0pht April 12, 2015, 12:01:11 PM: Hello
i am present in a network that everyone connected to internet via a Pptp connection, how can i sniff traffics via dns / arp spoofing? when i run wireshark all of packets keeps ina a GRE tunnel...

and question 2: is there anyway to perform ARP spoofing that antiviruses not detect ?

thanks a lot
: Re: attack in a LAN
: d4rkcat April 12, 2015, 03:19:38 PM: is it your home network?
: Re: attack in a LAN
: reap- April 12, 2015, 09:58:01 PM: turn the Grumpy Resident Entropy to +12udB in Wireshark options. That will decrypt those pesky GRE packets.

good luck!
: Re: attack in a LAN
: L0pht April 13, 2015, 07:35:28 AM: thanks for answers:
is it your home network?
yes , a lab test.
turn the Grumpy Resident Entropy to +12udB in Wireshark options. That will decrypt those pesky GRE packets.
what is it? its a add-ons?
: Re: attack in a LAN
: P!X3LTR0N April 16, 2015, 07:36:13 AM: : L0pht April 13, 2015, 07:35:28 AM
thanks for answers:yes , a lab test.what is it? its a add-ons?

This might help you to understand what an "entropy" is:
https://wirewatcher.wordpress.com/2009/09/24/detecting-encrypted-traffic-with-net-entropy-part-two/
http://flylib.com/books/en/2.961.1.61/1/
Try playing with the options as reap said.

Pixel
: Re: attack in a LAN
: Spacecow April 18, 2015, 05:36:05 AM: : reap- April 12, 2015, 09:58:01 PM
turn the Grumpy Resident Entropy to +12udB in Wireshark options. That will decrypt those pesky GRE packets.

good luck!

This, also the fact your name is L0pht makes me sad :(
But I do recommend understanding the basics of networking, do that and you will be able to answer the question yourself.
: Re: attack in a LAN
: L0pht April 19, 2015, 04:58:37 PM: P!X3LTR0N
thanks man, it's new for me.
---------------------
Spacecow
i don't think it was basics of networking!! maybe you are so professional and blackhat! in order, I am looking for a new method for getting traffic!
arp/dns/side and all others are classic and traditional!
: Re: attack in a LAN
: P!X3LTR0N April 21, 2015, 07:13:25 AM: : L0pht April 19, 2015, 04:58:37 PM
P!X3LTR0N
thanks man, it's new for me.
---------------------
Spacecow
i don't think it was basics of networking!! maybe you are so professional and blackhat! in order, I am looking for a new method for getting traffic!
arp/dns/side and all others are classic and traditional!
Simple question, have you tried using ettercap to sniff these packets?
: Re: attack in a LAN
: L0pht April 21, 2015, 06:30:54 PM: yes man. but problem is : anti viruses detect arp spoofing attack! i want to do this attack silent without detection.
: Re: attack in a LAN
: P!X3LTR0N April 21, 2015, 06:52:07 PM: Doesn't ettercap have a silent mode? And as far as I know you are able to turn off ARP... You just change the option to disable MITM attacks and then you should be ok, because you should still receive packets...