Closed Romska closed 3 years ago
Hi @Romska,
Can you confirm that the ARP spoofing is working? Are you able to MITM HTTP traffic with Bettercap targeting the Windows 10.
Thank you.
Yes, sure. In my first message I added a picture and on the top of it there is Wireshark with http filter. DC: 192.168.28.146 PC: 192.168.28.136 Attacker: 192.168.28.143 I also added file with traffic (traffic.txt) in the end.
Hi @Romska and sorry for the delay.
It seems that your ARP spoofing attack does not work. Where did you perform the Wireshark capture? After, I would start with a basic proof of concept with Bettercap to confirm that the MITM is working. Here some flags that will help to perform the attack:
Keep in mind that PyWSUS is simply a web server, the MiTM is a crucial part of the chain of exploitation. Thank you.
Hi! Thanks a lot for your research. Its really great. Tried to reproduce your results in lab environment and created a domain. It consists of two machines:
Started everything as in the video, but nothing seems to happen. Pywsus doesnt react after arp-spoofing and host update request. Tried to run server on both Kali and Parrot OS.
Never used to install wsus before. Dont know whats the problem. Maybe you can share your lab environment (stands) or suggest where to look for?
traffic.txt