nitbx
commented
3 years ago Hi @Romska,
Can you confirm that the ARP spoofing is working? Are you able to MITM HTTP traffic with Bettercap targeting the Windows 10.
Thank you.
Closed Romska closed 3 years ago
nitbx
commented
3 years ago Hi @Romska,
Can you confirm that the ARP spoofing is working? Are you able to MITM HTTP traffic with Bettercap targeting the Windows 10.
Thank you.
Romska
commented
3 years ago Yes, sure. In my first message I added a picture and on the top of it there is Wireshark with http filter. DC: 192.168.28.146 PC: 192.168.28.136 Attacker: 192.168.28.143 I also added file with traffic (traffic.txt) in the end.
nitbx
commented
3 years ago Hi @Romska and sorry for the delay.
It seems that your ARP spoofing attack does not work. Where did you perform the Wireshark capture? After, I would start with a basic proof of concept with Bettercap to confirm that the MITM is working. Here some flags that will help to perform the attack:
Keep in mind that PyWSUS is simply a web server, the MiTM is a crucial part of the chain of exploitation. Thank you.
Hi! Thanks a lot for your research. Its really great. Tried to reproduce your results in lab environment and created a domain. It consists of two machines:
Started everything as in the video, but nothing seems to happen. Pywsus doesnt react after arp-spoofing and host update request. Tried to run server on both Kali and Parrot OS.
Never used to install wsus before. Dont know whats the problem. Maybe you can share your lab environment (stands) or suggest where to look for?