Chapter 5: MitM arp.p

[3fl0w]

First Off, Love the book and lab!

So throwing the ARP aux.poisoning result in the error of Msf::OptionVaildateError etc etc RHOSTS I know the RHOSTS should be set. It's not explained in the book. Also the IP address discovery of ping vic1.lab doesn't resolve for me. additional thought: I know the IP add can be discovered by the GUI with a mouse however vic1 isn't discovered through enumeration. How would i gather the exist of vic1.lab without the GUI? i wouldn't know to ping vic1.lab either. I'm sure the solution to my problem is a google search away with the whole RHOSTS thing. I'm assume the target address range = RHOSTS (should be obvious 10.0.0.0/24, but i self-doubt) ;(

[3fl0w]

Well, I've tried it many different ways and i must be doing something wrong. RHOST as 10,0,0,0 as 192.100.200.0 as false (had high hopes for that one, but nope) Doesn't seem to be a way to not REQ it.

[3fl0w]

If I find out that i have to press the start mitm button on the right to make this work which was not specified in the book i SWEAR I AM GOING TO.................... be so relieved ;)

[3fl0w]

:(

[w4sp-book]

Excellent question regarding enumeration, that should have been added to the book :/ Usually what you would do in the real world is run an nmap scan across your subnet to try and identify interesting hosts. So something like nmap —top-ports 100 192.100.200.0/24 to scan the range for the top 100 most common ports.

So the “start mitm” button will simulate as if you have your computer physically connected to a victim and the rest of the network (so you have two NICs, one connected to a victim and another connected to the network).

Have run into this failed to validate issue recently with metasploit. Luckily ARP poisoning was one of the few things I actually wrote a test for, check out this metasploit rc script and see if using these commands makes it work (make sure you swap DHOSTS with the IP of vic1 and LOCALSIP with the IP of the w4sp_lab interface) https://github.com/w4sp-book/w4sp-lab/blob/master/tests/arp/arp.rc

[3fl0w]

OUTSTANDING! "set BIDIRECTIONAL true" WORKED which makes sense! The RHOSTS does still need to be set though... I used the " set RHOSTS 10.0.0.0 " Thank you so much! I've learned so much already!

[amnotgcs]

@3fl0w Ok, I think that you had done this installation of the lab.Could you share you lab file so that i can use the file to cross installation. Thinks a lot.