Add mdns poisoning lab - cybersecurity #54
Conversation
|
To crack the hash, copy it to hashcat -m 27100 -O -w 3 hash.txt rockyou.txt
|
There was a problem hiding this comment.
Dear @5amu,
Apologies for the delay, and many thanks for your contribution! We really appreciate it.
The lab is almost ready—I’ve just added some comments.
In addition to those, I have one more request: Could you add a README.md inside the mdns-poisoning directory? The text from the PR description would be perfect for it. However, could you also:
- Add links to relevant technologies for better context.
- Expand the steps for testing the network scenario, explicitly showing the commands (you can refer to this README as an example).
Thanks again for your efforts! Looking forward to your updates.
There was a problem hiding this comment.
Can you create a Dockerfile to install the required packages?
There was a problem hiding this comment.
So that, at lab startup, devices already have all the required packages/repositories.
There was a problem hiding this comment.
Same as before: please create Dockerfiles for the devices.
This PR:
The network scenario name and topic
mDNS Poisoning - Cybersecurity
The network scenario description
This scenario has a server exposing a samba share and a victim trying to connect to it using user
valerio. Both the victim and the server deploy an mDNS service to mimick a real life scenario that can be found in Active Directory environments.avahi-daemonis a service that grants mDNS capabilities to Linux machinessmbdandnmbdare services deployed onserver1to serveshare, which is a samba share that requires a NetNTLMv2 authentication, equally to smb shares on Windowsvictim1tries to connect toserver1, with a typo in the machine name (not required for Windows environments)The attacker (
attacker1) has a cybersecurity tool called responder in/root/responder/Responder.pywhich allows the user to poison the network with LLMNR, NBT-NS and mDNS responses in order to redirect floating traffic to itself, notably including authentication attempts.The steps to test the network scenario
attacker1python3 /root/responder/Responder.py -I eth0and wait around 5 seconds