Linkcat - A Brahmastra for security professionals
Author - Harshal Chandorkar
A few days back my mentor asked me to read a book “Stealing the
network”. When I started, it first appeared as I am in some fantasy
world. I was wondering should I take a step further see if everything
written there is true? What if every command that is given there
actually works as they say. With that excitement I couldn’t wait a minute
longer, I did a small experiment that was used as a real hack in one of
the chapters of the book.
The set-up I have is as under:
1. A VM running Kali Machine [IP 10.0.1.199]
2. Ubuntu box working as a gateway
(this is required as we need to sniff traffic, this can be achieved in
various ways however i did it this way. [10.0.1.2]
Tools required:
1. linkcat
2. netcat
3. etherape
4. links web browser (for testing purposes only)
Step 1: On your gateway machine install linkcat tool and then proceed to see if the linkcat is working:
root@fw:~# lc -l eth1
Your output should be something like above.
Step 2: Pipe the output of linkcat
to netcat: We are doing this because we want to push the traffic from
our gateway machine to kali box just so that we can analyze the traffic.
root@fw:~# lc -l eth1 | nc -l 10.0.1.2 2000
The output would look like its stuck. This means basically that the linkcat output is being piped to netcat on port 2000.
Step 3: On your Kali Machine connect to the gateway ip with netcat
root@kali:~# nc 10.0.1.2 2000
Above shows set up is working.
Step 4: Now on your Kali Box create another interface:
Your ifconfig -a should give you following screen:
Step 5: Assign an ip address to the interface:
root@kali:~# ifconfig dummy0 inet 11.12.13.14 netmask 255.255.255.254
root@kali:~# ifconfig -a
dummy0 Link encap:Ethernet HWaddr 9a:1d:7e:e1:8e:b5
inet addr:11.12.13.14 Bcast:11.255.255.255
Mask:255.255.255.254
inet6 addr: fe80::981d:7eff:fee1:8eb5/64 Scope:Link
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:2287 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:858822 (838.6 KiB)
Step 6: Pipe the netcat output to the dummy interface on Kali box
root@kali:~# nc 10.0.1.2 2000 | lc -m dummy0
Step 7: Fire up etherape if you dont have etherape you can install it.
You should see something like interstar gallactica
Use more options of etherape to sniff the traffic.
This is all folks, one of the lessons that I learnt. You will see more tutorials on what I learnt using linkcat soon.