6.3 Sniffing MAC Spoof EH

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

9 hours 47 minutes
Video Transcription
I welcome back to the course. In the last video, we went over a tool called wire sharks. We used out to capture packets and then we talked a little bit about the different types of information. Once you capture the packets that it would produce, we also talked about some of the filters that you could use well,
and then finally, we ended the lab by basically saving our packet capture into a file in the making. Sure, it's angel dust up there.
So in this video, we're gonna talk about Mac spoofing, so we're gonna use a tool called Smack
to go ahead and spoof are Mac address. Now that's important as a penetration test her Or, you know, if you were a nefarious actor because you don't want attribution back to yourself. So as a penetration tester, you wantto make things murky so they can't trace it back to you and know that is you attacking the network.
And then, you know, if you were if you were a bad guy quote unquote bad guy or gale out there,
this obviously would allow you to remain somewhat anonymous. There are there are ways to ah track different things down here, but at least it's one tool in the arsenal to stay more anonymous.
So let's go ahead and get started.
So we want to make sure we're connected to the P lab. When 701 machine. We should still be connected to that from the last lap. If you're not, for some reason, just click on P Lab. When? 701
Next, we're gonna open Internet Explorer that we're gonna go into the Internet page and we're gonna select tools and then hacking tools. Let's go ahead and do that. So scroll down. Just launch Internet Explorer.
You see, it dumps us into the intranet page, and then we're going to select tools
and then we're gonna scroll down a little bit, and we're gonna select hacking tools right here.
All right, let's go back to our lab document here. So we see we want to look for this smack. 20 Underscore setup, Dottie XY file. So let's go ahead and track that one down. So we're looking for smack 20. Underscore
e x e.
So here we go smack 20. Underscore setup E X e Grand click on that.
Gonna give us a prompt at the bottom here. We're going to save run, and we're gonna get one more crop because it doesn't have a signature. So especially it's telling you. Hey, the publisher can't be verified, and we're just going to say we're under that as well. We want to install this tool.
So that's gonna launch the Wizard for us.
All right, so you'll see here. Step number five the Wizard has launched were basically just gonna use all the defaults we're gonna select next. Then we'll agree to the license agreement, and then we're gonna keep the defaults and select next, all the way through.
So let's go ahead and do that.
So we see we're here at the install wizard. We're going to say next here we have the license agreement. You can read through that if you want to. I'm just going to say I accept
again. We keep all the defaults. We're just going to say next
next because we do want to just stop short cut,
and then we're gonna say, next again, that's going to start the installation process.
All right, so now
we're at the button here. Where way? See the finish button, and then it's gonna launch the actual tools. Step number nine
we see is gonna launch the tool for us. So we're just gonna say finish there.
Now we get another license agreement. We're just gonna agree to that as well.
Let's go back to our lab documents. So we've agreed to the license agreement.
Now, step number 11. We get that registration box weeks we had just seen,
and we're to select a proceed button.
All right, so we're gonna select this middle button right here. That's gonna let us bypass that little screen there. All right, so now we've got our tool launched.
We can go ahead and close Internet Explorer in the background there. If you want, you can also leave it open. I'm gonna go ahead and close it. Just so it's a little easier to see the data we want to look at.
All right, let's go back to our lab document here. So we've opened it up. We've quick proceed at the registration page. Now we want to go ahead and select the nick car. That's got I d 0012
we see here. This one has i d 0012 So that's what we want to click on.
All right, So our next step, we're gonna click the random buttons, especially just gonna populate a random Mac address for us. So we select our 0012 here, we're gonna click on random and you'll see here it just generates a random Mac address. Now, since we're using basically the free reversion of this,
it's only gonna give us one real Mac address is gonna let us change the two of once proof Mac address.
But we're just gonna put random in here for now. And then you'll see what I'm talking about in just a moment.
So once we cook on random and generate a random Mac address for us,
our next step here
it's clicking the update Mack Button. And that's where we're going to see that it gives us a pop up saying, Hey, you know, you're only using the best of the evaluation mode. So this is the Mac address we'll give you.
So let's do that. Now let's click on update Mack,
we'll get that pop up. You see right here and again. That's the Mac address we get to use,
and we do want to just go ahead and change it. And we don't care what the Mac address is saying. We're just going to say yes to that.
All right, So we selected yes of the papa box
now under the I P address and Mac and asking me active Matt columns you're gonna see it's staying, disabling and then enabling. So you see, right here that 0012 showing, disabling.
And then it's gonna eventually show enabling here. So essentially, especially just restarting itself.
Alright, eventually that's gonna restart all the way. And then we're gonna get a pop up message that the adapter restart has completed. So we'll just go hang out here for a minute and the shooting start enabling in just a moment or so. And then we will get that papa bucks as well.
Now, there are other ways to a spoof from Mac address out there. We can do it from the command line on Callie. We could also use a lot of other tools out there that they would do the same thing for us. So it's more of a personal preference thing on what you want to use.
Andi, You see here on the screen there, it said, enabling. And now we get our pop up with that, the adopter has been restarted.
Okay, so we're just gonna say okay to that.
So let's look back at our lab document here. So question number one that we have here, we're gonna look under the spoofed Mac address box and that we're gonna look and see what the spoofed Mac addresses. So let's go ahead and do that. So we look under the spoofed Mac address box of this one right here. And then we noticed that this is Theseus Mac address. So if you remember
when we clicked on update Mack,
it told us like, Hey, you can only use this one because you're in the evaluation mode, which this is the one here. The serial Caesar will see, et cetera, et cetera.
So we see that's what it is. So, on our lab document, we would just type in here that actual Mac addresses your C dash C Dash C, and I'm getting the shift key. So that's why it's working weird there. So let's stop doing that. Zero. See, that'll look better.
Zero c and all the way through. We just typed out on all the way out there.
So in this video, we just talked about Mac spoofing again. The importance of it is tryto keep ourselves anonymous and avoid attribution. What if we're doing a pen tester or if we were, ah, criminal hacker and trying to get into stuff? Now again, there are a lot better ways than just spoofing a Mac address to keep yourself relatively anonymous.
Nothing's 100% especially his technology evolves,
But it is, Ah, good tool in the arsenal tohave.
So in the next module, we're gonna go over social engineering, so I'm going to go ahead and do a little social engineering reconnaissance in that module as well.
Up Next
Penetration Testing and Ethical Hacking

If the idea of hacking as a career excites you, you will benefit greatly from completing this training here on Cybrary. You will learn how to exploit networks in the manner of an attacker, in order to find out how protect the system from them. Those interested in earning their Certified Ethical Hacker (CEH) will want to start by taking this course

Instructed By