Security代写 | Assignment 0x04 – Network A!acks & Web Security


Part I
1. (3 points) DHCP A”ack 1
Another type of a!ack that was not included in the workshop is DHCP (dynamic host configura”on protocol) based
a!acks. Do a bit of research into how DHCP works and about some DHCP a!acks and answer the following ques”ons.
1. What are the 4 packets (messages) that are communicated between the client seeking and IP address and the DHCP
2. Are the 4 messages Layer 2 unicast or broadcast (be careful not to confuse between Layer 3 broadcast, which is
sending to an IP broadcast address like, as opposed to Layer 2 broadcast which is sent to MAC address
3. Therefore, in a switched network, which of the 4 messages in the DHCP nego”a”on would the a!acker be able to
4. Briefly explain what DHCP spoofing and DHCP starva”on a!acks are executed, and how the two can be used in
5. For an adversary looking to perform MITM, which DHCP configura”on op”on(s) would you try to manipulate?
6. Briefly explain how “DHCP snooping” configura”on in a switch work to prevent DHCP spoofing?
2. (2 points) DHCP A”ack 2
1. In your VirtualBox, change the Network se#ng to Promiscuous Mode = Allow Any on both Kali and DSL.
2. Run Wireshark on Kali (on eth0) and restart DSL
3. Capture the 4x DHCP messages between DSL and DHCP server ( on Wireshark and take a screenshot.
4. Repeat while simula”ng a switched network (set Promiscuous Mode = Deny) and capture the 2x DHCP messages.
You should not need to reboot Kali a$er changing the network se#ngs, but you do need to reboot DSL to refresh
** Due to the erroneous implementa!on of the virtual DHCP server, you will probably see 4 messages (same result as 2-3
above, instead of 2 that you are expec!ng. That’s OK — please state the results you get. This is op!onal ac!vity, but you
can try doing the experiment in your home network with Kali running in “bridged mode”. If your mobile phone is connected
to the same WiFi network, “forget” the connec!on and re-connect.
3. (3 points) DHCP A”ack 3
1. Keep Wireshark running on Kali.
2. Use E!ercap’s DHCP spoofing func”on to demonstrate how you can supply the vic”m (DSL) with a rogue DNS
server, to make it easy for the a!acker to spoof DNS replies. Try to perform DHCP spoofing to inject DNS server of
3. Reboot DSL and confirm that DNS has been poisoned by looking at /etc/resolv.conf. Take a screenshot (do cat
4. Go to Wireshark, and iden”fy the REAL DHCP ACK (coming from the MAC address) and FAKE DHCP ACK
(from the Kali MAC address) being sent to DSL. Take a screenshot.