To clarify:Task 2 should use Netwox 40 (not mentioned in the instruction)Task 3 should use Netwox 78 (placed wrong in the instruction)Task 4: create a file in the victim VM (e.g., $ touch new.txt) and use the session hijacking attack to delete it ($ rm *). Use screenshots to prove the attack is successful (before and after the attack on the same screenshot)Task 4&5: use "\r" before and after your malicious command ("\r command \r"). Find the hex code for the whole string ( e.g., "your command".encode('hex')). Then use the encoded data in your spoofed packet (--tcp-data "...").THE SCREENSHOTS MUST HAVE NO OTHER NAME. ONLY MY NAME IS ALLOWED.

To clarify:Task 2 should use Netwox 40 (not mentioned in the instruction)Task 3 should use Netwox 78 (placed wrong in the instruction)Task 4: create a file in the victim VM (e.g., $ touch new.txt) and...

1 answer below »

To clarify:

Task 2 should use Netwox 40 (not mentioned in the instruction)
Task 3 should use Netwox 78 (placed wrong in the instruction)
Task 4: create a file in the victim VM (e.g., $ touch new.txt) and use the session hijacking attack to delete it ($ rm *). Use screenshots to prove the attack is successful (before and after the attack on the same screenshot)
Task 4&5: use "\r" before and after your malicious command ("\r command \r"). Find the hex code for the whole string ( e.g., "your command".encode('hex')). Then use the encoded data in your spoofed packet (--tcp-data "...").
THE SCREENSHOTS MUST HAVE NO OTHER NAME. ONLY MY NAME IS ALLOWED.

Answered 2 days After Mar 03, 2023

Yash answered on Mar 05 2023

58 Votes

SOLUTION.PDF