Real Scenarios #2: The Creepy Teacher [Part 1]

Your English teacher is a creep.

The way he looks at your girlfriend, the way he always spends ages with the girls in the class going over their work but not the boys, just the way he is.

You want to get rid of him, but you need some proof first.

Step 1: Fire Up Kali

If you can know for sure that he accesses inappropriate content online then you can start to put together a case for firing him.

So let's use this lunchtime to see what he's really up to on his laptop...

Step 2: Find His IP

You're going to execute a Man In The Middle attack, so let's scan the network using NMap like so:

nmap -sP 192.168.1.0/24

-sP means a Ping scan

192.168.1.0/24 is the range of IP addresses using CIDR notation.

Aha! His laptop that he uses in lesson has a sticker on the lid saying "English 7"!

In the scan report above we can see that english07 has the IP 192.168.1.66

Step 3: Execute MitM

Now we have his IP we can start our Man In The Middle attack.

First, let's enable IP forwarding so all his traffic can be routed through us. We'll use the echo command to put a "1" in the relevant file to enable the packets to be forwarded.

echo 1 > /proc/sys/net/ipv4/ip_forward

Now let's use Arpspoof to poison the ARP caches of the school router and his laptop, to intercept all his internet traffic.

Since we need to trick the router and his laptop into thinking we're the other, we need to simultaneously run two arpspoof commmands, so open two terminals and type one of the following in each:

• arpspoof -t 192.168.1.66 192.168.1.254
• arpspoof -t 192.168.1.254 192.168.1.66

Where 192.168.1.66 is his IP and 192.168.1.254 is the IP of the router.

You should see some feedback from arpspoof about what it's doing.

Step 4: Intercept

Now that all his internet traffic is being routed through us, we can see if he's accessing anything inappropriate, so let's open a terminal and type

• driftnet

which, as I'm sure you can guess, will fire up driftnet. This will allow you to see the images that he's viewing online.

As the images pop up on your screen, you can see that they are most definitely inappropriate for a school teacher! (I won't show you a screenshot as I wouldn't want to contaminate all your your pure minds)

Step 5: Success!

You now know that your teacher is a paedophile.

Next step: expose him!

In part 2 of this tutorial we'll cover how we go about trying to fire him without letting on that we've been sniffing about the school network...

Hope you enjoyed, thanks for reading.

img credits: tails.boum.org