Hands-On-Hacking "Misdirection"

Marc Neugebauer

I am not able to find the virtualbox machine "Misdirection" with my Kali vm.

Both adapters are set to bridged mode.
Windows10 and Rhel VMs are visible from my Kali.

When reading the description on the website it is not a static ip as in "Breach"

Is there any recommended setting for "Misdirection" in virtualbox or is it another problem?.

daniel-lowrie87

Greetings, @Marc-Neugebauer

Sorry to hear you're having issues. I'll need a bit more information before I can really help you.

What host-discovery techniques did you use in attempt to find the Misdirection box?

Cheers,
Daniel

Marc Neugebauer

Hello Daniel,

To be on the safe side I reinstalled Misdirection on Virtualbox (imported the OVF) - verified the SHA-1.
System Ubuntu 18.04.2 misdirection tty1 up and running.

Then I tried the following host-discovery techniques:

#nmap -sP 192.168.xxx.0/24
Nmap scan report for Windows10 (192.168.xxx.xxx)
Host is up (0.00036s latency).
MAC Address: (Oracle VirtualBox virtual NIC)
Nmap scan report for kali.fritz.box (192.168.xxx.xxx)
Host is up.
Nmap done: 256 IP addresses (8 hosts up) scanned in 2.61 seconds
(Made sure that "Misdirection" is not included in the scan results)

#nmap -sL 192.168.xxx.0/24
This scan showed up even machines from VulnHub /Virtualbox that I removed from Virtualbox already!?
Nmap scan report for severnaya-station.com (192.168.xxx.xx) /GoldenEye
Nmap scan report for Milburg-High.... (192.168xxx.xxx)

#nmap -sX [IP-Range]

#netdiscover -r 192.168.xxx.1/24
#nmap -sn 192.168.xxx.1/24
#nmap -sn -PA 192.168.xxx.1/24
#nmap -sn -PE 192.168.xxx.0/24
#nmap -sn -PO 192.168.xxx.0/24 --disable-arp-ping
#nmap -sn -PR 192.168.xxx.0/24
#fping -g [IP-Range]

#bettercap
->net.recon on
->net.show

#nmap -PS [IP-Range]

Tried advanced IP Scanner from Radmin with the same results.

Last but not least started "Misdirection" from VMware.

Powered on a random other VM which was discovered immediately

Are there invisible VMs?

Was not able to discover "Misdirection"

Rgds
Marc

daniel-lowrie87

Thanks for the info @Marc-Neugebauer

Let's start with something easy.

-sL simply lists targets to scan, but doesn't actually scan anything. SInce you used an IP range, you're seeing the list of IPs in that range and some of them are reporting the entries you made for those virtual machines in your /etc/hosts file

Now, to Misdirection...

If you have the Misdirection VM connected to your Bridged network, then your home router/AP would be the device that assigned the IP (unless you are using some other DHCP server).

That being the case, you should be able to login to your router/AP and see the IP assignments (most of these types of devices have a section so you can see IP assignment).

Look for the IP that is assigned to the Misdirection MAC address and you should be good.

If that doesn't work, then it is possible that the VM isn't getting an IP via DHCP. This is something that is very frustrating, but happens from time to time (speaking from experience). If that's the case you can look at walkthroughs for login creds and so you can login to the VM locally and fix the networking issues.

I hope that helps,
Daniel