Add mdns poisoning lab - cybersecurity

[5amu]

This PR:

• add a network scenario
• fix a network scenario

The network scenario name and topic

mDNS Poisoning - Cybersecurity

The network scenario description

This scenario has a server exposing a samba share and a victim trying to connect to it using user valerio. Both the victim and the server deploy an mDNS service to mimick a real life scenario that can be found in Active Directory environments.

• avahi-daemon is a service that grants mDNS capabilities to Linux machines
• smbd and nmbd are services deployed on server1 to serve share, which is a samba share that requires a NetNTLMv2 authentication, equally to smb shares on Windows
• victim1 tries to connect to server1, with a typo in the machine name (not required for Windows environments)

The attacker (attacker1) has a cybersecurity tool called responder in /root/responder/Responder.py which allows the user to poison the network with LLMNR, NBT-NS and mDNS responses in order to redirect floating traffic to itself, notably including authentication attempts.

The steps to test the network scenario

1. start the lab
2. connect to attacker1
3. run python3 /root/responder/Responder.py -I eth0 and wait around 5 seconds
4. ...
5. Profit!
   

[5amu]

To crack the hash, copy it to hash.txt, then, using hashcat

hashcat -m 27100 -O -w 3 hash.txt rockyou.txt

hashcat can be found here: https://hashcat.net/hashcat/
rockyou.txt is a famous wordlist, a shortened list can be found here: https://github.com/danielmiessler/SecLists/blob/master/Passwords/Leaked-Databases/rockyou-75.txt

[tcaiazzi]

Dear @5amu,

Apologies for the delay, and many thanks for your contribution! We really appreciate it.

The lab is almost ready—I’ve just added some comments.

In addition to those, I have one more request: Could you add a README.md inside the mdns-poisoning directory? The text from the PR description would be perfect for it. However, could you also:

• Add links to relevant technologies for better context.
• Expand the steps for testing the network scenario, explicitly showing the commands (you can refer to this README as an example).

Thanks again for your efforts! Looking forward to your updates.

[tcaiazzi]

Can you create a Dockerfile to install the required packages?

[tcaiazzi]

So that, at lab startup, devices already have all the required packages/repositories.

[tcaiazzi]

Same as before: please create Dockerfiles for the devices.

[tcaiazzi]

Same as before