Virtual Private Networks and Man In The Middle

The goal of the task is to configure a VPN server with the L2TP and PPTP protocols. Then, you will connect to the created VPN network and verify the communication. The attacker's goal is to obtain the user's VPN (PPTP) credentials via a Man In The Middle (MITM) attack using the ARP Poisoning (ARP Spoofing) method. The attacker uses the captured traffic and decrypts the VPN credentials (using the dictionary method).

What you will learn in the task

• Create a VPN server (L2TP and PPTP) on a MikroTik device.
• Connecting to a VPN network in a Windows OS environment.
• Basic scheme and execution of a MITM attack (ARP spoofing).
• Basic operations with the Bettercap application,
• Basic operations with the Wireshark application.
• Intercepting VPN PPTP communication.
• Decrypting VPN PPTP credentials (using the dictionary method).

The ongoing tasks are

• VPN Configuration
• VPN Setup
• Man-in-the-Middle Attack (MITM)
• VPN Traffic Capture and Compromise
• Password Decryption

Workstations are available within the task

• User (Victim) – Windows OS
• Attacker – Kali (Debian) OS
• Webserver – Ubuntu OS
• Management – ​​Xubuntu OS
• MikroTik

Network diagram

The time required for the lab task is max. 45 minutes.