Add mdns poisoning lab - cybersecurity

[5amu]

This PR:

• add a network scenario
• fix a network scenario

The network scenario name and topic

mDNS Poisoning - Cybersecurity

The network scenario description

This scenario has a server exposing a samba share and a victim trying to connect to it using user valerio. Both the victim and the server deploy an mDNS service to mimick a real life scenario that can be found in Active Directory environments.

• avahi-daemon is a service that grants mDNS capabilities to Linux machines
• smbd and nmbd are services deployed on server1 to serve share, which is a samba share that requires a NetNTLMv2 authentication, equally to smb shares on Windows
• victim1 tries to connect to server1, with a typo in the machine name (not required for Windows environments)

The attacker (attacker1) has a cybersecurity tool called responder in /root/responder/Responder.py which allows the user to poison the network with LLMNR, NBT-NS and mDNS responses in order to redirect floating traffic to itself, notably including authentication attempts.

The steps to test the network scenario

1. start the lab
2. connect to attacker1
3. run python3 /root/responder/Responder.py -I eth0 and wait around 5 seconds
4. ...
5. Profit!
   

[5amu]

To crack the hash, copy it to hash.txt, then, using hashcat

hashcat -m 27100 -O -w 3 hash.txt rockyou.txt

hashcat can be found here: https://hashcat.net/hashcat/
rockyou.txt is a famous wordlist, a shortened list can be found here: https://github.com/danielmiessler/SecLists/blob/master/Passwords/Leaked-Databases/rockyou-75.txt