Being able to change your IP address and other network information is a useful skill because it will help you access other networks while appearing as a trusted device on those networks. For example, in a denial­-of­-service (DoS) attack, you can spoof your IP so that that the attack appears to come from another source, thus helping you evade IP capture during forensic analysis. This is a relatively simple task in Linux, and it’s done with the ifconfig command.

Step 01 : Changing Your IP Address

To change your IP address, enter ifconfig followed by the interface name. For example, to assign the IP address 192.168.226.111 to interface eth0, you would enter the following:

#ifconfig eth0 192.168.181.115

When you do this correctly, Linux will simply return the command prompt and say nothing. When you again check your network connections with ifconfig, you should see that your IP address has changed to the new IP address you just assigned.

Step 02 : Changing Your Network Mask and Broadcast Address

You can also change your network mask (netmask) and broadcast address with the ifconfig command. For instance, if you want to assign that same eth0 interface with a netmask of 255.255.255.0 and a broadcast address of 192.168.1.255, you would enter the following:

#sudo ifconfig eth0 192.168.226.112 netmask 255.255.0.0 broadcast 192.168.1.255

Step 03 : Spoofing Your MAC Address

You can also use ifconfig to change your MAC address. The MAC address is globally unique and is often used as a security measure to keep hackers out of networks . Changing your MAC address to spoof a different MAC address is almost trivial and neutralizes those security measures. Thus, it’s a very useful technique for bypassing network access controls. Here’s an example:

#sudo ifconfig eth0 down
#sudo ifconfig eth0 hwether 00:11:22:33:44:55
#sudo ifconfig eth0 up

Now, when you check your settings with ifconfig, you should see that the mac address has changed to your new spoofed IP address!

Step 04 : Assigning New IP Addresses from the DHCP Server

Linux has a Dynamic Host Configuration Protocol (DHCP) server that runs a a process that runs in the background called dhcpd. The DHCP server assigns IP addresses to all the systems on the subnet and keeps log files of which IP address is allocated to which machine at any one time. This makes it a great resource for forensic analysts to trace hackers with after an attack. For that reason, it’s useful to understand how the DHCP server works.

To request an IP address from DHCP, simply call the DHCP server with the command dhclient followed by the interface you want the address assigned to. Different Linux distributions use different DHCP clients, but Kali is built on Debian, which uses dhclient. Therefore, you can assign a new address like this:

#sudo dhclient eth0

Depending on the configuration of the DHCP server, the IP address assigned in each case might be different.

Post Views: 1,393
The following two tabs change content below.

Ruwantha Nissanka

Ruwantha Nissanka is a Professional Cyber Security Engineer from Sri lanka with having a demonstrated history of providing cyber security services for multiple organizations in Sri Lanka. He is a positive person who wants to believe the best in others and he likes to help, encourage people and make them feel good.