nerdexam
EC-Council

312-50V11 · Question #981

Miley, a professional hacker, decided to attack a target organization's network. To perform the attack, she used a tool to send fake ARP messages over the target network to link her MAC address with t

The correct answer is C. BetterCAP. BetterCAP is a powerful network attack framework capable of performing ARP spoofing to associate an attacker's MAC address with a victim's IP, enabling man-in-the-middle interception.

Sniffing

Question

Miley, a professional hacker, decided to attack a target organization's network. To perform the attack, she used a tool to send fake ARP messages over the target network to link her MAC address with the target system's IP address. By performing this, Miley received messages directed to the victim's MAC address and further used the tool to intercept, steal, modify, and block sensitive communication to the target system. What is the tool employed by Miley to perform the above attack?

Options

  • AGobbler
  • BKDerpNSpoof
  • CBetterCAP
  • DWireshark

How the community answered

(31 responses)
  • A
    3% (1)
  • B
    3% (1)
  • C
    87% (27)
  • D
    6% (2)

Why each option

BetterCAP is a powerful network attack framework capable of performing ARP spoofing to associate an attacker's MAC address with a victim's IP, enabling man-in-the-middle interception.

AGobbler

Gobbler is a tool designed for DHCP starvation attacks that exhausts the DHCP address pool, not for ARP spoofing or man-in-the-middle interception.

BKDerpNSpoof

KDerpNSpoof is not a recognized or widely documented ARP spoofing tool used in professional penetration testing or hacking scenarios.

CBetterCAPCorrect

BetterCAP is an open-source, modular network attack and monitoring framework that includes full ARP spoofing/poisoning capabilities, allowing an attacker to broadcast forged ARP replies that map their MAC address to a legitimate IP address. Once the ARP cache of devices on the network is poisoned, traffic intended for the victim is redirected to the attacker, enabling interception, modification, theft, or blocking of communications. This precisely matches the scenario described, including the active man-in-the-middle capability.

DWireshark

Wireshark is a passive packet capture and protocol analysis tool - it can observe ARP traffic but cannot send forged ARP messages or perform spoofing attacks.

Concept tested: ARP spoofing tools and man-in-the-middle attacks

Source: https://www.bettercap.org/modules/ethernet/spoofers/arp.spoof/

Topics

#ARP spoofing#BetterCAP#MAC address spoofing#MITM attack

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice