Subject: Re: ettercap anyone?
From: Cdowns (cdowns@lifeatzero.com)
Date: Mon Dec 03 2001 - 17:23:35 MST
More, the only thing is that if you are on a swtiched network you will need to
do a MITM attack in order to grab all user and passwd's that cross that subnet.
Just be wise to how you do this as everything could come to a crawl. I have
done this in testing situations and it is really noticable when you are trying
to snoop out a SSL connections. If you really want to do this you may consider
ARP spoofing another machine before you do so, Obviously pick someones machine
that doesnt know crap :) I have written a ARP spoof tool at
http://angrypacket.com check it out.
~>D
Cdowns wrote:
> this is the easy way with ngrep
>
> scumbag# ngrep -wiA2 'user|pass'
> interface: xe0 (192.168.20.0/255.255.255.0)
> match: ((^user|pass\W)|(\Wuser|pass$)|(\Wuser|pass\W))
> #####
> T 192.168.20.118:3185 -> 64.39.89.37:110 [AP]
> USER scumbag..
> #
> T 64.39.89.37:110 -> 192.168.20.118:3185 [A]
> #
> T 64.39.89.37:110 -> 192.168.20.118:3185 [AP]
> +OK ..
> #
> T 192.168.20.118:3185 -> 64.39.89.37:110 [AP]
> PASS P71ZpXcr77d..
> #
> T 64.39.89.37:110 -> 192.168.20.118:3185 [AP]
> +OK ..
> #
> T 192.168.20.118:3185 -> 64.39.89.37:110 [AP]
> STAT..
> #######
>
> ~>D
>
> Reid Anderson wrote:
>
> > using ettercap, I get told that I can't ARP myself! I would like to do
> > this to myself before anyone else...
> >
> > On Monday, December 3, 2001, at 06:42 PM, Cdowns wrote:
> >
> > > all you have to do is select the src as the machine you want to grab (
> > > password ) and then dest as the gateway and hit "a" (for APR becuase
> > > you
> > > will need to poison the ARP cache of both machines on the keyboard) sit
> > > back and wait. Cake walk. you could also use ngrep which will do this
> > > very
> > > easily.
> > >
> > > ~>D
> > >
> > > Reid Anderson wrote:
> > >
> > >> Has anyone used ettercap before? It is a packet sniffer that I am
> > >> trying
> > >> to use to prove to our silly College Email Admins that we need to use
> > >> secure email passwords and that our web based email system is highly
> > >> unsecure. I am trying to packet sniff my own machine first (it's a
> > >> little more legal that way) and then I might just get the email admins
> > >> password and send her a message from herself! Anyway, If anyone has
> > >> used
> > >> ettercap (or any other packet sniffer that might run under OS X), could
> > >> you please tell me a little more about using it other than what it has
> > >> in ettercap --help. I have been able to view thge html code being
> > >> viewed by many people, but only within my own subnet 150.209.130.x
> > >> but I
> > >> would like to be able to see outside my subnet to the general domain
> > >> 150.209.x.x. Any help would be greatly appreciated!
> > >>
> > >> Thanks
> > >> Reid Anderson
> > >> resander@cs.hamilton.edu
> > >
This archive was generated by hypermail 2a24 : Mon Dec 03 2001 - 17:45:51 MST