|
  |
|
|
Lame Password Sniffing in Windows
---------------------------------------------------------------
Using Windows for Lame Exploits
An introduction to packet sniffing (Man in the middle attacks)
by welshywoo
welshywoo [at] hotmail [dot] co [dot] uk
---------------------------------------------------------------
Introduction: Sniffing, or packet sniffing is the technique of intercepting data as its cruising around the LAN. The art is finding the interesting, useful data, such as unencrypted passwords, information that is being submitted to websites, instant messaging conversations, web activity etc etc. Programs like Cain and Abel are packet sniffers because they intercept the data, but automatically extract useful information such as passwords and usernames and web activity. Although this speeds up the process, it doesn't allow you full control to read all the packets available.
However, this isn't a tutorial on how networks work or what packet sniffing actually is. But here are the basics: Information is sent over a network from computer to computer in bits of grouped data called packets. These packets contain the destination of the data, where the data originated from and of course the data itself. How the packet itself is constructed is usually down to the protocol it uses. Although learning the structure of individual protocols is unnecessary. What is necessary is that you understand what a packet is, and what it contains before using a program like Cain and Able to automatically extract data for you ( not that this isn't a whole lot easier). My favorite packet sniffer is Wireshark, and is available for both Windows and Linux, although iv always had trouble with the Windows port. To fully understand packet sniffing and what packets contain download wireshark and start sniffing! Programs like Cain are good for dirty hacks but their not powerful, and most importantly, you dont LEARN anything! You should know that computers on a network are usually connected via a hub or a switch. Hubs should never ever ever be used EVER(in my opinion anyway :=P). When a hub receives a packet to send to another computer it will not route the packet to the right computer but to ALL computers on the lan! Meaning that when your unencrypted MSN password, or password for your favorite bulletin is submitted on your computer, the hub will sell that plain-text password to every computer on the lan. Of course a big box isnt going to pop up on your brothers computer telling him your porn site password, but to anyone running a packet sniffer, the information is EASILY available. So BASICALLY: When you want to sniff on a HUB, you don't really have to do ANYTHING, and you can sniff everybody.
At the same time.
WITH EASE However, when you want to sniff on a switch it gets a little more complicated, but im willing to explain it for the sake of you nooobies :-P
The TCP/IP protocol uses whats called ARP, or Address Resolution Protocol. BASICALLY every computer on the network will have an ARP cache, and in this cache will be IP addresses and what MAC address the IP is assigned to. So when your switch wants to send a packet to a computer, it will send out an arp packet to the broadcast mac address (so everybody receives it) that basically says. WHERE THE FUCK IS THIS IP?
And the computer that owns the ip will send back a packet with its own MAC address in saying. HEY DUDE THATS MY IP! HERES MY MAC ADDRESS.
The switch then stashes this IP address along with the associated MAC address in its ARP cache so whenever it needs to send data to that computer. It can do. HOWEVER?!?!?!? What if computer A was trying to access the internet. And computer B is a l33t h4x0r trying to prove himself to his mates by robbing some passwords. Computer B could send packets to the switch saying HEY DUDE (computer A's ip address) THATS MY IP! HERES MY MAC ADDRESS. And then simultaneously send packets to computer A saying, HEY DUDE (SWITCHES ip address) THATS MY IP! HERES MY MAC ADDRESS. Originally the connection would be as so : Switch ------ Computer A Now after some l33t packet crafting the connection will be : Switch------Computer B--------Computer A All the data that was originally going straight from the network switch to Computer A is now being diverted through computer B :-)
At which point our l33t h4x0r will be able to see any plain text passwords, (which is ALOT) and all internet activity that is happening. This attack is incredibly easy to reproduce with tools such as Cain and Abel, the real skill is in doing it manually.
Check out the following video I made as an example to setting up a Man In the Middle sniffing attack with Cain and Abel and collecting some useful data. Here are the video links : Man in the middle attacks with cain - The tutorial to this video, sniffing with cain. Dns Spoofing with Cain - An extra tutorial on spoofing dns requests with Cain.
|
Cain and Abel
No reactions yet.
Please login or sign up to rate this intel.
Please login or sign up to add a comment.
Well documented information, but none the less interesting reading.
The copyright for this content entitled "Lame Password Sniffing in Windows" has been specified by the contributor as:
All Rights Reserved
This content may not be copied, distributed or adapted by anyone under any circumstances.
|
 |
May, 2012
2008
January, February, March, April, May, June, July, August, September, October, November, December
2009
January, February, March, April, May, June, July, August, September, October, November, December
2010
January, February, March, April, May, June, July, August, September, October, November, December
2011
January, February, March, April, May, June, July, August, September, October, November, December
2012
January, February, March, April, May
|
|
Not a member yet?
Qondio is a powerful network for making it online. If you have a website to
promote, we can help.
Sign up and get in on the action.
|
|
Welcome to Qondio! Discover the awesome power this network can deliver by going to our About page. Or you could skip straight to the Sign Up form.
|
|
