Today i would like to share a simple / old / educational method of sniffing passwords on a LAN ( Local Area Network).
4) Scroll right down to the Linux column. And unhash the two lines shown in the below picture/example.
6) Now on the ettercap GUI click on Start –> Start Sniffing.
7) Click on MitM –> Arp Poisoning.
8) When the prompt screen appears, tick on Sniff Remote Connections and click OK.
9) Now lets sit back and wait for activity in the server!
10) When you are done, click Start –>Stop Sniffing & stop MITM attack. You will notice the command ‘Re-Arping’on the bottom of your GUI. This means it is fixing up the network to make it look like it was before.
Special Note :
There are quite a few ways and tools out there designed to do this but to keep things simple and basic, we will be using from Backtrack 5.
Below i will show you a basic method to use etternet with arp poisoning as Mitm attacks on a LAN. This will allow you to sniff HTTP, FTP, TELNET, POP usernames and passwords.
%nbsp;
Updating Ettercap :
%nbsp;
Updating Ettercap :
1)Open terminal and type “sudo apt-get update” and wait for it to finish loading.
2)Next type “apt-get install ettercap”
3)Lastly, type “apt-get install ettercap-gtk
Preparation :
2)Next type “apt-get install ettercap”
3)Lastly, type “apt-get install ettercap-gtk
Preparation :
1) Lets open up a terminal and type in “locate etter.conf” and you will be presented with a similar screen as shown below.
2) Next type, “nano /etc/etter.conf”.
3) Ok so now to give ettercap root privileges we will have to change the ec_uid & ec_gid to a value of 0. So the final outcome would be :
2) Next type, “nano /etc/etter.conf”.
3) Ok so now to give ettercap root privileges we will have to change the ec_uid & ec_gid to a value of 0. So the final outcome would be :
ec_uid = 0 # nobody is the default
ec_gid = 0 # nobody is the default
ec_gid = 0 # nobody is the default
4) Scroll right down to the Linux column. And unhash the two lines shown in the below picture/example.
#--------------- # Linux Before Mdofication #--------------- # if you use ipchains: #redir_command_on = "ipchains -A input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport" #redir_command_off = "ipchains -D input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport" # if you use iptables: #redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport" #redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport" #--------------- # Linux after Modification #--------------- # if you use ipchains: #redir_command_on = "ipchains -A input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport" #redir_command_off = "ipchains -D input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport" # if you use iptables: redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport" redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
5) Once you have completed and checked your modifications. CLick Ctrl-X (to exit), then press Y (Yes to save) and lastly press the Enter key.
6) Type in “Clear” to clear up your messy terminal. Cleanliness is next to Godliness. Congratulations, we are done with the boring stuff.
Lets Begin :
Lets Begin :
1) Open up a terminal and type ettercap -G.
%nbsp;
2) On the new GUI that appears, click Sniff –> Unified Sniffing.
3) Now go to “Hosts” and click on “Scan for hosts” .
4) Next you will be prompted for your Network Interface (Shown Below). Choose your interface and press the Enter key.
5) You will see the GUI scan the whole netmask for 255 hosts and present you with a little message like this :
%nbsp;
2) On the new GUI that appears, click Sniff –> Unified Sniffing.
3) Now go to “Hosts” and click on “Scan for hosts” .
4) Next you will be prompted for your Network Interface (Shown Below). Choose your interface and press the Enter key.
5) You will see the GUI scan the whole netmask for 255 hosts and present you with a little message like this :
Randomizing 255 hosts for scanning…
Scanning the whole netmask for 255 hosts…
1 hosts added to the hosts list…
6) Now on the ettercap GUI click on Start –> Start Sniffing.
7) Click on MitM –> Arp Poisoning.
8) When the prompt screen appears, tick on Sniff Remote Connections and click OK.
9) Now lets sit back and wait for activity in the server!
2.5 mins later…………..Voila! It shows we have username and passwords of hotmail.com, twoo.com, eurospot.com.
10) When you are done, click Start –>Stop Sniffing & stop MITM attack. You will notice the command ‘Re-Arping’on the bottom of your GUI. This means it is fixing up the network to make it look like it was before.
Special Note :
1) Ettercap takes a little tweaking on different systems to get it going smoothly, so if this method does n0t work for you. Just mess around with it, through mistakes you will learn more 
2) This tutorial was intended to explain mass network sniffing as i had no victims at hand.
3) This is for education purposes only, please do not harm the innocent.
COMMENTS