MITM ( Man In the Middle attacks using Ettercap).
What is EtterCap:
Ettercap is an open source software Unix and Microsoft Windows tool for computer network protocol analysis and security auditing. It is capable of intercepting traffic on a network segment, capturing passwords, and conducting man-in-the-middle attacks against a number of common protocols.
What u need before you start:
Get a copy of ettercap from http://ettercap.sourceforge.net/
To capture packets you also need to install the pcap libirary which ettercap uses
Starting Ettercap:
goto terminal type sudo ettercap -G -n 255.255.255.0
This command will start Ettercap as root ‘G‘ switch denote that we are using ettercap with GUI based on GTK
ettercap_start
Start sniffing packets sniff->untitled sniffing->select interface->ok
Eg i have used eth0 for ettercap to sniff upon . Now ettercap Will moniter all traffic on that paticular interface.
Now scan for host using hosts->scan for hosts or simply ctrl + S Now what happens is ettercap send ARp Requests to all Host on the current subnet and Anyone responding to that are added to Host List from which you can later select targets
DHCP Spoofing:
Dynamic Host Configuration Protocol (DHCP) is a protocol used by networked devices (clients) to obtain the parameters necessary for operation in an Internet Protocol network. This protocol reduces system administration workload, allowing devices to be added to the network with little or no manual configuration.
The Dynamic Host Configuration Protocol (DHCP) automates the assignment of IP addresses, subnet masks, default gateway, and other IP parameters
When any DHCP enabled client wants such information the DHCP client sends a Broadcast query requesting necessary information from a DHCP server.If we are on a switched network or hubbed network Every host will recieve such packets(because of the udp packet is witrh the destination of subnet broadcast address)
Now as such Ettercap can intercept DHCP traffic and can spoof the DHCP response parameters and can assign any dead gateway IP to the victim to do a DOS attack or can simply assign his/her IP address as gateway and can intercept all traffic between any host and the victim
.
now to start DHCP spoofing MITM->DHCP spoofing
Select the IP Pool and netmask (usually 255.255.255.0) and DNS server (which can be diffrent or yours)
Now once a requested is made by any host on the network ettercap will send a fake response as if it was from the orginal server. Now u can run either a real gateway to intercapet more traffic which possibly can include passwords’ credit card num and bank account numbers or u can simply cause DOS against the victim.
-
Archives
- September 2008 (2)
-
Categories
-
RSS
Entries RSS
Comments RSS
