ETTERCAP
Ettercap is said to be the Swiss army knife of network-based attacks. With ettercap, you can perform different types of ARP spoofing attacks. In addition, it has lots of interesting plug-ins you can use. I would recommend you to use ettercap over arpspoof and other tools in the dsniff toolset because it has more features and you can do pretty much any task with ettercap, to accomplish which you will need multiple tools in dsniff.
ARP POISONING WITH ETTERCAP
Let’s start by performing an ARP poisoning attack with Ettercap. Just follow these steps:
Step 1—Launch ettercap by executing the following command:
root@bt:#ettercap –G
root@bt:#ettercap –G
Step 2—Next, click on the “Sniff” button at the top and then “Unsniffed bridging” and finally select your appropriate interface.
Step 3—Next, click on “Host List” at the top and click on “Scan for host.” It will scan the whole network for all live hosts.
Step 4—Once the scan is complete, from the hosts menu, click on “Hosts List.” It will display all the hosts that it has found within your network.
Step 5—Next, we need to choose our targets. In this case, I would like to perform sniffing
between my victim host running Windows XP machine on 192.168.75.142 and our default
gateway 192.168.75.2. We will add 192.168.75.142 to target 1 and add 192.168.75.2 to
target 2.
between my victim host running Windows XP machine on 192.168.75.142 and our default
gateway 192.168.75.2. We will add 192.168.75.142 to target 1 and add 192.168.75.2 to
target 2.
Step 6—Next click on the “MITM” tab at the top and click on “ARP Poisoning” and then click “Ok” to launch the attack.
Step 7—From the following screenshot, you can see that we are capturing all the traffic going to and from the default gateway and the victim.
Step 8—Finally click on “Start sniffing,” and it will start sniffing the traffic. We can check if ARP cache has been successfully poisoned by using the “chk _ poison” plug-in from Ettercap.
To use this plug-in, click on the plug-ins menu at the top, and it will display several plug-ins:
To use this plug-in, click on the plug-ins menu at the top, and it will display several plug-ins:
Just double-click on the “chk _ poison” plug-in, and it will tell you if poison is successful.
It will show you the following output:
It will show you the following output:
Next, we can use Wireshark to capture all the traffic between the victim’s machine and the
default gateway like we did earlier.
We can also launch a denial-of-service attack, which I talked about earlier, by using the
“dos _ attack” plug-in. Another interesting plug-in is “auto _ add,” which will automati-
cally add any new targets it finds on your network.
default gateway like we did earlier.
We can also launch a denial-of-service attack, which I talked about earlier, by using the
“dos _ attack” plug-in. Another interesting plug-in is “auto _ add,” which will automati-
cally add any new targets it finds on your network.
No comments:
Post a Comment