قالب وردپرس درنا توس
Home / Tips and Tricks / How to intercept Ettercap passwords with ARP Spoofing «Null Byte :: WonderHowTo

How to intercept Ettercap passwords with ARP Spoofing «Null Byte :: WonderHowTo



ARP spoofing is an attack on an Ethernet or Wi-Fi network to get between the router and the target user. In an ARP spoofing attack, messages for the target are sent to the attacker instead, allowing the attacker to spy, refuse service, or staff a target. One of the most popular tools for carrying out this attack is Ettercap, which is pre-installed on Kali Linux.

On a normal network, messages are routed via Ethernet or Wi-Fi by linking the MAC address of a connected device to the IP address used to identify it by the router. This is usually done via an Address Resolution Protocol (ARP) message that indicates which MAC address of the device belongs to which IP address. It tells the rest of the network where to send the traffic, but it can easily be faked to change the way traffic is routed.

In an ARP spoofing attack, a program like Ettercap sends fake messages that attempt to get devices to associate the hacker's MAC address with the IP address of the target. If they are successful, they are temporarily stored in a configuration setting on other network devices. If the rest of the network instead starts delivering packets for the target to the attacker, the attacker effectively manages the data connection of the target.

Types of ARP spoofing attacks

There can be three primary results after an attacker initially achieves success in poisoning the ARP cache of other hosts on the network:

  • The attacker can spy on traffic. They can lurk in the shade and see everything the target user does on the network. It goes without saying.

Ettercap Graphical

One of the most intriguing programs installed by default in Kali Linux is Ettercap. Unlike many of the programs that are only command line, Ettercap has a graphical interface that is very beginner-friendly. Although the results can sometimes vary, Ettercap is an excellent tool for newcomers to master network attacks such as ARP spoofing. If you don't have it yet (like if you downloaded a light version of Kali), you can get it by typing the following in a terminal window.

  ~ # apt install ettercap-graphicical

Read package lists ... Ready
Build dependency structure
Read status information ... Done
ettercap-graphicical is already the newest version (1: 0.8.2-10 + b2). 

Ettercap is not the only tool for this, nor is it the most modern. Other tools, such as Bettercap, claim to do what Ettercap does, but more effectively. Ettercap, however, appears to be useful enough for our demonstration. The general workflow of an Ettercap ARP spoofing attack is to join a network that you want to attack, find hosts in the network, assign targets to a & # 39; targets & # 39; file, and then perform the attack on the targets.

Once we have done all of that, we can figuratively watch over the shoulder of the target while browsing the Internet, and we can even disconnect the websites from which we want to send them away. We can also perform various payloads, such as isolating a host from the rest of the network, refusing service by dropping all packages sent to them, or running scripts to try to downgrade the security of the connection.

Step 1: Connect to the network

The first step of ARP spoofing is to connect to the network that you want to attack. If you are attacking an encrypted WEP, WPA or WPA2 network, you must know the password. This is because we are attacking the network internally, so we need to be able to see some information about the other hosts on the network and the data passing through them.

You can connect to an ARP spoofing network in two ways. . The first is to connect via Ethernet, which is very effective, but not always practical and rarely subtle. Instead, many people prefer to use a wireless network adapter and perform the ARP spoofing via WiFi.

Step 2: Start Ettercap

In Kali, click & # 39; Applications & # 39; and then on & # 39; Sniff and Spoof & # 39; "followed by" ettercap-graphic. "You can also click on the" View applications "option in the dock and then search for and select" Ettercap ".

Once it is started, you need Ettercap main screen. You'll see the ghostly Ettercap logo and a few & # 39; s drop-down menus to start the attack in. In the next step we'll explore the "Sniff" menu.

at this point make sure that you have an active connection to the network before continuing.

Step 3: Select network interface to sniff

Click on the menu item & # 39; Sniffing & # 39; and then select & # 39; Unified sniffing & # 39; a new window will open asking you which network interface you want to browse in. You must select the network interface that is currently connected to the network you are attacking.

Now you see a text confirming that sniffing has started, and you have access to more advanced menu options such as Targets, Hosts, Mitm, Plugins, etc. Before we get started to use one of them, we must identify our goal on the network.

Step 4: Identify hosts on a network

To find the device that we want to attack on the network, Ettercap has a few tricks in store. First we can perform a simple scan for hosts by pressing & # 39; Hosts & # 39; and then & # 39; Scan for hosts & # 39; to click. A scan is performed and after it is completed, you can see the resulting hosts that Ettercap has identified in the network by pressing & # 39; Hosts & # 39; and then on & # 39; Hosts list & # 39; to click.

We can now see a list of targets that we have discovered on the network. Do you want to see what they do or limit the goals? Click on & # 39; View & # 39; and then on & # 39; Connections & # 39; to start browsing through connections.

Once in the display Connections you can filter the connections by IP address, connection type and whether the connection is open, closed, active or killed. This gives you a lot of snooping power, which can be expanded by clicking on "View" and then on "Resolving IP addresses". This means that Ettercap will attempt to resolve the IP addresses that other devices in the network connect to.

If you want to identify a target on a network and know what they are browsing, look over their shoulder to see which website they are on and link the website to an IP address with an active connection to the same website. Otherwise you can usually see this at the MAC address, because you can look it up online to see the manufacturer.

Step 5: Select hosts to target with ARP Spoofing

Now that we have identified our targets IP address, it's time to add them to a target list. As soon as we do this, we will tell Ettercap that we want to designate that IP address as an IP address that we want to pretend, so that we receive messages from the router that were meant to be sent to the destination. [19659002] Return to the "Hosts" screen and select the IP address of the target that you want to target. Click the IP address to highlight it, and then click "Targets" followed by "Target List" to see a list of devices that target ARP spoofing.

Step 6: Launch attack on targets

Click on the menu "Mitm" and select "ARP poisoning". " A pop-up opens and you select "Remote sniff connections" to start the sniffing attack.

Once this attack has started, you can intercept login credentials if the target user enters it on a website that does not use HTTPS. This can be a router or device on the network or even a website that uses poor security.

To try another attack, you can click on "Plug-ins" and then on "Load plug-ins" to display the plug-in menu. If you select the DOS attack, it starts dropping the packets to this target and closing their internet access.

Step 7: Try to intercept a password

Now let's try to intercept a password. A website that is great to test is aavtain.com, which deliberately uses poor security, so you can intercept login information. On the target device, navigate to aavtrain.com. After it is loaded, you will see a login screen where you can enter a false login and password.

Enter a username and password and click "Send". If Ettercap is successful, you should see the login and password appear on the attacker's screen!

In this result above, we can see that Ettercap successfully poisoned the ARP target and intercepted an HTTP login request that sent the target to an unsafe website.

ARP poisoning is a powerful tool with some limitations

The most important obvious limitation of ARP spoofing is that it only works if you are connected to a Wi-Fi network. This means that it works on open networks, but may not work well against networks with more advanced monitoring or firewalls that can detect this type of behavior.

ARP spoofing attacks are another example of why it is so essential to choose strong passwords for your networks and limit access to those you trust. You give away a lot of confidence when you give someone your network password or an Ethernet connection, so don't forget to choose your passwords carefully and with whom you share them.

I hope you like this guide for using the graphical version of Ettercap for ARP poisoning attacks! If you have any questions about this tutorial on ARP poisoning or you have a comment, do so below and feel free to reach me on Twitter @KodyKinzie .

Don't miss it: Prevent Your network from being faked ARP with shARP

Cover photo and screenshots by Kody / Null Byte




Source link