MITM & Sniffing Password Cracking Tools

How To Sniff Passwords Using Ettercap ? [MITM Series : 5]

Welcome Back to all my Hackers and Geeks
Here, In this Article You are going to Know the complete synopsis of Ettercap.

Ettercap

One of the most famous and used tool to perform Man-in-the-middle attack for those who do not like Command line interface, ettercap-gtk provides a graphical interface for beginners.

While most of the users treat Ettercap only for Man in the middle attack, this tool can also perform many tasks other than that, like DOS a target e.t.c.

To access Ettercap in Kali Linux

1.Click on Applications on the top of menu bar.

ettercap

 

2.Go to Sniffing & Spoofing, where you will find Ettercap.

 

3.Click on sniff and select Unified Sniffing and select the interface you want to sniff packets on.

UNIFIED, this method sniffs all the packets that pass on the cable.

The packet not directed to the host running ettercap will be forwarded automatically using layer 3 routeing.

So you can use an MITM attack launched from a different tool and let ettercap modify the packets and forward them for you

 BRIDGED, it uses two network interfaces and forwards the traffic from one to the other while performing sniffing and content filtering.

This sniffing method is totally stealthy since there is no way to find that someone is in the middle of the cable.

You can look at this method as an MITM attack at layer 1.

You will be in the middle of the cable between two entities.

Don’t use it on gateways or it will transform your gateway into a bridge.

 

4.Go to plugins and Load manage.

Here you will find all the plugins of ettercap preinstalled.

 

Below is the description on the plugins pre-installed in Ettercap:-

1.ARP_Cop

It reports suspicious ARP activity by passively monitoring ARP requests.

It can report ARP poisoning attempts or simple IP-conflicts or IP-changes.

If you build the initial host list the plugin will run more accurately.

2.Auto add

It will automatically add new victims to the ARP poisoning MITM attack when they come up.

It looks for ARP requests on the LAN and when detected it will add the host to the victim’s list if it was specified in the TARGET.

3.chk_poison

It performs a check to see if the arp poisoning module of ettercap was successful.

It sends spoofed ICMP echo packets to all the victims of the poisoning pretending to be each of the other targets.

If we can catch an ICMP reply with our MAC address as a destination it means that the poisoning between those two targets is successful.

It checks both ways of each communication.

4.Dns_spoof

This plugin intercepts DNS query and replies with a spoofed answer.

You can choose to which address the plugin has to reply by modifying the etter.dns file.

5.dos_attack

This plugin runs a DOS attack against a victim IP address.

It first “scans” the victim to find open ports, then starts to flood these ports with SYN packets, using a “phantom” address as source IP.

Then it uses fake ARP replies to intercept packets for the phantom host.

When it receives SYN-ACK from the victim, it replies with an ACK packet creating an ESTABLISHED connection.

You have to use a free IP address in your subnet.

6.dummy

Only a template to demonstrate how to write a plugin.

7.find_conn

A simple plugin that listens for ARP requests to show you all the targets a host which wants to talk to. It can also help you find addresses in an unknown LAN.

8.find_ettercap

Try to identify ettercap packets sent on the LAN. It could be useful to detect if someone is using ettercap.

9.find_ip

Find the first unused IP address in the range specified by the user in the target list.

Some other plugins (such as gre_relay) need an unused IP address of the LAN to create a “fake” host.

It can also be useful to obtain an IP address in an unknown LAN where there is no DHCP server.

10.Finger

Uses the passive fingerprint capabilities to fingerprint a remote host.

It does a connect() to the remote host to force the kernel to reply to the SYN with an SYN+ACK packet.

The reply will be collected and the fingerprint is displayed.

11.finger_submit

Use this plugin to submit a fingerprint to the ettercap website.

If you found an unknown fingerprint, but you know for sure the operating system of the target, you can submit it so it will be inserted in the database in the next ettercap release.

12.Isolate

The isolate plugin will isolate a host from the LAN.

It will poison the victim’s arp cache with its own mac address associated with all the host it tries to contact.

This way the host will not be able to contact other hosts because the packet will never reach the wire.

13.Rand_flood

Floods the LAN with random MAC addresses.

14.repoison_arp

It solicits poisoning packets after broadcast ARP requests (or replies) from a poisoned host.

For example, we are poisoning Group1 impersonating Host2.

If Host2 makes a broadcast ARP request for Host3, it is possible that Group1 caches the right MAC address for Host2 contained in the ARP packet.

This plugin re-poisons Group1 cache immediately after a legal broadcast ARP request (or reply).

 

This is all about Ettercap-gtk an MITM attack Tool,

Hope to see you guys in the next article, till then Keep Hacking.

 

The following two tabs change content below.

Anuj Mishra

Admin, Founder & Chief Editor at HackeRoyale
Engineer. Blogger. Ethical hacker. Penetration Tester. Deep Webbie. Bug hunter. Security Analyst. Web Developer. Techie. Programmer. Foodie. Music Lover. Traveller. Enthusiast.

Comment Now !