LAN Hacking Noob

Posted by: Fountainhead

LAN Hacking Noob - 03/10/11 11:45 PM

Hi everyone.

I am just getting started in hacking, with a current concrete motivation: I want to learn how to watch, interpret, and use information in my LAN network. In particular, and as a startup challenge, I'd like to retrieve every single password users on my LAN have for Hotmail, Facebook, Youtube, etc., and their windows login password.

The LAN I'm describing is that of a small business where I work, so the users are always the same.

I just saw some videos about Ettercap, and I have downloaded the Windows version. Since I understand Windows sucks for the purpose, i have also installed CYGWIN and I'm starting to learn some basic commands. I'm on my way to installing Ettercap also within CYGWIN.

What I need, if someone is willing to help this noob retard, is a walktrhough.

As a side note, I started using Ettercap (windows) yesterday, and it worked to a certain extent. I was able to ARP poison a local computer which i also had access to; able meaning [1] I attacked Target 1 (victim computer) and Target 2 (server IP), [2] I checked 'arp -a' in the victim computer in order to verify the poisoning had taken place and [3] ran the ettercap poison check pluggin with success.

Nevertheless, when I entered a facebook and hotmail username and password in the victim computer, Ettercap failed to retrieve those passwords.

Additionally, I was only able to perform poisoning in promisc 'unified sniffing' mode. Whenever I used the subtler mode, poisoning failed. Being advised from the tutorial videos that promisc mode was agressive on servers, I tried 'poison only one way', resulting in succesful poisoning in the victim computer in the extent above said (arp -a checking the victim computer), but again ethercap failed to retrieve passwords.

Evidently, the times i've tried to poison both targets, server included, with promisc mode, the poisoning didn't last long because the administrator responded by reseting the server.

If anyone is willing i'd very much appreciate some help.

FOUNTAINHEAD.
Posted by: Fountainhead

Re: LAN Hacking - 03/11/11 01:27 AM

I have also noted that since I started the obviously unsuccessful attacks, the number of IPs that pop upon self 'arp -a' request have gone down. Does this affect my ability to ARP poison, meaning I can only poison IPs which appear on my arp -a request? Is this an ordinary behavior or may it suggest my clumsy 'promisc' ARP requests to the gateway made the administrator become aware of me as the attacker and is somehow attempting to hinder my ability to poison? If the latter is true, is there some way to override him, maybe changing my mitm choice?
Posted by: Gremelin

Re: LAN Hacking - 03/11/11 05:11 AM

I haven't really used Ettercap (or any other data sniffer) in years (we're talking 2002 or so), one thing to keep in mind is that you're not going to have much success in sniffing secure (ssl) internet connections; in fact, most services that require login now preform the login through ssl to ensure sniffers cannot capture login data.

You can test by going to www.hotmail.com and noting that it redirects you to an SSL page to input login data; the result, you'll never be able to sniff logins for hotmail, the host is an SSL system which is using a 128bit rc4 encrypted connection.
Posted by: Fountainhead

Re: LAN Hacking - 03/11/11 06:10 AM

Thank you very much for your quick response. Ok, so wrong target then. I chose usernames and passwords because its commonplace, but I actually have little interest in reading personal stuff. Maybe you could lead me better in 'the hacker way'. What kind of data is retrievable in LAN as a startup? What things are doable without requiring mayor security cracking? Im just bored with usual internet navigation, I want some real 'flesh and bone data' if you know what I mean.
Posted by: Gremelin

Re: LAN Hacking - 03/12/11 07:42 AM

Well, sniffing the connection itself would be a good starting point; you're likely not going to capture usernames/passwords on large sites (as they'll usually be using SSL) but smaller sites such as those with bulletin boards (heh, hmm) you'd be able to sniff things from there.