Page 4 of 25 FirstFirst ... 2345614 ... LastLast
Results 31 to 40 of 248

Thread: Sniffing Tutorial:

  1. #31
    Just burned his ISO
    Join Date
    May 2006
    Posts
    3

    Default no success with ettercap

    I have a 2WIRE from SBC that I got when I signed up for DSL a few years ago. This tutorial didn't work on my router at all. I tried signing into my hotmail and yahoo but the only piece of information thats displayed in ettercap is the following,


    Code:
    Listening on ath0... (Ethernet)
    
      ath0 -> 00:20:A6:50:E5:E7         172.16.1.34         255.0.0.0
    
    
    Privilegesdropped to UID 65534 GID 65534
    
    
       28 pugins
       39 protocol dissectors
       53 ports monitored
    7587 mac vendor fingerprint
    1698 tcp OS fingerprint
    2183 known devices
    Randomizing 16777215 hosts for scanning...
    
    
    ARP poisoning vistims:
    
    
    GROUP 1: ANY(all hosts in the list)
    
    
    GROUP 2: ANY(all hosts in the list)
    Starting Unified sniffing...
    
    
    DHCP: [172.16.0.1] OFFER: 172.16.1.34 255.255.0.0 GW 172.16.0.1 DNS 172.16.0.1
    DHCP: [172.16.0.1] OFFER: 172.16.1.34 255.255.0.0 GW 172.16.0.1 DNS 172.16.0.1
    DHCP: [172.16.0.1] ACK: 0.0.0.0 255.255.0.0 GW 172.16.0.1 DNS 172.16.0.1 "gateway.2wire.net"
    DHCP: [172.16.0.1] ACK: 0.0.0.0 255.255.0.0 GW 172.16.0.1 DNS 172.16.0.1 "gateway.2wire.net"
    Unified sniffing was stopped.
    ARP poisoner deactivated.
    RE-ARPing the victims...

    I also noticed in Ethereal every website I visit always has the extentsion of gateway.2wire.net

    Is my router encrypting everything that goes through it? For example I went to myspace.com and in Ethereal it showed up like so "home.myspace.com.gateway.2wire.net"


    Any help would greatly be appreciated.



    Here is my hardware information,


    Model: HomePortal 1000HW
    Serial Number: 114116002590
    Hardware Version: 2700-000364-006
    Software Version: 3.5.5


    I'm currently using Ettercap with my Proxim ORiNOCO 8470-WD 802.11 b/g


    Thanks.

  2. #32
    Just burned his ISO
    Join Date
    Feb 2006
    Posts
    15

    Default

    Quote Originally Posted by michelinok
    I'm waiting for the video
    And another question....with this tutorial you mean that I can sniff outgoing traffic FROM ANOTHER MACHINE TO THE ROUTER?
    That's the point yeah.
    Example: You have a PC in a big company, set up as a sniffer, and you wait for the passwords to come in

  3. #33
    Junior Member
    Join Date
    Jun 2006
    Posts
    61

    Default wtf

    Quote Originally Posted by fifo_thekid
    what about a small video tutorial hosted by rapidshare?
    a small video for that????
    wha.....


    well lemme try to explain if that's kinda hard...

    you open kwrite (you can type kwrite in an empty konsole)
    and find that file he said.
    then remove the # off the 2 lines and voila! that's it. make sure you save.
    then do like he says in ettercap. unified sniffing is in one of the menues at the top

  4. #34
    Junior Member
    Join Date
    Jun 2006
    Posts
    61

    Default hrmm

    Quote Originally Posted by TheGreatVirus
    I have not much luck with WPA's Myself. I used aircrack to do my attack on it though so I cant help you much with rainbow crack. The reason why I directed you to it though was because many people reported better success with it.
    you use aircrack to crack other hashes? sounds creative to me ;-)

  5. #35
    Just burned his ISO
    Join Date
    Jun 2006
    Posts
    1

    Default

    i tested this it it works for all my passes
    so then i went to access my bank account


    www.bankofamerica.com
    and ettercap did not pick up anything
    (even though i accepted the certificate)

    what is Bank of America doing that prevents ettercap from reading anything?

    is there a way to implement this on my own server?

    I just tested this technique on this forum, and ettercap does NOT pick up my forum username and pass

    it says

    SEND L3 ERROR: 56 byte packet (0800:01) destined to XXX.XXX.XXX.XXX was not forwarded (libnet_write_raw_ipv4(): -1 bytes written (Operation not permitted)

    what does this mean?

  6. #36
    Senior Member
    Join Date
    Apr 2006
    Posts
    154

    Thumbs up

    Quote Originally Posted by likeachild
    i tested this it it works for all my passes
    so then i went to access my bank account


    www.bankofamerica.com
    and ettercap did not pick up anything
    (even though i accepted the certificate)

    what is Bank of America doing that prevents ettercap from reading anything?

    is there a way to implement this on my own server?

    I just tested this technique on this forum, and ettercap does NOT pick up my forum username and pass

    it says

    SEND L3 ERROR: 56 byte packet (0800:01) destined to XXX.XXX.XXX.XXX was not forwarded (libnet_write_raw_ipv4(): -1 bytes written (Operation not permitted)

    what does this mean?
    Haven't tested the HTTPS, but I CAN get username and password when logging here

  7. #37
    Just burned his ISO
    Join Date
    Jul 2006
    Posts
    1

    Default

    Ive only come here cause I need to sniff a hotmail account, dont have bad intentions, dont want passwords or anything but really need to monitor incoming n outgoing mails.
    Can anyone tell me how to from an XP machine?...btw the person using the account is in another country...happens to be my hubbys ex

  8. #38
    Junior Member
    Join Date
    Oct 2006
    Posts
    33

    Default

    I did all of the steps listed in the tutorial and I am able to sniff in ettercap, but when I go to gmail or other similar sites, I don't get any passwords or usernames or anything. When I go to hotmail, I see the fake certificate pop up, I accept it, but no passwords come through. Could I be doing something wrong?

  9. #39
    Just burned his ISO
    Join Date
    Aug 2006
    Posts
    2

    Question

    Problem:
    I start sniffing using "ath1" with kismet or aircrack
    Then I open up Ettercap, and choose
    Unified Sniffing
    then choose "ath1"
    Ettercap then automatically CLOSE
    Why is that?
    Card details as follow
    Code:
    iwconfig
    
    eth0      no wireless extensions.
    
    sit0      no wireless extensions.
    
    wifi0     no wireless extensions.
    
    ath0      IEEE 802.11g  ESSID:""
              Mode:Managed  Channel:0  Access Point: Not-Associated
              Bit Rate:0 kb/s   Tx-Power:19 dBm   Sensitivity=0/3
              Retry:off   RTS thr:off   Fragment thr:off
              Encryption key:off
              Power Management:off
              Link Quality=0/94  Signal level=-95 dBm  Noise level=-95 dBm
              Rx invalid nwid:1513150  Rx invalid crypt:0  Rx invalid frag:0
              Tx excessive retries:0  Invalid misc:0   Missed beacon:0
    
    ath1      IEEE 802.11g  ESSID:""
              Mode:Monitor  Frequency:2.447 GHz  Access Point: 01:1R:1B:11:31:49
              Bit Rate:0 kb/s   Tx-Power:19 dBm   Sensitivity=0/3
              Retry:off   RTS thr:off   Fragment thr:off
              Encryption key:off
              Power Management:off
              Link Quality=0/94  Signal level=-95 dBm  Noise level=-95 dBm
              Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
              Tx excessive retries:0  Invalid misc:0   Missed beacon:0
    Code:
    ifconfig
    
    ath1      Link encap:UNSPEC  HWaddr 02-16-2D-45-3C-34-00-00-00-00-00-00-00-00-00-00
              UP BROADCAST RUNNING  MTU:1500  Metric:1
              RX packets:2978643 errors:0 dropped:0 overruns:0 frame:0
              TX packets:385460 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:820490813 (782.4 MiB)  TX bytes:26189776 (24.9 MiB)
    
    eth0      Link encap:Ethernet  HWaddr 00:01:23:34:2D:3Q
              inet addr:10.0.0.4  Bcast:255.255.255.255  Mask:255.255.255.0
              inet6 addr: fe80::208:2ff:fe64:536c/64 Scope:Link
              UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:11241 errors:0 dropped:0 overruns:0 frame:0
              TX packets:10368 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:11203780 (10.6 MiB)  TX bytes:1367738 (1.3 MiB)
              Interrupt:10
    
    lo        Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:16436  Metric:1
              RX packets:780869 errors:0 dropped:0 overruns:0 frame:0
              TX packets:780869 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:251840871 (240.1 MiB)  TX bytes:251840871 (240.1 MiB)
    
    wifi0     Link encap:UNSPEC  HWaddr 00--xx-xx-xx-xx-00-00-00-00-00-00-00-00-00-0 ( Masked myself)
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:2939401 errors:0 dropped:1421253 overruns:0 frame:1000170
              TX packets:39344 errors:0 dropped:346116 overruns:0 carrier:0
              collisions:0 txqueuelen:199
              RX bytes:400672601 (382.1 MiB)  TX bytes:2811264 (2.6 MiB)
              Interrupt:11 Memory:e0e60000-e0e70000

  10. #40
    Just burned his ISO
    Join Date
    Nov 2006
    Posts
    9

    Default

    wow this shit is hardcore, i just went to my nationalcity account and it picked up, the next time i ever go to any hotspots you can bet your ass, i wont be doing any thing that invloves enter a password

Page 4 of 25 FirstFirst ... 2345614 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •