Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: Man in the middle attack against Windows Xp SP3 with Backtrack 4 R1 - problem

  1. #1
    Junior Member
    Join Date
    Jan 2010
    Posts
    33

    Default Man in the middle attack against Windows Xp SP3 with Backtrack 4 R1 - problem

    Hello all, I am using backtrack 4 R1 and when I did man in the middle attack using sslstrip against Ubuntu 10.04 LTS worked really fine. I logged in to a gmail account from the "victim's" PC and the passwd was there, in the log file.
    I noticed that until I give to the terminal sslstrip -l 8080 the "vixtim" hadn't got access to the net. After giving sslstrip -l 8080 the network was back. Then I logged on into the gmail account and the pass was mine.
    Unfortunately, when I tried to do this against a machine running win xp sp3, the network was gone even when I gave sslstrip -l 8080. The victim hadn't got access neither at the network nor at the modem. this means that pinging 192.168.1.1 from the victim PC did nothing. After stopping the attack the log file was empty

    I followed the procedure I did against the Ubuntu machine... What happened?
    LoooL

  2. #2
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Man in the middle attack against Windows Xp SP3 with Backtrack 4 R1 - problem

    I mean really, do you know what a MITM actually does ? Or do you just copy and paste the commands from a tutorial.
    Check ip forwarding.
    And if you are using arpspoof with sslstrip did you make the iptables rule ?
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  3. #3
    Junior Member
    Join Date
    Jan 2010
    Posts
    33

    Default Re: Man in the middle attack against Windows Xp SP3 with Backtrack 4 R1 - problem

    Yes, I mainly know what MITM is. And yes, I used arpspoof and I gave the iptables rule.!
    I firstly read what MITM is and then I followed a tut.
    LoooL

  4. #4
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default Re: Man in the middle attack against Windows Xp SP3 with Backtrack 4 R1 - problem

    BTW, what tutorial are you following?

  5. #5
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Man in the middle attack against Windows Xp SP3 with Backtrack 4 R1 - problem

    Could you please post your exact steps and commands here ? And explain a bit the environment ?
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  6. #6
    Junior Member
    Join Date
    Jan 2010
    Posts
    33

    Default Re: Man in the middle attack against Windows Xp SP3 with Backtrack 4 R1 - problem

    Code:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
    arpspoof -i eth0 -t 192.168.1.4 192.168.1.1 [here network at victim is disabled]
    (in new terminal) sslstrip -l 8080 [here is enabled again]
    LoooL

  7. #7
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Man in the middle attack against Windows Xp SP3 with Backtrack 4 R1 - problem

    Hmmm how about your router ? or switch it might have some protection. I recommend you do the next:
    1. Turn off victim firewall
    2. Try sniffing using ettercap and see if that works
    3. If ettercap simple does not work, try to arp poison only one way.
    4. If you have any firewall or stuff like that turn it off
    Last edited by sickness; 08-10-2010 at 12:06 PM.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  8. #8
    Senior Member
    Join Date
    Jul 2009
    Posts
    135

    Default Re: Man in the middle attack against Windows Xp SP3 with Backtrack 4 R1 - problem

    Knowing how to use wireshark and interpret its network captures would be an invaluable asset in solving such problems. I would start by monitoring the network when things go wrong and when things go right so at least you would have an idea on what is supposed to work and when it doesn't you can see which machine isn't responding appropriatly .

  9. #9
    Junior Member
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    79

    Default Re: Man in the middle attack against Windows Xp SP3 with Backtrack 4 R1 - problem

    Hmmmm...
    As I remember SSLstrip's default port is 10000 not 8080 so maybe try that.
    pureh@te said: Our goal is to be a fearsome pentest distro not a windows replacement OS where we are trying to convert the world to Linux.

  10. #10
    Junior Member
    Join Date
    Jan 2010
    Posts
    33

    Default Re: Man in the middle attack against Windows Xp SP3 with Backtrack 4 R1 - problem

    Quote Originally Posted by sickness View Post
    Hmmm how about your router ? or switch it might have some protection. I recommend you do the next:
    1. Turn off victim firewall
    2. Try sniffing using ettercap and see if that works
    3. If ettercap simple does not work, try to arp poison only one way.
    4. If you have any firewall or stuff like that turn it off
    Well, as I said before, this method (with sslstrip) worked against ubuntu 10.04, so it hasn't to do with the router.
    Ettercap works but it does not capture passwords from encryption-protected websites (like gmail or facebook) but it does from some un-protected (like some forums) and websites that prompt for passwd (like ftp logins or login at modem at 192.168.1.1).
    However the method with sslstrip did capture these passwords from "encrypted" sites.
    So ettercap semi-worked.
    LoooL

Page 1 of 3 123 LastLast

Similar Threads

  1. Replies: 2
    Last Post: 08-23-2010, 10:53 AM
  2. Acceso a Windows 7 por Medio de SET (Java Applet Attack)
    By šĜrτĦacK in forum BT Videos - ES
    Replies: 0
    Last Post: 05-01-2010, 07:36 PM
  3. [Video] Man In The Middle (MITM) Attack (ettercap, metasploit, sbd)
    By imported_g0tmi1k in forum OLD BT4 Videos
    Replies: 6
    Last Post: 01-16-2010, 08:47 PM
  4. Replies: 2
    Last Post: 07-08-2009, 08:56 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •