Results 1 to 8 of 8

Thread: ettercap bt4 final and vmware

  1. #1
    Senior Member
    Join Date
    Jan 2010
    Posts
    173

    Default ettercap bt4 final and vmware

    Has anybody successfully arp poisoned using wifi adapter connected to network with bt4 in vmware? it shows poisoning in ettercap but the plugin shows its not and the victim just hangs but attacker machine shows up in its arp table. please advise followed all tuts edited the etterfile ect uncommented forwarded also no joy...

  2. #2
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: ettercap bt4 final and vmware

    Well first of all let me see if I understand this:
    You are using Backtrack in VMware with a wireless USB and you are trying to arp-poison the network you are connected to right ?

    If I'm right, please give us more detail, like commands issued, does BT have a firewall enabled ? Does the router have a firewall ? Have you tried other MITM attacks ?
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  3. #3
    Senior Member
    Join Date
    Jan 2010
    Posts
    173

    Default Re: ettercap bt4 final and vmware

    Thanks for the reply sickness no firewall on bt im connected to the network independently via the wicd router has firewall settings

    commands used:

    #echo 1 > /proc/sys/net/ipv4/ip_forward
    #ettercap –i wlan –F iframe.ef –TQM arp:remote /targetip/ /gatewayip/ -P autoadd

    tried it without iframe also and nothing just hangs,
    heres my etter.conf

    ################################################## ##########################
    # #
    # ettercap -- etter.conf -- configuration file #
    # #
    # Copyright (C) ALoR & NaGA #
    # #
    # This program is free software; you can redistribute it and/or modify #
    # it under the terms of the GNU General Public License as published by #
    # the Free Software Foundation; either version 2 of the License, or #
    # (at your option) any later version. #
    # #
    # $Id: etter.conf,v 1.78 2004/10/12 15:28:38 alor Exp $ #
    # #
    ################################################## ##########################

    [privs]
    ec_uid = 0 # nobody is the default
    ec_gid = 0 # nobody is the default

    [mitm]
    arp_storm_delay = 10 # milliseconds
    arp_poison_warm_up = 1 # seconds
    arp_poison_delay = 10 # seconds
    arp_poison_icmp = 1 # boolean
    arp_poison_reply = 1 # boolean
    arp_poison_request = 0 # boolean
    arp_poison_equal_mac = 1 # boolean
    dhcp_lease_time = 1800 # seconds
    port_steal_delay = 10 # milliseconds
    port_steal_send_delay = 2000 # microseconds

    [connections]
    connection_timeout = 300 # seconds
    connection_idle = 5 # seconds
    connection_buffer = 10000 # bytes
    connect_timeout = 5 # seconds

    [stats]
    sampling_rate = 50 # number of packets

    [misc]
    close_on_eof = 1 # boolean value
    store_profiles = 1 # 0 = disabled; 1 = all; 2 = local; 3 = remote
    aggressive_dissectors = 1 # boolean value
    skip_forwarded_pcks = 1 # boolean value
    checksum_check = 0 # boolean value
    checksum_warning = 0 # boolean value (valid only if checksum_check is 1)

    ################################################## ##########################
    #
    # You can specify what DISSECTORS are to be enabled or not...
    #
    # e.g.: ftp = 21 enabled on port 21 (tcp is implicit)
    # ftp = 2345 enabled on non standard port
    # ftp = 21,453 enabled on port 21 and 453
    # ftp = 0 disabled
    #
    # NOTE: some dissectors have multiple default ports, if you specify a new
    # one, all the default ports will be overwritten
    #
    #

    #dissector default port

    [dissectors]
    ftp = 21 # tcp 21
    ssh = 22 # tcp 22
    telnet = 23 # tcp 23
    smtp = 25 # tcp 25
    dns = 53 # udp 53
    dhcp = 67 # udp 68
    http = 80 # tcp 80
    ospf = 89 # ip 89 (IPPROTO 0x59)
    pop3 = 110 # tcp 110
    #portmap = 111 # tcp / udp
    vrrp = 112 # ip 112 (IPPROTO 0x70)
    nntp = 119 # tcp 119
    smb = 139,445 # tcp 139 445
    imap = 143,220 # tcp 143 220
    snmp = 161 # udp 161
    bgp = 179 # tcp 179
    ldap = 389 # tcp 389
    https = 443 # tcp 443
    ssmtp = 465 # tcp 465
    rlogin = 512,513 # tcp 512 513
    rip = 520 # udp 520
    nntps = 563 # tcp 563
    ldaps = 636 # tcp 636
    telnets = 992 # tcp 992
    imaps = 993 # tcp 993
    ircs = 994 # tcp 993
    pop3s = 995 # tcp 995
    socks = 1080 # tcp 1080
    msn = 1863 # tcp 1863
    cvs = 2401 # tcp 2401
    mysql = 3306 # tcp 3306
    icq = 5190 # tcp 5190
    ymsg = 5050 # tcp 5050
    vnc = 5900,5901,5902,5903 # tcp 5900 5901 5902 5903
    x11 = 6000,6001,6002,6003 # tcp 6000 6001 6002 6003
    irc = 6666,6667,6668,6669 # tcp 6666 6667 6668 6669
    napster = 7777,8888 # tcp 7777 8888
    proxy = 8080 # tcp 8080
    rcon = 27015,27960 # udp 27015 27960
    ppp = 34827 # special case this is the Net Layer code

    #
    # you can change the colors of the curses GUI.
    # here is a list of values:
    # 0 Black 4 Blue
    # 1 Red 5 Magenta
    # 2 Green 6 Cyan
    # 3 Yellow 7 White
    #
    [curses]
    color_bg = 0
    color_fg = 7
    color_join1 = 2
    color_join2 = 4
    color_border = 7
    color_title = 3
    color_focus = 6
    color_menu_bg = 4
    color_menu_fg = 6
    color_window_bg = 4
    color_window_fg = 7
    color_selection_bg = 6
    color_selection_fg = 6
    color_error_bg = 1
    color_error_fg = 3
    color_error_border = 3

    #
    # This section includes all the configurations that needs a string as a
    # parmeter such as the redirect command for SSL mitm attack.
    #
    [strings]

    # the default encoding to be used for the UTF-8 visualization
    utf8_encoding = "ISO-8859-1"

    # the command used by the remote_browser plugin
    remote_browser = "mozilla -remote openurl(http://%host%url)"


    #####################################
    # redir_command_on/off
    #####################################
    # you must provide a valid script for your operating system in order to have
    # the SSL dissection available
    # note that the cleanup script is executed without enough privileges (because
    # they are dropped on startup). so you have to either: provide a setuid program
    # or set the ec_uid to 0, in order to be sure the cleanup script will be
    # executed properly
    # NOTE: this script is executed with an execve(), so you can't use pipes or
    # output redirection as if you were in a shell. We suggest you to make a script if
    # you need those commands.

    #---------------
    # Linux
    #---------------

    # if you use ipchains:
    #redir_command_on = "ipchains -A input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport"
    #redir_command_off = "ipchains -D input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport"

    # if you use iptables:
    redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
    redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

    #---------------
    # Mac Os X
    #---------------

    # quick and dirty way:
    #redir_command_on = "ipfw add fwd 127.0.0.1,%rport tcp from any to any %port in via %iface"
    #redir_command_off = "ipfw -q flush"

    # a better solution is to use a script that keeps track of the rules interted
    # and then deletes them on exit:

    # redir_command_on:
    # ----- cut here -------
    # #!/bin/sh
    # if [ -a "/tmp/osx_ipfw_rules" ]; then
    # ipfw -q add `head -n 1 osx_ipfw_rules` fwd 127.0.0.1,$1 tcp from any to any $2 in via $3
    # else
    # ipfw add fwd 127.0.0.1,$1 tcp from any to any $2 in via $3 | cut -d " " -f 1 >> /tmp/osx_ipfw_rules
    # fi
    # ----- cut here -------

    # redir_command_off:
    # ----- cut here -------
    # #!/bin/sh
    # if [ -a "/tmp/osx_ipfw_rules" ]; then
    # ipfw -q delete `head -n 1 /tmp/osx_ipfw_rules`
    # rm -f /tmp/osx_ipfw_rules
    # fi
    # ----- cut here -------


    #---------------
    # Open BSD
    #---------------

    # unfortunately the pfctl command does not accepts direct rules adding
    # you have to use a script wich executed the following command:

    # ----- cut here -------
    # #!/bin/sh
    # rdr pass on $1 inet proto tcp from any to any port $2 -> localhost port $3 | pfctl -a sslsniff -f -
    # ----- cut here -------

    # it's important to remember that you need "rdr-anchor sslsniff" in your
    # pf.conf in the TRANSLATION section.

    #redir_command_on = "the_script_described_above %iface %port %rport"
    #redir_command_off = "pfctl -a sslsniff -Fn"

    # also, if you create a group called "pfusers" and have EC_GID be that group,
    # you can do something like:
    # chgrp pfusers /dev/pf
    # chmod g+rw /dev/pf
    # such that all users in "pfusers" can run pfctl commands; thus allowing non-root
    # execution of redir commands.


    ##########
    # EOF #
    ##########

    longwinded sorry but its doing my head in just want to make sure the etter.conf is correct

    once again thanks for the reply.

  4. #4
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: ettercap bt4 final and vmware

    Well there could be many reasons for this to happen, one of them could be that your router isn't affected by arp-poisoning, however you can pass this by doing only a one way poison.

    Are you following a specific tutorial/guide ? If not you should

    From Basic to Advanced password sniffing - Part 1
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  5. #5
    Senior Member
    Join Date
    Jan 2010
    Posts
    173

    Default Re: ettercap bt4 final and vmware

    OK will try thanks and have seen ur video before but will go over it again step by step from the basics. thanks

  6. #6
    Junior Member
    Join Date
    Jan 2010
    Posts
    40

    Default Re: ettercap bt4 final and vmware

    I think that the problem is that the host network card can only respond to it's own mac address and not the VMs Which means that the return packets never reach back to the VM.

    Quote Originally Posted by pentest09 View Post
    OK will try thanks and have seen ur video before but will go over it again step by step from the basics. thanks

  7. #7
    Senior Member
    Join Date
    Jan 2010
    Posts
    173

    Default Re: ettercap bt4 final and vmware

    Yeah I have done it before but think i used 2 separate usb dongles in the VM ware machines that may explain it. will try when i get the time .

    Thanks

  8. #8
    Junior Member
    Join Date
    Jan 2010
    Posts
    40

    Default Re: ettercap bt4 final and vmware

    Quote Originally Posted by pentest09 View Post
    Yeah I have done it before but think i used 2 separate usb dongles in the VM ware machines that may explain it. will try when i get the time .

    Thanks
    No problem to use a USB Wifi adapter separately for your VM host the above only applies when you are trying to use the same adapter on host and guest.

Similar Threads

  1. Use Ettercap in VMWare Fusion
    By sixfighter in forum Beginners Forum
    Replies: 0
    Last Post: 09-10-2010, 07:09 PM
  2. Ettercap, ARP Poisoning in VMware
    By Lukeman in forum Beginners Forum
    Replies: 3
    Last Post: 04-11-2010, 07:42 PM
  3. ettercap, backtrack 4 and VMware
    By been_1990 in forum OLD BackTrack 4 General Support
    Replies: 0
    Last Post: 01-22-2010, 12:44 PM
  4. vmware ettercap
    By pentest09 in forum OLD Newbie Area
    Replies: 0
    Last Post: 01-01-2010, 12:24 PM
  5. Ettercap Questions + VMware
    By cyberconsole in forum OLD BackTrack v2.0 Final
    Replies: 1
    Last Post: 10-22-2007, 10:56 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •