Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Ettercap help please

  1. #1
    Just burned his ISO
    Join Date
    Nov 2010
    Posts
    7

    Default Ettercap help please

    Hello everybody,

    I have just recently joined the forum, because I've encountered problems regarding ettercap in BT4. I have followed this guide:
    http://www.backtrack-linux.org/forum...poisoning.html
    any tried a couple of others similar, with no success. What happens is that when I click Start sniffing, the target computer is not able to access the internet. I keep getting the same info in ettercap looking like this:

    SNMP : 172.20.4.110:161 -> COMMUNITY: public INFO: SNMP v1
    SNMP : 172.20.4.111:161 -> COMMUNITY: public INFO: SNMP v1
    SNMP : 172.20.4.110:161 -> COMMUNITY: public INFO: SNMP v1
    SNMP : 172.20.4.111:161 -> COMMUNITY: public INFO: SNMP v1

    The access point is my own and so is the target computer. I'm using vmware and USB adapter for BT4 and the target computer is my windows laptop.
    I'm doing this for educational purposes at my computer science study program, I have already learned to pentest WEP and researched pentest of WPA through rainbow tables. I have not yet tried Metasplot framework.

    Hope somebody is able to give a fellow security enthusiast a little help with this problem of mine

    Regards,
    Woodgrove

  2. #2
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Ettercap help please

    You should definitely read more about what you are trying to do. The main reasons for your problem are:
    1. Forwarding rules from ettercap aren't uncommented correctly.
    2. You might have a firewall enabled that won't let the packets through.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  3. #3
    Senior Member LHYX1's Avatar
    Join Date
    Sep 2010
    Location
    Belgium
    Posts
    127

    Default Re: Ettercap help please

    Are you trying to arp poison your host computer with the guest virtual machine?
    If so try using a virtual machine for both the victim computer and the attacker computer.
    I had some troubles too with the arp poisoning in VMware and this works for me.

  4. #4
    Just burned his ISO
    Join Date
    Nov 2010
    Posts
    7

    Default Re: Ettercap help please

    @sickness: I will do some more reading and look into the uncomment. I have not got a firewall except the Windows 7 and the one in the router. Can you recommend some articles or books for BT4.

    @LHYX1: Yes I am attacking my physical pc with a virtual machine, thought that it maybe could have something to do with my problem. I will try ettercap with two physical pcs tomorrow.

  5. #5
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Ettercap help please

    @Woodgrove I think you should use the search function, or go to the HowTo/Video section, if I remember correctly me and @g0tmi1k have some ettercap videos and least but not last use google it's the best source for documentation.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  6. #6
    Junior Member
    Join Date
    Oct 2010
    Location
    TOTSE
    Posts
    28

    Default Re: Ettercap help please

    I think this might be some kind of VMWare related problem - I had pretty much exactly the same problem when I was using VMWare. In the end, I just gave up and used two different machines, ARP poisoning that way.

    If you have access to another computer you could attempt to poison, then give it a shot. If its still not working properly, then assume that I am wrong and there's something else wrong here.

  7. #7
    Just burned his ISO
    Join Date
    Nov 2010
    Posts
    7

    Default Re: Ettercap help please

    Alright, so far so good.

    I have used two physcial computers to try arp poisoning and it seems to somehow work, the problem is I can see which adresses are typed in by the target pc, but I cannot see the web pages on the target pc and neither get access to hotmail.com or gmail.com, as soon as I click arp poison and remote sniffing, the target pc is unable to view websites.

    I have looked into the uncommenting and I'm pretty sure I have done it correct, I have removed # from these two lines:

    Code:
    # if you use iptables:
    redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
    redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
    I just can seem to find the solution for this... by the way I'm using my router with WPA2 encryption, but that shouldn't have anything to do with it not working, should it?

  8. #8
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Ettercap help please

    Try turning down firewall and enabling ip_forward.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  9. #9
    Just burned his ISO
    Join Date
    Nov 2010
    Posts
    7

    Default Re: Ettercap help please

    I have found another guide and will try to type the commands in the terminal, maybe you can see what I'm doing wrong.

    echo 1 > /proc/sys/net/ipv4/ip_forward
    sudo ettercap -T -M arp -i wlan0 // //

    When I then try to go to hotmail.com on the target computer i just get the page This website is not available. Do I need a filter or certificate to see those sites and if so which one?

  10. #10
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Ettercap help please

    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

Page 1 of 2 12 LastLast

Similar Threads

  1. Anybody using ettercap?
    By redss in forum OLD BT3final Support
    Replies: 0
    Last Post: 08-25-2009, 06:59 PM
  2. Ettercap.
    By eXeCuTeR in forum OLD Newbie Area
    Replies: 8
    Last Post: 04-05-2008, 12:05 AM
  3. Ettercap IP?
    By musik4u66 in forum OLD Newbie Area
    Replies: 2
    Last Post: 01-07-2008, 09:15 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •