Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Help with Ettercap

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    May 2011
    Posts
    5

    Question Help with Ettercap

    Guys,
    I was following the hoto here http://www.backtrack-linux.org/forum...poisoning.html

    but output is zero for me... after doing so, my network got jammed. seems kinda DoS. Now I need the follwoing::
    What I have::::

    Gateway: 192.168.0.1/24
    Target host: Windows Server 2003 or Windows XP/Vista; 192.168.0.4/24

    My laptop: WinXP 192.168.0.10/24
    BT5 in Vmware in my laptop with bridged mode IF (eth1, eth2); 192.168.2.100/24 and 101/24

    Now I want to sniff and see what the 192.168.0.4 is sending/receiving. Including pictures, passwords, etc. from my laptop using bt5.

    please help me guys... I'm planning to write my name in ethical hacker...

    Mishu~

  2. #2
    Senior Member ghostdog67's Avatar
    Join Date
    Sep 2008
    Posts
    180

    Default Re: help me guys, newbie...

    here start with this one : http://xxx

    Read this, it will help you understand the tool.........: http://openmaniak.com/ettercap.php
    Last edited by bolexxx; 05-13-2011 at 08:13 PM. Reason: no youtube links allowed

  3. #3
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: help me guys, newbie...

    I love it when people do things they don't understand and then wonder why things don't work.

    Please do some networking 101 type reading so that you comprehend what's going on when you ARP Poison and why your network might go tits up after doing so.

    Lastly please ONLY do this on your LAN. Futzing with things you're unfamiliar with is likely to result in problems for others on a corporate, business, or school LAN. Which wastes someone else's time to fix and lots of other peoples' time and effort in lost productivity.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  4. #4
    Just burned his ISO
    Join Date
    May 2011
    Posts
    5

    Default Re: help me guys, newbie...

    to "thorin" sir,
    First of all, i am doing this in my own LAN... and I am so newbie, that it's getting hard for me... about the networking 101, keeping this in mind...

    the first thing is let's consider, i know just nothing... at this point, even following the compelte step by step, i found nothing... where in the case of wireshark, i can see the packets, open them up... but only when they are just for my IF. (means when exactly for my MAC). So I am doing Arp Poisoning for fool the target regarding the MAC it is sending... I'm not sure, for learning matter, as since the network is switched, the switch is keeping an ARP table, specific MAC for specific physical ports. Thus when I do the poisoning, or flood with fake MACs, i'm trying to fool the victim, but how?? because even if i pretend to be the desired MAC of the victim, then the switch has the MAC table for the original one, not the spoofed one. I found for my case, MAC flooding makes the victim paraniod, but as the switch works its own way and thus I can't do the wiretap... thus i need a real elaboration and step by step guidance...
    After reading the manual for ettercap, i did it whole evening, but same is happening everytime...

    ideas???

  5. #5
    Senior Member ghostdog67's Avatar
    Join Date
    Sep 2008
    Posts
    180

    Default Re: help me guys, newbie...

    If you are using ettercap on BT5 , then there are some bugs, cant help you with this, i am trying to find some fixes.

  6. #6
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: help me guys, newbie...

    Quote Originally Posted by mishu View Post
    to "thorin" sir,
    First of all, i am doing this in my own LAN... and I am so newbie, that it's getting hard for me... about the networking 101, keeping this in mind...
    That's fine. It's just sadly not unheard of around here for people to have tried this on corporate LAns etc where it not only ends up sucking for person doing it but for everyone else on the LAN as well.

    the first thing is let's consider, i know just nothing... at this point, even following the compelte step by step, i found nothing... where in the case of wireshark, i can see the packets, open them up... but only when they are just for my IF. (means when exactly for my MAC). So I am doing Arp Poisoning for fool the target regarding the MAC it is sending... I'm not sure, for learning matter, as since the network is switched, the switch is keeping an ARP table, specific MAC for specific physical ports. Thus when I do the poisoning, or flood with fake MACs, i'm trying to fool the victim, but how?? because even if i pretend to be the desired MAC of the victim, then the switch has the MAC table for the original one, not the spoofed one. I found for my case, MAC flooding makes the victim paraniod, but as the switch works its own way and thus I can't do the wiretap... thus i need a real elaboration and step by step guidance...
    No quite. In general you're trying to fool the target(s)/victim(s) into thinking that you're the default GW or system they're trying to reach. Yes the switch keeps an ARP table however you're trying to tell the victim(s) (and perhaps the switch) that you're something you're not. http://en.wikipedia.org/wiki/ARP_spoofing
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  7. #7
    r083rt
    Guest

    Default Re: help me guys, newbie...

    *************************************note of warning******************************


    when using ettercap you must press 'q' to quit if you close the terminal you will cause a dos (denial of service) the arp cache needs to be resolved

    I suggest you do some reading and view some tutorials on ettercap and arp poisioning before you crash anyones network


    r083rt
    Last edited by r083rt; 05-13-2011 at 08:07 PM.

  8. #8
    Just burned his ISO
    Join Date
    May 2011
    Posts
    5

    Default Re: Help with Ettercap

    dear folks,
    I was using the GUI for my first attempt. What i did was using the GUI is:

    I took the target victim 192.168.0.10 (a host), router GW was 192.168.0.1

    Then I just opened the ettercap GUI and did the scan. after that, selected the target1 as router and then target2 as the victim. Then did the MITM ARP Poisoning from menu and then start sniff. AFter that, I opened the wireshark and started to capture. It gave me all the things.

    At this stage, it was fine as my first attempt on hacking. next level was to get SSL data. Thus I found the GUI is not helping me any more. I used the following::

    first all the time, echo "1" to ip_forward.
    then doing the manual iptables NAT rules for 80 to 1000

    then run the sslstrip. After that, aprspoof -i eth0 victim IP Router IP
    Then ettercap -i eth0 -Tq

    When i did so, i found it finally able to show the yahoo password for just once. Facebook failed, hotmail just did not opened the first page at all, gmail failed too. It is jamming the whole network actually. So need to be tuned up.

    Or as suggested by my fellow friend here, BT4. Thinking of getting the VMware and ISO of BT4.
    The BT4 is not there in site... can somebody tell me the URL???

    And for all of you guys, I need your help so that I can learn. And I'm doing Testing in my very personal Network... That's for sure...

    Mishu~

  9. #9
    Just burned his ISO
    Join Date
    May 2011
    Posts
    5

    Default Re: Help with Ettercap

    Before even trying to add on tools like sslstrip, I would make sure that you fully understand ettercap first. In your above example, it looks redundant to run both arpspoof and ettercap simultaneously, but I really don't know for sure. If you've been able to get ettercap working with sslstrip, and you're noticing that it doesn't always capture passwords, you should know that ettercap isn't failsafe and does produce unpredictable results. For example, if you work with filters, you'll see that sometimes the filters trigger and other times they don't, for seemingly random reasons.

  10. #10
    Just burned his ISO
    Join Date
    May 2011
    Posts
    5

    Default Re: Help with Ettercap

    the first thing is I was following youtrube and google forum postings... anyway... i found doing an arpspoof makes network so bad in condition. thus if there is a chance of doing it without the arpspoof command, that's better. and about ettercap, I am using CLI, not the GUI. The GUI is more easy and understandable, but even though the CLI gives some outpit, GUI gives nothign.

    I have switched back to BT4. Not sure, the thing is not working even if i blindly follwo the youtube helps...

    Mishu`

Page 1 of 2 12 LastLast

Similar Threads

  1. ettercap cli
    By Gawker in forum Beginners Forum
    Replies: 2
    Last Post: 10-03-2010, 04:36 PM
  2. ettercap??
    By bt4agostino in forum Angolo Wireless
    Replies: 6
    Last Post: 01-17-2010, 12:20 PM
  3. Ettercap GTK with BT4
    By appreciated in forum OLD BackTrack 4 Bugs and Fixes
    Replies: 9
    Last Post: 10-18-2009, 01:33 PM
  4. ettercap
    By MaxHalz in forum OLD BackTrack 3 Final
    Replies: 5
    Last Post: 10-01-2008, 10:15 AM
  5. ettercap
    By danielcosta in forum OLD Newbie Area
    Replies: 2
    Last Post: 06-14-2008, 03:25 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •