Sunday, 30 September 2012

MITM with Ettercap

Hello readers, we are back with our tutorials on Matriux, due to some unwanted circumstances we weren’t able to be a part of last month’s issue. However we promise to provide our continued support and help to the users. This month we are going to cover a basic tutorial of Man-In-The-Middle (MITM) attack using Ettercap by ARP spoofing technique.

Ettercap 
-----------------------------------------------------------------------------------------
Ettercap is a great tool especially for Man-In-The-Middle Attacks. Very simple and easy to use tool intercept data over LAN and systems connected over switched routers and execute MITM attacks.
“Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones) and includes many features for network and host analysis.” – quoted from Ettercap Website.

----------------------------------------------------------------------------------------------

MITM with Ettercap by ARP poisoning

 ----------------------------------------------------------------------------------------
Requirement: Target system to be in the same network as our attacker – Matriux (can be used over systems communicating over routers too). But let’s make it easy ;)

Ettercap can be found in Matriux under Arsenal > Scanning >Ettercap. I prefer we use the console mode for better understanding of the attack procedure.
----------------------------------------------------------------------------------------------

Attack Setup
----------------------------------------------------------------------------------------- 1.Enable IP Forwarding by typing the following in terminal.

2.Edit the file /etc/etter.conf (may be present at different location in different version try “locate etter.conf “). Uncomment the following lines by removing “#” they are present
3.Open another terminal and type “driftnet –i<<interface>>” use the interface by which you are able to
communicate with the target system. (In my case it was eth1). You will be able to see a black window coming up.


Initiating the Attack

Open the terminal as root and start the attack by typing: 
--------------------------------------------------------------------
~#ettercap –Tq –M arp:remote /<<IP of target>>/
--------------------------------------------------------------------


IP of target can be a group of IP addresses.

Now you can see the data, passwords and everything being browsed or passed over internet from the target in the window and also the images the target is browsing in the driftnet window we opened up earlier


Now you have successfully performed a MITM attack using Ettercap by ARP spoofing. You can also try changing the data the target system is communicating with the internet.

No comments:

Post a Comment

Note: only a member of this blog may post a comment.