From: Bartholomew, Brian J (BartholomewBJ@state.gov)
Date: Wed Oct 05 2005 - 07:21:19 EDT
Folks,
Everything asked so far can be done using Cain and Abel. It's pretty nice and very easy to use once you figure out the arp spoofing piece. http://www.oxid.it/cain.html
P.S. - The new version even has a built in RDP MITM plugin.
Brian Bartholomew
-----Original Message-----
From: caseytay@nets.com.sg [mailto:caseytay@nets.com.sg]
Sent: Sunday, October 02, 2005 9:08 PM
To: Rafael San Miguel Carrasco
Cc: Kyle Starkey; pen-test@securityfocus.com
Subject: Re: ARP Spoofing and Routing
Hi all,
I would like to know how to go abt spoofing arp caches, and DNS poisoning?
I am doing a research on the methodologies available, and also need a list
of tools/softwares that can help me.
If anyone has some exprience with spoofing DNS or arp entries, pls advise.
Thanks,
Casey
Rafael San Miguel
Carrasco
<smcsoc@yahoo.es> To
Kyle Starkey
10/02/2005 08:32 <kstarkey@siegeworks.com>
PM cc
pen-test@securityfocus.com
Subject
Re: ARP Spoofing and Routing
Remember that you may need to add a rule in iptables to avoid your
TCP/IP stack generating ICMP_REDIRECT messages:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A OUTPUT -p icmp --icmp-type redirect -j REJECT
Greetings,
Rafael San Miguel Carrasco
Kyle Starkey wrote:
>Folks..
>I was on site yesterday at a client doing some pen-test type work and
>thought I might play around with some arpspoofing and see what I could
>gather. I ran into a couple of problem and thought you all might have the
>solution.
>
>What I was trying to do was arpspoof a server so that I could intercept
any
>authentication requests that were made to it and grab passwds or hashes to
>find some user accts. I was using the Auditors Toolkit bootable CD and
the
>arpspoof worked great. A tcpdump of the eth0 int when the spoof started
>showed that I was getting all the traffic that should have been destined
for
>this server (hosts and server and myself were all in the same bcast seg
>btw). However I was not running any deamons (ftp, samba, telnet, etc) to
>answer these requests and as such was only seeing part of the conversation
>and couldn't complete the connection to get the full auth request. So
what
>I need to know is how I go about sending packets that were destined for
the
>server originally to the actual server after I have had my
>tcpdump/dsniff/etc doing the packet capture and filter. My ideas are as
>follows and I could use some responses about them or OTHER ways I can
>accomplish this...
>
>1) routed routing traffic to the original host with a static ARP entry in
my
>host for the server I am spoofing so I don't spoof myself
>
>2) some kind of proxy server that will capture and forward traffic based
on
>the dest addr of the packet and again a static arp entry for the host
being
>spoofed so we don't spoof ourselves
>
>3) load ftpd, samba, telnet, to answer these requests, even if we are
>denying auth people will still pass user credentials in an attempt to
login,
>after the arpspoof has happened...
>
>4) some other already built tool that I have never heard of and should
learn
>to use...
>
>
>If this makes no sense please feel free to flame me and call me an idiot,
>but its been a long week and the coffee aint helping...
>
>-K
>
>Kyle R. Starkey
>Senior Security Consultant
>CISSP # 31718
>Siegeworks LLC
>Email: kstarkey@siegeworks.com
>Cell: 435-962-8986
>
>
>------------------------------------------------------------------------------
>Audit your website security with Acunetix Web Vulnerability Scanner:
>
>Hackers are concentrating their efforts on attacking applications on your
>website. Up to 75% of cyber attacks are launched on shopping carts, forms,
>login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
>futile against web application hacking. Check your website for
vulnerabilities
>to SQL injection, Cross site scripting and other web attacks before
hackers do!
>Download Trial at:
>
>http://www.securityfocus.com/sponsor/pen-test_050831
>-------------------------------------------------------------------------------
>
>
>
>
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers
do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
***************************************************************************
IMPORTANT NOTICE:
This email and any files transmitted with it is intended only for
the use of the person(s) to whom it is addressed, and may
contain information that is privileged, confidential and exempt
from disclosure under applicable law. If you are not the intended
recipient, please immediately notify the sender and delete
the email. Thank you.
***************************************************************************
Casey Tay Kian Chuan
Data Security Analyst
Data Security
DID : 65-6374-0653
TEL : 65-6272-0533
FAX : 65-6275-7712
Network For Electronic Transfers (S) Pte Ltd
298 Tiong Bahru Road
#04-01/06 Central Plaza
Singapore 168730
http://www.nets.com.sg
********************************************************************************
IMPORTANT NOTICE: This email and any files transmitted with it is
intended only for the use of the person(s) to whom it is addressed, and
may contain information that is privileged, confidential and exempt from
disclosure under applicable law. If you are not the intended recipient,
please immediately notify the sender and delete the email. Thank you.
********************************************************************************
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:02 EDT