Re: [PEN-TEST] Arp Spoofing under WinNT 4.0

[Frank Knobbe <FKnobbe () KNOBBEITS COM>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I developed a little command line tool called snarp that allows you
to sniff traffic between two machines on a switched network. It does
so by poisoning the arp caches on two targets and relaying traffic
between them. It runs great under NT 4 (requires the WinPCap driver
and LibNetNT.dll).

It currently does not run under Win2K. I'm still trying to figure out
(if I ever get some spare time) why even a simple malloc or free
crashes the process...

Email me offline if you like a copy of it. I have not released it yet
since I wanted to get some feedback back from testers and get the W2K
issues worked out.

Regards,
Frank

> -----Original Message-----
> From: Fabio Pietrosanti [mailto:naif () SIKUREZZA ORG]
> Sent: Wednesday, January 31, 2001 5:42 AM
>
> Hi,
>
> I'm doing a pen test, and i got access to an NT server on
> which i would
> like to place a sniffer.
>
> I've tried buttsniff and then Dsniff using WinPcap, but i
> notice that they
> are on a switched network, so i  have two solutions:
>
> 1) Flood the switch of random mac address so his table
> will'be filled and
>    the switch will operate in bride mode
> 2) do arp spoofing so i could intercept all packet destinated
> to the host
>    of which traffic i need to sniff.
>
> On unix there are many tools, but on WinNT 4.0 with WinPcap
> there are some
> tools for "arp spoofing" ?
>
> Thanks a lot
>
>
> Best Regards
>
> naif
> naif () sikurezza org

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME encrypted email preferred.

iQA/AwUBOnjL+JytSsEygtEFEQIe1wCeIqIiMTVX1Iq6vGYQMVqqDDsqNHcAoK6A
f+L2vhgBgd57pCjIM0T6nlHH
=Jttt
-----END PGP SIGNATURE-----