Penetration Testing mailing list archives
ettercap help
From: "Mike Brentlinger" <mdbrentlinger () hotmail com>
Date: Mon, 30 Sep 2002 16:37:32 -0400
Ok, based on http://ettercap.sourceforge.net/ ettercap supposedly captures vnc passwords, ie Password collector for : TELNET, FTP, POP, ... VNC, ... I have the following setup but cannot for the life of me get it to work.. ip : 10.0.0.1 (vnc client) mac: aa:aa:aa:aa:aa:aa ---------------| | ip : 10.0.0.2 (ettercap) | mac: bb:bb:bb:bb:bb:bb ------------- tried both hub & switch | ip : 10.0.0.3 (vnc server) | mac: cc:cc:cc:cc:cc:cc ---------------|I can get it to sniff telnet, ftp, pop, smb, but no vnc. I have the following default entry in my etter.conf file under the dissectors section.
VNC=ON # tcp 5900-5905and based on the etter.conf file it doesnt appear as though this password sniff requires any arp spoofing of any type.
when i run it on my windows, trinux, or redhat machine i get similar results such as below,
C:\Program Files\ettercap>ettercap.exe -NCzds ettercap 0.6.7 (c) 2002 ALoR & NaGA List of available devices : --> [dev0] - [3Com EtherLink PCI] --> [dev2] - [3Com 3C90x Ethernet Adapter] Please select one of the above, which one ? [0]: 0 Your IP: 172.18.2.10 with MAC: 00:B0:D0:7B:DD:15 on Iface: dev0 Press 'h' for help... Sniffing (IP based): ANY:0 <--> ANY:0 TCP + UDP packets... (default) Collecting passwords... 15:18:13 172.18.2.10:1600 <--> 172.18.3.100:139 netbios-ssn USER: blah PASS: LC 2.5 FORMAT: "blah":x:blah:blah 15:19:44 172.18.2.10:1605 <--> 172.18.1.10:110 pop3 USER: blah PASS: passwhat am i doing wrong? what would the proper command line start up be? Im not even sure I need to apr spoof since it I havent seen anywhere specifically that its needed for vnc... ive read the man and it has an example...
"ettercap -NCza -D 100 192.168.0.1 192.168.0.2 55:23:A5:B4:C7:89 00:A3:56:FE:4F:6D Collect password to stdout on a switched LAN. this will poison the two host 192.168.0.1 and 192.168.0.2 each other. "
But thats not all that helpful, espicaily with out a diagram... are those the ips and macs of the 2 hosts? the dest and man in middle? the src and man in middle?
please help _________________________________________________________________MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- ettercap help Mike Brentlinger (Sep 30)
- Re: ettercap help Rohit Sharma (Oct 04)
- <Possible follow-ups>
- Re: ettercap help Mike Brentlinger (Oct 04)