Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

ettercap help

From: "Mike Brentlinger" <mdbrentlinger () hotmail com>
Date: Mon, 30 Sep 2002 16:37:32 -0400
Ok, based on http://ettercap.sourceforge.net/

ettercap supposedly captures vnc passwords, ie

  Password collector for : TELNET, FTP, POP, ... VNC, ...

I have the following setup but cannot for the life of me get it to work..


ip : 10.0.0.1 (vnc client)
mac: aa:aa:aa:aa:aa:aa  ---------------|
                                      |
ip : 10.0.0.2 (ettercap)               |
mac: bb:bb:bb:bb:bb:bb  ------------- tried both hub & switch
                                      |
ip : 10.0.0.3 (vnc server)             |
mac: cc:cc:cc:cc:cc:cc  ---------------|
I can get it to sniff telnet, ftp, pop, smb, but no vnc. I have the following default entry in my etter.conf file under the dissectors section. 
   VNC=ON               # tcp    5900-5905
and based on the etter.conf file it doesnt appear as though this password sniff requires any arp spoofing of any type.
when i run it on my windows, trinux, or redhat machine i get similar results such as below, 


C:\Program Files\ettercap>ettercap.exe -NCzds
ettercap 0.6.7 (c) 2002 ALoR & NaGA
List of available devices :
 --> [dev0] - [3Com EtherLink PCI]
 --> [dev2] - [3Com 3C90x Ethernet Adapter]
Please select one of the above, which one ? [0]: 0
Your IP: 172.18.2.10 with MAC: 00:B0:D0:7B:DD:15 on Iface: dev0
Press 'h' for help...
Sniffing (IP based): ANY:0 <--> ANY:0
TCP + UDP packets... (default)
Collecting passwords...

15:18:13  172.18.2.10:1600 <--> 172.18.3.100:139         netbios-ssn
USER: blah
PASS:
LC 2.5 FORMAT: "blah":x:blah:blah

15:19:44  172.18.2.10:1605 <--> 172.18.1.10:110                pop3
USER: blah
PASS: pass
what am i doing wrong? what would the proper command line start up be? Im not even sure I need to apr spoof since it I havent seen anywhere specifically that its needed for vnc... ive read the man and it has an example...
"ettercap -NCza -D 100 192.168.0.1 192.168.0.2 55:23:A5:B4:C7:89 00:A3:56:FE:4F:6D Collect password to stdout on a switched LAN. this will poison the two host 192.168.0.1 and 192.168.0.2 each other. "
But thats not all that helpful, espicaily with out a diagram... are those the ips and macs of the 2 hosts? the dest and man in middle? the src and man in middle? 

please help

_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx 


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: