Here today I come up with the coolest hack that is Man-in-the-Middle attack using the simple tool Cain and Able. We are going to sniff Passwords of remote users on our LAN network. The Requirements and Configuration for this attacks are-
1. Target IP-192.168.1.103
2. Attacker IP-192.168.1.102
3. Router IP-192.168.1.254
4. Cain and Able DOWNLOAD
1. First start Cain and Able
2. Now open configuration dialog box and choose your network adapter card.
3. Now click on + button in menu bar and select "All hosts in my network" radio button and hit OK.
4. Now the ip 192.168.1.103 is my victim's IP address and 192.168.1.254 is my router or gateway's IP address. We have to sniff traffic going from victim to the destination through Router.
5. Now goto ARP tab at bellow, and as said earlier select router's IP at one side and victims IP on other side.
6. Now start the Sniffer and then start ARP poisoning by clicking on the 2nd and 3rd button on the menu bar. Actually what is going on here is we made believe to the victim that our machine is router and to router that we are the legitimate user who send them request. So all the traffic is going from our machine that's why we are able to capture or sniff the non-encrypted passwords on network.
7. Now leave it for some time and if the victim tries to login to any website which uses non-encrypted
methods like FTP and HTTP then we can see that in clear text as shown in picture below.
1. Target IP-192.168.1.103
2. Attacker IP-192.168.1.102
3. Router IP-192.168.1.254
4. Cain and Able DOWNLOAD
1. First start Cain and Able
2. Now open configuration dialog box and choose your network adapter card.
3. Now click on + button in menu bar and select "All hosts in my network" radio button and hit OK.
4. Now the ip 192.168.1.103 is my victim's IP address and 192.168.1.254 is my router or gateway's IP address. We have to sniff traffic going from victim to the destination through Router.
5. Now goto ARP tab at bellow, and as said earlier select router's IP at one side and victims IP on other side.
6. Now start the Sniffer and then start ARP poisoning by clicking on the 2nd and 3rd button on the menu bar. Actually what is going on here is we made believe to the victim that our machine is router and to router that we are the legitimate user who send them request. So all the traffic is going from our machine that's why we are able to capture or sniff the non-encrypted passwords on network.
7. Now leave it for some time and if the victim tries to login to any website which uses non-encrypted
methods like FTP and HTTP then we can see that in clear text as shown in picture below.
0 comments