TGS Forum
Hello Guest,

You are currently viewing our boards as a guest, which gives you limited access to view most discussions and access our other features.

By joining this community for FREE, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, & many other special features.

Registration is fast, simple & absolutely free, so please, join our community today!


 
PortalHomeFAQRegisterLog in

Share | 
 

 Session Hijacking on a Switched LAN

Go down 
AuthorMessage
ethi-hackah
Newbie
Newbie
avatar

Points : 39
Posts : 13
Join date : 2011-09-21
Age : 26

PostSubject: Session Hijacking on a Switched LAN   Wed Sep 28, 2011 1:33 pm

Note: This only works on people who are connected on the same (V)LAN as you, i.e. your campus network! This allows you to 'Frape' or 'Facebook Rape' people in your university accommodation for example, without having to be anywhere near their computer! Yet again: This will only work for people on the same network as you, not someone else across the internet.


What is ARP (Address Resolution Protocol)?

Address Resolution Protocol (ARP) is a protocol that associates MAC addresses (like the hardware serial number of your network card) to IP addresses. In simple terms, ARP works by broadcasting something along the lines of 'Who is X.X.X.X, tell Y.Y.Y.Y', where X.X.X.X is the IP address of the computer being queried, and Y.Y.Y.Y is the IP address of the computer making the query. The computer Y.Y.Y.Y will respond directly (i.e. not broadcast, but instead unicast), saying X.X.X.X is hh:hh:hh:hh:hh:hh (the MAC address of the machine with the IP address X.X.X.X).

Software Required

This is the software stack I will be explaining how to use:
Mozilla Firefox
Firesheep Firefox Plugin
Cain and abel
wincap

Discovering your Network Gateway IP

From the command prompt, run the following command, and note down the IP address 'Default Gateway':

Code:
ipconfig

Discovering your Target(s)

Discovering your target who's running Windows is made easy due to NetBIOS host names of computers being named NAMEHERE-PC under Windows Vista/7 by default! Simply open up 'Network', and let Windows enumerate all the hosts it can find on the subnet. Note the names of the targets. Now run the following commands to find the target's IP address by querying the target's NetBIOS name table, then listing the local NetBIOS cache (replacing COMPUTERNAME with the target, 2NDCOMPUTERNAME with the second target, and so on):

Code:
nbtstat -a COMPUTERNAME
nbtstat -a 2NDCOMPUTERNAME
nbtstat -c

[You must be registered and logged in to see this image.]


Method

Open up Cain, and select the Sniffer tab:

[You must be registered and logged in to see this image.]

In the window, right click and select 'Scan MAC Addresses', select 'All hosts in my subnet', and hit OK:

[You must be registered and logged in to see this image.]

You should now be presented with a list of hosts on your network. Now switch to the APR tab along the bottom. Click the + symbol on the toolbar. Now select the host you want to target on the left, and the IP address of the default gateway on the right (you should of noted this down earlier). If you want, you can select multiple targets by repeatedly pressing +, selecting a target and gateway, then confirming:

[You must be registered and logged in to see this image.]

Now click the little radioactive symbol on the toolbar to start the ARP table poisoning attack and the router. You should see a list of routing information appear:

[You must be registered and logged in to see this image.]


Now open Firefox, and click Start Capturing on the Firesheep side pane (you may need to enable it in the view menu). Also you may need to open Firesheep settings to select the correct network adaptor. If the target is on Facebook, you should be able to double click their name, and off you go!:

[You must be registered and logged in to see this image.]
Back to top Go down
 
Session Hijacking on a Switched LAN
Back to top 
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
TGS Forum :: Hacking Section :: Hacking Tutorials-
Jump to:  
Free forum hosting | © phpBB | Free forum support | Contact | Report an abuse | Free forum