I am going
to tell you how password is being sniffed in a windows network. When you
are in a wifi connection or in a LAN network. If you login to a website
which does not support ssl then your username and password can be
sniffed.
As when you
enter username and password on your login page. It being send to router
in clear text as no SSL( Secure Socket Layer) Secure Socket Layer is
being used. So it can be sniffed by software like Cain & Abel.
First turn
OFF your window firewall -> Control Panel –> Security Center –>
Manage Settings for —> Windows Firewall (Turn It Off)
1. Download, install and run Cain & Abel at http://www.oxid.it/cain.html
2. Click “Configure” in the top bar.
3. In the “Sniffer” tab, click the adapter which is connected to the network to be sniffed, then Click “Apply”, then “OK”.
4. Click the “Sniffer” tab in the main window.
5. Click the network card in the top bar (2nd icon from the left).
6. Click the “+” button in the top bar.
Select “All
hosts in my subnet”, click “OK”. Entries should appear in the main
window under the “IP address”, “MAC address” and “OUI fingerprint”
headings.
7. From the “Sniffer” tab, click “APR” in the bottom tab.
8. Click the top right pane in the main window. Click the “+” button in the top bar.
9. Click on
the router in the left pane. The router is generally the entry which has
the lowest final IP value (xxx.xxx.xxx.*). Highlight the IP addresses
to sniff in the right pane. Click “OK”.
10. Click
the ARP icon in the top bar (3rd icon from the left). Wait until other
users have logged into websites on other computers. Depending on the
size of the network and the traffic which this network receives, this
can range from minutes to hours.
After some time has passed, click “Passwords” in the bottom tab.
11. In the
left pane, select the bolded entries. The right pane should show the
time, server, username, password (in plaintext) and site accessed.
0 comments:
Post a Comment