On Wed, Jan 31, 2001 at 12:41:47PM +0100, Fabio Pietrosanti wrote:
> Hi,
>
> I'm doing a pen test, and i got access to an NT server on which i would
> like to place a sniffer.
>
> I've tried buttsniff and then Dsniff using WinPcap, but i notice that they
> are on a switched network, so i have two solutions:
>
> 1) Flood the switch of random mac address so his table will'be filled and
> the switch will operate in bride mode
> 2) do arp spoofing so i could intercept all packet destinated to the host
> of which traffic i need to sniff.
>
> On unix there are many tools, but on WinNT 4.0 with WinPcap there are some
> tools for "arp spoofing" ?
>
You can spoof arp table on Windows NT (actualy on any system) using other
machine (eg. with Linux).
Just send to it ethernet frames with spoofed MAC address in SRC field.
Recently I had some presentations about it. I was able to intercept example
telnet session between NT and Linux in switched environment (3Com and HP
switches) using hunt on other Linux machine.
This is classical spoof attack, using man-in-the-middle technique.
Check out hunt documentation for full description.
--
____
Wojtek Dworakowski - wojtekd_at_aba.krakow.pl
ABA - www.aba.krakow.pl
Kryptografia i ochrona informacji: http://www.ipsec.pl
Received on Feb 01 2001
Intro
