Home page logo

pen-test logo Penetration Testing mailing list archives

ettercap help
From: "Mike Brentlinger" <mdbrentlinger () hotmail com>
Date: Mon, 30 Sep 2002 16:37:32 -0400

Ok, based on http://ettercap.sourceforge.net/

ettercap supposedly captures vnc passwords, ie

  Password collector for : TELNET, FTP, POP, ... VNC, ...

I have the following setup but cannot for the life of me get it to work..

ip : (vnc client)
mac: aa:aa:aa:aa:aa:aa  ---------------|
ip : (ettercap)               |
mac: bb:bb:bb:bb:bb:bb  ------------- tried both hub & switch
ip : (vnc server)             |
mac: cc:cc:cc:cc:cc:cc  ---------------|

I can get it to sniff telnet, ftp, pop, smb, but no vnc. I have the following default entry in my etter.conf file under the dissectors section.
   VNC=ON               # tcp    5900-5905
and based on the etter.conf file it doesnt appear as though this password sniff requires any arp spoofing of any type.

when i run it on my windows, trinux, or redhat machine i get similar results such as below,

C:\Program Files\ettercap>ettercap.exe -NCzds
ettercap 0.6.7 (c) 2002 ALoR & NaGA
List of available devices :
 --> [dev0] - [3Com EtherLink PCI]
 --> [dev2] - [3Com 3C90x Ethernet Adapter]
Please select one of the above, which one ? [0]: 0
Your IP: with MAC: 00:B0:D0:7B:DD:15 on Iface: dev0
Press 'h' for help...
Sniffing (IP based): ANY:0 <--> ANY:0
TCP + UDP packets... (default)
Collecting passwords...

15:18:13 <-->         netbios-ssn
USER: blah
LC 2.5 FORMAT: "blah":x:blah:blah

15:19:44 <-->                pop3
USER: blah
PASS: pass

what am i doing wrong? what would the proper command line start up be? Im not even sure I need to apr spoof since it I havent seen anywhere specifically that its needed for vnc... ive read the man and it has an example...

"ettercap -NCza -D 100 55:23:A5:B4:C7:89 00:A3:56:FE:4F:6D Collect password to stdout on a switched LAN. this will poison the two host and each other. "

But thats not all that helpful, espicaily with out a diagram... are those the ips and macs of the 2 hosts? the dest and man in middle? the src and man in middle?

please help

MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx

This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]