Ok, based on http://ettercap.sourceforge.net/ ettercap supposedly captures vnc passwords, ie Password collector for : TELNET, FTP, POP, ... VNC, ... I have the following setup but cannot for the life of me get it to work.. ip : 10.0.0.1 (vnc client) mac: aa:aa:aa:aa:aa:aa ---------------| | ip : 10.0.0.2 (ettercap) | mac: bb:bb:bb:bb:bb:bb ------------- tried both hub & switch | ip : 10.0.0.3 (vnc server) | mac: cc:cc:cc:cc:cc:cc ---------------| I can get it to sniff telnet, ftp, pop, smb, but no vnc. I have the following default entry in my etter.conf file under the dissectors section. VNC=ON # tcp 5900-5905 and based on the etter.conf file it doesnt appear as though this password sniff requires any arp spoofing of any type. when i run it on my windows, trinux, or redhat machine i get similar results such as below, C:\Program Files\ettercap>ettercap.exe -NCzds ettercap 0.6.7 (c) 2002 ALoR & NaGA List of available devices : --> [dev0] - [3Com EtherLink PCI] --> [dev2] - [3Com 3C90x Ethernet Adapter] Please select one of the above, which one ? [0]: 0 Your IP: 172.18.2.10 with MAC: 00:B0:D0:7B:DD:15 on Iface: dev0 Press 'h' for help... Sniffing (IP based): ANY:0 <--> ANY:0 TCP + UDP packets... (default) Collecting passwords... 15:18:13 172.18.2.10:1600 <--> 172.18.3.100:139 netbios-ssn USER: blah PASS: LC 2.5 FORMAT: "blah":x:blah:blah 15:19:44 172.18.2.10:1605 <--> 172.18.1.10:110 pop3 USER: blah PASS: pass what am i doing wrong? what would the proper command line start up be? Im not even sure I need to apr spoof since it I havent seen anywhere specifically that its needed for vnc... ive read the man and it has an example... "ettercap -NCza -D 100 192.168.0.1 192.168.0.2 55:23:A5:B4:C7:89 00:A3:56:FE:4F:6D Collect password to stdout on a switched LAN. this will poison the two host 192.168.0.1 and 192.168.0.2 each other. " But thats not all that helpful, espicaily with out a diagram... are those the ips and macs of the 2 hosts? the dest and man in middle? the src and man in middle? please help _________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Sep 30 2002 - 20:35:54 PDT