Yikes. I haven’t played with this yet. But I’m telling you, the name a
password paradigm we know is just plain dead.
I would really appreciate feedback about this article. Please register to the
forum and comment on it! Thanks and use with caution.
The following is an
instructional tutorial. I hope to show how easy it is to sniff people’s
passwords in plain-text form on virtually any wired network. Common applications
for this would be on a university, school or otherwise large network. This has
only been tested on a Windows machine, but can be used to sniff passwords from
any operating system.Step 1: Download, install and run Cain & Abel
at http://www.oxid.it/cain.html
Step 2:
Click “Configure” in the top bar.
Step 3: In the “Sniffer” tab, click the
adapter which is connected to the network to be sniffed, then click “Apply”,
then “OK”.
Step 4: Click the “Sniffer” tab in the main window.
Step 5:
Click the network card in the top bar (2nd icon from the left).
Step 6: Click
the “+” button in the top bar.
Step 7: Select “All hosts in my subnet”,
click “OK”. Entries should appear in the main window under the “IP address”,
“MAC address” and “OUI fingerprint” headings.
Step 8: From the “Sniffer”
tab, click “APR” in the bottom tab.
Step 9: Click the top right pane in the
main window. Click the “+” button in the top bar.
Step 10: Click on the
router in the left pane. The router is generally the entry which has the lowest
final IP value (xxx.xxx.xxx.*). Highlight the IP addresses to sniff in the right
pane. Click “OK”.
Step 11: Click the ARP icon in the top bar (3rd icon from
the left). Wait until other users have logged into websites on other computers.
Depending on the size of the network and the traffic which this network
receives, this can range from minutes to hours.
Step 12: After some time has
passed, click “Passwords” in the bottom tab.
Step 13: In the left pane,
select the bolded entries. The right pane should show the time, server,
username, password (in plaintext) and site accessed.
Please use this
tutorial with caution as most private institutions, as well as countries, have
strict rules and laws against network sniffing and could lead to expulsion from
an institution, as well as critical litigation! This tutorial is for educational
purposes only and should only be used to demonstrate the security weaknesses of
common networking infrastructures.[/b]