digg

Facebook Connect Join Digg About

How to hack network passwords in 13 steps

antiriddle.com This instructional tutorial shows how easy it is to sniff people's passwords in plain-text form on a wired network. Common applications for this would be on a university, school or otherwise large network. This tutorial is for educational purposes only and should only be used to demonstrate the security weaknesses of common networking systems.

Who dugg this? Made popular Jan 2, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

118 Comments

show profanity settings
expand all
  • putnam, on 10/12/2007, -9/+62This tutorial is essentially useless, and the description is very inaccurate in calling the target "common networking systems." The target is antiquated non-switched networks (though if he had put forth slightly more effort, he could have discussed wireless sniffing). Every network in any professional environment/school/apartment building is switched. Every consumer router I've ever seen in the last 5 years is switched.

    To get at switched data, you'll have to do some ARP poisoning/spoofing ( http://en.wikipedia.org/wiki/ARP_spoofing ). Basically you set up a man-in-the-middle attack where traffic flows to your machine before arriving at / leaving the victim.

    SSL data can be accessed similarly to switched data with a MITM attack where you're faking the cert.

    Also, what the hell is a "network password"? And how is this "hacking"? And why do people insist onillustrating somewhat technical processes in as few "steps" as possible? And why do people keep using phpBB with the default skin?

    SO MANY QUESTIONS!
  • nipuL, on 10/12/2007, -3/+33How to be a hacker in 3 steps:

    1. Download superneetoelitoburito hacker tool.
    2. Run tool, click HACK.
    3. Profit.
  • ronin2040, on 10/12/2007, -1/+22which is why this article is a bit worthless without understanding exactly what all of these steps do. Doubtless, quite a few noobs on digg will try this at school, clog the networks when the traffic is routed through their computer, get caught, and suspended, all without knowing WTF they were doing.

    oh well, darwinism--what can you do
  • inactive, on 10/12/2007, -1/+15You really made me want a burrito...
  • zanderscoffee, on 10/12/2007, -0/+14Not to defend the script kiddies, but you can't keep stuff off digg. If it gets dugg, it's worthy. If someone gets the choice of what goes on and what doesn't, it just wouldn't be digg.
  • lexicondominus, on 10/12/2007, -2/+15Of course, this doesn't work on switched networks without poisoning ARP etc.
  • trghpy, on 10/12/2007, -2/+13oh boy, digg just spawned off a couple hounded more "hackers" today.
  • time4fun, on 10/12/2007, -0/+10Did someone say Nessus, Metasploit, Backtrack Live Linux CD/Auditor, Ethereal/Wireshark, Nmap, Ettercap, Void11, Snort, Netcat, Ophcrack LiveCD, Brutus, AirCrack, ColdLife, And so on.
  • dark_helmet, on 10/12/2007, -0/+10Which the program supports, its just not explained in the 13 steps.
  • hakrzcode, on 10/12/2007, -0/+10Avast! You found the mighty tool, Cain.

    It is flagged, to warn network administrators, that one of their flock is downloading this tool, and will probably use it on the network.
  • osbjmg, on 10/12/2007, -0/+9Again, ARP spoofing is what Cain and Abel does guys, why does everyone thin this will only work with a hub? If you were on a hub, you wouldn't need an ARP spoofing program.

    The part they don't get into is the actual password cracking.
  • osbjmg, on 10/12/2007, -5/+13It's actually step 1, that's what Cain and Abel does. The poster calls it APR, but I think he meant ARP.
  • inactive, on 10/12/2007, -1/+9To the people saying this only works on non-secure networks, you obviously have no idea what's going on. This is ARP poisoning and works by spoofing your MAC address to the router, essentially redirecting other people's requests to remote servers to your computer. Secure or unsecure, switched or unswitched, this technique works and is extremely simple. This was tested on multiple consumer routers, including a new (1 year old) D-Link router. Also, just plug a laptop into a computer network and you're on. There needs to be some sort of protection against this type of sniffing.
  • seventoes, on 10/12/2007, -0/+7The APR he mentions refers to Cain's "Arp Poison Routing" feature.

    http://www.oxid.it/cain.html
  • acidzebra, on 10/12/2007, -1/+8"This works in switched networks, it's a APR-Attack"
    "But I think this kind of software shouldn't be advertised here."

    Wait, so on the one hand you are smart enough to know about the how and why of poisoning attacks but on the other hand you are stupid enough to believe that by not talking about it the problem goes away? How does that work?

    Security through obscurity does not exist. The information and tools will always be out there and they will be linked to, mailed, downloaded, used. This has been true since the first BBS systems went up. Pretending they don't exist is terminally stupid.
  • qster, on 10/12/2007, -1/+8Also accomplished by collecting underpants
  • PueSi, on 10/12/2007, -1/+8Some antivirus software flag Cain incorrectly as a trojan.
  • lexicondominus, on 10/12/2007, -2/+8He ment the program i guess :o
  • chedabob, on 10/12/2007, -0/+6Cain is standalone. Only problem is a lot of anti-virus programs recognise it as a trojan, so it gets blocked.
  • hakrzcode, on 10/12/2007, -2/+8akapsycho: I think that you misunderstand, and greatly misjudge the digg crowd. This is not slashdot, and a place for tech-minded people. This is a "Wow, that looks coo!!", kindof place. Raising awareness of a tool like cain and abel, is like giving a box of matches to a bunch of 5 years olds, with instructions on how to use. His point is that we have a big enough problem with script kiddies, without throwing seeds for a much larger cabbage patch.
  • inactive, on 10/12/2007, -19/+24He meant any program.
  • inactive, on 10/12/2007, -0/+5Koder I think you're misunderstanding the point. Most "responsible tech-minded people" understand these processes and that they exist. By raising awareness you can make people aware of the potential for becoming victims on almost any network and hopefully a solution to this problem will be found.
  • AcidPhysx, on 10/12/2007, -1/+6And putnam's on the rage. I feel ya man. You could do this this with Ethereal and a filter if you happen across a ridiculously old network setup. Or an "IT director" who asks you why in the hell the company would need switches when someone mentions they see everyone's traffic...

    Oh well. Let them eat bytes. Let them find malware in the Cain software and then find out they can't sniff anything on their network, other than their own NIC's *****.
  • mattmac24, on 10/12/2007, -6/+10um....no

    care to explain your logic on that?

    this wont work on switched networks or on secured/encrypted sites(https)

    this program sniffs the packets your computer sends to the remote computer(one hosting the web site). macs and linux and windows comps all talk the same language to these servers.
  • MasterChi, on 10/12/2007, -2/+6PHLAK has more tools and is more well rounded for all types of networks you can come across.

    http://www.phlak.org/modules/news/
  • Cubedude04, on 10/12/2007, -1/+5This is as stupid as my friend who installed a Trojan on the schools network on purpose and got his ass handed to him by a teacher who threatened to tell the police.
  • FreeFlow, on 10/12/2007, -9/+13Keep this kind of crap off this site please...
    There are already too many hacker wannabees and script kiddies out there.
  • gommle, on 10/12/2007, -1/+5I actually googled that.
  • inactive, on 10/12/2007, -0/+3I completely agree with KoderOne and I've got to say, I'm just as much of a script kiddie as most of the people that will use this tutorial. There should be some way to protect against this.
  • time4fun, on 10/12/2007, -4/+7If you like Cain try BACKTRACK

    http://www.remote-exploit.org/index.php/BackTrack
  • osbjmg, on 10/12/2007, -0/+3You are right, assuming the switch has no port security limiting or specifying your mac address, no dot1x authentication, no dhcp snooping/dynamic ARP inspection, and no IP source guard.
  • mewhocorrupts, on 10/12/2007, -0/+3@FreeFlow

    Would you give a child access to Google? They must be the kaiser of information. Anything you want to find out about everything is available, and in a few minutes time, you can be on your way. So someone dropped it on Digg; who cares? It's nothing that an interested person couldn't have found on their own, if given the inclination.
  • KoderOne, on 10/12/2007, -2/+5So I am getting digged down because I know that the steps in that article actually WORK when the retards claiming this wouldn't work at all or just in unswitched networks are getting digged up? WTF? Where are the techies?

    @acidzebra: I agree with you for the most part. You misunderstood me. I'm not saying you should never talk about these tools. There is a time and place for everything. But not in the way that someone posts a stupid tutorial like this on a popular site like digg. BECAUSE it works. If it wouldn't work I wouldn't care at all. This would've better been discussed somewhere where you can be certain there are more responsible-minded tech-people around. Yes, I would want to keep this kind of half-assed information away from certain people. And I don't think that is wrong. If kiddies wanna hack, they should start learning the basics, like using the friggin console for example or ssh'ing into their own machine. Or learning why you shouldn't mess around with other people's data. Not by klicking the "Hack"-Button.
  • yabos, on 10/12/2007, -0/+3See what it says for VNC. It probably says it's a trojan too. Obviously it's not but it can be used to spy on people.
  • Wyzard, on 10/12/2007, -0/+3From a later comment in that thread:
    "By poisoning ARP tables, Cain & Abel can decrypt some - not all - passwords. I have decrypted "secure" passwords, but not been able to decrypt Amazon or Gmail passwords."

    ...ARP poisoning has nothing to do with decrypting anything.
  • yabos, on 10/12/2007, -0/+3@osbjmg
    Because no one even reads the page for the linked program and just think's they're cool because they know about arp poisoning being required for switched networks.
  • lexicondominus, on 10/12/2007, -0/+3Well, i don't see any problem with script-kiddies using this tool.
    First of all, if you don't spoof your MAC address, you ass will be handed to you by an admin who knows his work.
    Second; even if you spoof your MAC, if switch port security feature is enabled; that MAC will not be accepted.

    Conclusion;
    clever admin > one-click-supposedly-hacking-programs.
  • KoderOne, on 10/12/2007, -0/+2"It shows immaturity and the lack of a real activity."

    Not entirely true. I use Cain&Abel very often, just like socat or wireshark. This kind of Software is not all-out *EVIL*. When I test a network for security-leaks I can either type in hundreds of lines into the console or I can klick a few buttons in Cain. Spares me a lot of time. And it really works fine. It's just "too available", too dangerous in the wrong hands and too easy to use. But now I'm getting people even more interested so I'll better shut up about it. No matter what, using Windows as the platform from which you start attacking hosts is plain stupid and C&A is running on windows :-)
  • hadimirza, on 03/26/2008, -0/+2This actually works.
    Thanks
  • Mirag3, on 10/12/2007, -0/+2@AcidPhysx
    I'm with you man, Ethereal all the way.
  • exzaltid, on 10/12/2007, -0/+2Yeah no kidding, all those dang lazy hackers lol
  • pigg123, on 10/12/2007, -0/+2woohoo, i can go to defcon now that i've read this article and be ubber leet
  • socokoolaid, on 10/12/2007, -0/+2cain and able does one click wonder arp poisoning. lame true, but need for a tut, prolly not
  • RuffRidr, on 10/12/2007, -0/+2The network where I work implements Cisco's Port Security allowing only 2 MAC addresses to show up on that switch port. Any additional ones detected causes the port to be shut down and an email to our network administrators. Doing the above mentioned would be a good way to get an escort out the door.

    Good luck!
  • mickoes, on 10/12/2007, -0/+2It is a good thing you know, unsecure things should be secured.
  • elitexero, on 10/12/2007, -0/+2Sniffing isn't hacking.
  • ascott9, on 10/12/2007, -0/+1I can agree with this. I'm a student at a large university and almost every faculty members password can be found on a sticky note somewhere. Someone needs to fix that but when they require you to change your password every few months it can get difficult for some people.
  • toogs, on 10/12/2007, -0/+1Heh ditto! Nice vid! Shows how audits are done so you can be prepared in case you get one!
  • drbroccoli, on 10/12/2007, -0/+1h4x0rz!!!!11
  • mewhocorrupts, on 10/12/2007, -0/+1I like how you say that as if your first word was an IP address.
  • Fetching more discussions...
    Show 51 - 100 of 117 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.