TOPIC: demonstrating an attack

demonstrating an attack 10 years 4 months ago #25070

sose
Topic Author
Offline
Honored Member
Posts: 814
Karma: 3
Thank you received: 4

I am a networking instructor in an IT training insttute in Nigeria and want to demonstrate a man in the middle attack for my students aka ARP poisoning.

I downloaded an etercap, some other network sniffers and cain and abel.

1. I want a methodology to the experiment
2. I am goint to be using a window xp platform of three xp boxes connected to a switch

thanks

Please Log in to join the conversation.

sose
Network Engineer
analysethis.co/index.php/forum/index

Re: demonstrating an attack 10 years 4 months ago #25071

Smurf
Offline
Moderator
Posts: 1390
Karma: 1
Thank you received: 0

All you need to acheive this is Cain and Abel, it should be simple to demonstrate from there.

I would setup a Windows 2003 server with IIS and switch on Authentication.

Then have a Windows XP host that you will use to connect to the IIS (with username/password)

Then have a Windows XP machine with Cain and Abel installed. Setup the Arp Poisoning within Cain and get someone to access the Webserver. Cain will capture the authentication attempt and will do the password crack (if NTLM) or its much simpler if its just clear text.

Cheers

Wayne

Please Log in to join the conversation.

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.

Re: demonstrating an attack 10 years 4 months ago #25080

sose Topic Author Offline Honored Member Posts: 814 Karma: 3 Thank you received: 4	ok , its quite simple. but I intend to use an xp OS as the server since it has some server capability thanks Check this box to be notified of replies to this topic. Note: BBcode and smileys are still usable.
	Please Log in to join the conversation. sose Network Engineer analysethis.co/index.php/forum/index

Re: demonstrating an attack 10 years 4 months ago #25082

Smurf Offline Moderator Posts: 1390 Karma: 1 Thank you received: 0	Should be ok also since it will have HTTP Server functionality, principle will still be the same. Cheers Check this box to be notified of replies to this topic. Note: BBcode and smileys are still usable.
	Please Log in to join the conversation. Wayne Murphy Firewall.cx Team Member www.firewall.cx Now working for a Security Company called Sec-1 Ltd in the UK, for any Penetration Testing work visit www.sec-1.com or PM me for details.

Re: demonstrating an attack 10 years 4 months ago #25093

sose Topic Author Offline Honored Member Posts: 814 Karma: 3 Thank you received: 4	thanks smurf you are the man Check this box to be notified of replies to this topic. Note: BBcode and smileys are still usable.
	Please Log in to join the conversation. sose Network Engineer analysethis.co/index.php/forum/index