All you need to acheive this is Cain and Abel, it should be simple to demonstrate from there.
I would setup a Windows 2003 server with IIS and switch on Authentication.
Then have a Windows XP host that you will use to connect to the IIS (with username/password)
Then have a Windows XP machine with Cain and Abel installed. Setup the Arp Poisoning within Cain and get someone to access the Webserver. Cain will capture the authentication attempt and will do the password crack (if NTLM) or its much simpler if its just clear text.