Electronic Books

Wireless
573
Lab 82: Password Capture
Capture Passwords Traversing the Network: Dsniff
Prerequisites: Libnet
Countermeasures: Encryption, strong security policy
Description: The Dsniff application is a powerful tool and can be somewhat
confusing to use, especially for beginners. This lab will demonstrate
just how easy it is to use to capture unencrypted passwords sent
across the network.
Procedure: Set the parameters, execute, and review the results.
From the directory containing the Dsniff application type:
dsniff ??“i 1

The ??“i option prepares to identify the interface for Dsniff to use.

The 1 is the interface specified for the ??“i option.
The Dsniff application will begin sniffing the network for unencrypted
passwords and display them on the screen. In this example the username was
mmouse and the password was MinniE. Because the text (pop) is also
displayed, we know that this user just checked his or her e-mail; now so can
anyone else who uses this information.
*Note: Notice how easy it is to capture passwords with Dsniff. Keep in mind that
this is not the only use for Dsniff and you will only be able to see traffic that
your port on the switch allows. If you want to view all traffic on the switch,
you will need to be plugged into the ???see all??? port of the switch or perform
switch sniffing.
574
Practical Hacking Techniques and Countermeasures
Lab 83: Data Manipulation
Manipulate the Live Data Stream: Achilles
Prerequisites: WebGoat, configure Web browser
Countermeasures: Encrypt information within the URL, dynamic session
IDs
Description: Achilles is a tool designed for testing the security of Web
applications.


Pages:
174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198