1 / 37

dsniff

dsniff. Outline. Objective dsniff toolbox How to use them to find out secret. Objective. Collect the secret information from network. Description. Is a sniffer like tcpdump, comm view but dsniff focus on ID,PW Dsniff is a collection of tools for network. Sniffer toolbox. Spoofing tools

Download Presentation

dsniff

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. dsniff

  2. Outline • Objective • dsniff toolbox • How to use them to find out secret

  3. Objective • Collect the secret information from network

  4. Description • Is a sniffer like tcpdump, comm view but dsniff focus on ID,PW • Dsniff is a collection of tools for network

  5. Sniffer toolbox • Spoofing tools • Arpspoof • Dnsspoof • Macof • TCP tools • Tcpkill • Tcpnice • Sniffer tools • Dsniff • Filesnarf • Msgsnarf • Sshmitm • Urlsnarf • Webmitm • Webspy

  6. Install dsniff • Require • OS: Gentoo Linux x86 • #emerge dsniff • http://www.monkey.org/~dugsong/dsniff/

  7. Arpspoof • ARP (Address Resolution Protocol) • IP=>Ethernet MAC Address …  --Reply-- I’m 10.0.0.1 My MAC address is….. --Broadcast-- Hey everyone which Ethernet Card has IP 10.0.0.1 … 

  8. Network Environment Note: IP forward must be enable

  9. Arpspoof- action ! • Mike before attack • Action ! • Bingo ! After attack Original

  10. Dnsspoof • DNS runs on UDP protocol • Send out a forge query and response

  11. Network Environment

  12. Dnsspoof Oh…. Ya…. INSA was dead… • Create DNS query file • Dnsspoof go! Wow… Our heaven INSA

  13. Dsniff • Password sniffer • FTP, telnet, SMTP, POP, HTTP

  14. Network Environment

  15. Dsniff-catch Mike’s password • Setup the “mousetrap” • Enjoy password

  16. Macof • Cause switch act like a hub MAC Port 00:0C:6E:0B:A9:36 1 00:40:F4:8B:AC:15 3 00:0E:A6:42:AC:D1 6 1 K 4 K

  17. Network Environment

  18. Macof- confuse switch

  19. Msgsnarf • Instant message sniffer • MSN, Yahoo messenger, ICQ, IRC • Search specify pattern

  20. Network Environment

  21. Msgsnarf-get the secret talk

  22. Sshmitm • SSH monkey-in-the-middle • Relay session • Capturing SSH password logins • Hijacking interactive sessions. • Only SSH protocol version 1

  23. Network Environment

  24. Sshmitm show time Roy Attack1 Mike

  25. Tcpkill • Kill a TCP connection by spoofing a RST packet

  26. Network Environment

  27. Tcpkill- Jei kill Roy 躲在牆後面- (偷笑中…) 怎麼了? 怎麼了?嗚嗚… 暗自竊喜… 看我的... 哇哈哈哈.. 為民除害 Mike: 接好!! 最高機密!! Jei: 又排擠我! 搞破壞!! Roy: 小心隔牆有耳!! Attacker ftp.ccu.edu.tw Victim1 Attacker

  28. Tcpnice • Slow down the connection speed • Change the window size 1 Win 160 Win 8 20

  29. Network Environment

  30. Tcpnice • Tcpnice enable • After a moment… Slower… 1 MB->464kB Normal speed No any tcpnice

  31. Urlsnarf • Grab any URLs from HTTP traffic

  32. Network Environment

  33. Urlsnarf

  34. Webspy • Sniff the victim’s web traffic and connect to

  35. Network Environment

  36. Webspy- interact with you • Need netscape

  37. 特別鳴謝 ---友情客串--- Mike 莊明霓飾 Jei 廖威捷飾 ---場地--- insafs.comm.ccu.edu.tw bbs.ccu.edu.tw insa test-bed 140.123.113.77 ---道具--- INSA Lab. ---特別贊助--- Microsoft IBM Netscreen . . (太多了 由衷感謝) ---執行製作--- Roy ---導演--- Roy =THE END=

More Related