[Attention to All: This Article Just for Knowledge Don't Try it for Others People]
How to hacking via the LAN (to steal a longer pass people browsing).
First of all sorry if repost because this technique is not a fresh technique in the world of hacking but this technique has not been spoiled because until now still be used because most networks use a network of hubs and switches that are not encrypted.
Why not encrypted?
* Network Admins were mainly IT specialists in making the program, not in Network Security
* If the encrypted need bandwidth will increase and certainly that has been slow inet will increasingly slow and eventually an error page.
* The price is not cheap to obtain the encrypted
The difference between a network Hub and Switch:
* At the network hub of all data flowing on the network can be viewed / picked up by any computer on the network computer must be requesting such data, if not requested it will not come.
* The only computer network switches which exchange of data that can see the data, other computers not entitled to requesting the data.
The problem is the price of routers hubs and switches do not differ much so that most places are now using a switch that makes it difficult for network hacking.
Hacking is using technique:
* Sniffing
* ARP Poison Routing
The two techniques above will not be prevented by any firewall on the victim's computer, guaranteed.
Important Note: ARP Poison Routing can cause denial of service (dos) on one / all the computers on your network
Pros:
* It will not be detected by the firewall types and any series because of the weakness lies in not on the computer network system.
* You can steal all kinds of login passwords through the HTTP server.
* You can steal all those login passwords on the network hub for the program is activated.
* For the ARP Poisoning can be used to steal passwords in HTTPS.
* All free programs
Disadvantages:
* To network switch must be in the ARP poisoning one by one and your bandwidth will be consumed a lot for it (if inet super fast do not matter)
* Caught / not by the network administrator outside of my responsibilities
Start here assume that the network in this story there are 3 computers, namely:
- Computer Victims
- Computer Hacker
- Servers
The differences between the network switches and network hubs:
First Steps:
1. Check your network type, you have the network switch / hub. If you are in the network hub thankful because the process of hacking you will be much easier.
2. Download the required programs of Wireshark and Cain & Abel.
Code:
http://www.wireshark.org/download.html
http://www.oxid.it/cain.html
* How to Use Wireshark:
- Run the program wireshark
- Press the Ctrl + k (capture and then click option)
- Make sure the content on your Card Ethernet interfaces are bound to the network, if not replace and make sure that "Capture packets in promiscuous mode" on
- Click the start button
- Click the stop button after you feel confident that no password is entered as long as you press the start button
- You can see all types of incoming and outgoing packets on the network (or on your computer only if your network uses Swtich
- To analyze data right click on the data you want in the analysis and click "Follow TCP Stream" and congratulations to analyze the package (I will not explain how because I can not)
- What is clear from the data contained therein must the information entered the victim to the website and vice versa
Way above applies only if your network is not a switch hub
From the above you can find out that your network is a hub / switch by looking at the column IP Source and Destination IP.
If at each line one of them is your ip it is certain that your network is a network switch, if not ya mean the opposite.
* How to Use Cain & Abel:
1.
- The use of this program is much easier and simpler than using wireshark, but if you want all packets that have been in and out is recommended that you use wireshark program
- Open the program you Cain
- Click on the Configure
- In the "Sniffer" select ethernet card that you will use
- In the "HTTP Fields" you should add your username and password fields his fields if you want is not listed.
As an example I'll let you know that if you want to hack Friendster password you have to add in the username fields and fields passworsd word name, for others you can find it by pressing the right click view source and you should seek the input variables from the website login and password.
Already in default taste already quite complete, you can steal the pass that is in klubmentari without adding anything.
- After that apply and click ok to the setting.
- On the main menu, there are 8 tabs, and which will be discussed only 1 tab is the tab "Sniffer" because it is select that tab and do not change from that tab to prevent your own confusion
- Activate the Sniffer sniffer by clicking the button at the top tab it, find the button that his writings "Start / Stop Sniffer"
- If you're at a network hub at this time you already know the password can enter by clicking the tab (this time the tab at the bottom instead of in the middle, the middle is no need to click-click again) "Passwords"
- You can just choose a password from which the connection you want to see will already listed there
- If you were there at the network switch, it requires more struggle, you must activate the APR which is on the right tombolonya Sniffer (And is not guaranteed to succeed because the manage of the switch is much more comprehensive and secure from the hub)
- Before activated at the bottom of the sniffer tab select APR
- It will be seen 2 pieces that are still empty list, click an empty part of the list then click the "+" (shaped like it) in the ranks of the sniffer APR etc.
- There will be 2 pieces of field containing all the available hosts on your network
- Connect the victims ip address ip address and gateway servers (to know the address of the gateway server click start on the comp you select the run type cmd then type ipconfig at a command prompt)
- After that activate the APR, and all the data from the comp victim to a server you can see in the same way.
You can run both programs on simultaneously (for APR Cain and wireshark for packet sniffing) if you want maximum results.
Passwords can be stolen is the password in HTTP server (the server is not encrypted), if such data exist on the server that is encrypted then you have to decrypt the data before obtaining the password (and it will require a much longer steps of the way this hack )
For terms that do not understand can be found on wikipedia.
I hope you will know about this article and dont use it for bad activities.
----------------------------------------------------------------------------------------------------------------
Article was written and circulated by Guntur Suhada on BeZhare to your knowledge, please do not take and pass on any sites without the knowledge of this site. Or if necessary, you can pass it on any site to include the name of the author of this article. We appreciate the authenticity of writings that we make here. Thank you for your attention.
----------------------------------------------------------------------------------------------------------------
0 comments:
Post a Comment