Howto: Sniff Gmail and Windows Passwords with ettercap on Ubuntu Linux
What You Will Need
*A Ubuntu machine to perform the ettercap hackery
*A Windows machine to act as a file server (your virtual Windows XP machine will work)
*Another Windows machine to be a client (your host Windows XP machine will work)
Start Your Ubuntu Virtual Machine
1. Start your Ubuntu machine and log in as usual.
Installing ettercap
2. From the menu bar in the upper left corner of the Ubuntu desktop, click Applications, Add/Remove.
3. In the Add/Remove Applications box, in the Search field, enter ettercap and press the Enter key.
4. When the ettercap application appears, as shown below on this page, check the check box in the Application pane. In the “Apply the following changes?” box, click Apply. Enter your password when you are prompted to. Wait while software downloads and installs.
5. When you see a Changes applied box saying that the changes were successful, click Close.
Starting ettercap
6. From the Ubuntu menu bar, click Applications, Accessories, Terminal.
7. In the terminal window, enter this command, then press the Enter key:
ettercap --help
8. In the terminal window, enter this command, then press the Enter key:
sudo ettercap –i eth1 –Tq -d
Enter your password when you are prompted to. This command starts ettercap in text mode, with DNS resolution of IP addresses. There are several lines of introductory information, as shown to the right on this page, followed by the message “Text only Interface activated…”. This window is now sniffing all network traffic to find passwords.
Logging in to mail.google.com with Firefox from Ubuntu
9. Leave the Terminal window open.
10. From the menu bar in the upper left corner of the Ubuntu desktop, click Applications, Internet, Firefox Web Browser.
11. Type in the address mail.google.com and press the Enter key. Enter your name into the Username field. Put in a password of FromUbuntu and press the Enter key.
12. When a box pops up asking whether you want Firefox to remember this password, click “Not now”. After a few seconds, you will see a message saying Username/Password Failure.
13. Close or minimize the Firefox window. The ettercap window should now show the name and password you typed in.
Logging in to mail.google.com with Firefox from Windows
14. Leave the Terminal window open.
15. Go to a Windows machine. You could use your host system, or any computer in the room.
16. On the Windows machine, open a Web browser and go to mail.google.com
17. Enter your name into the Username field. Put in a password of FromWindows and press the Enter key.
18. When a box pops up asking whether you want the browser to remember this password, click “Not now”. After a few seconds, you will see a message saying Username/Password Failure.
19. Look at your Ubuntu machine now. The ettercap window should now show both names and passwords.
Setting up a File Share on a Windows Machine
1. Start a Windows XP virtual machine. You can use the same host machine you are running Ubuntu on, or any other host computer on the LAN. Log in as usual.
2. Click Start, My Computer. In the My Computer window, click Tools, Folder Options. In the Folder Options box, click the View tab. Scroll to the bottom of the list and make sure the Use simple file sharing (recommended) box is checked, as shown to the right on this page. Click the OK button.
3. Right-click the desktop and select New, Folder. Name the new folder YourNameShare. Don’t use the literal text “YourName”—instead use your own name.
4. Right-click the YourNameShare folder and click Sharing and Security.
5. If you see a window with text saying “If you understand the security risks, but want to share files without running the wizard, click here.” If you don’t see that box, that’s OK, just proceed to the next step.
6. In the YourNameShare Properties box, click the Share this folder button, as shown to the right on this page. Accept the default selections for the other options and click the OK button. This machine is now a File Server.
7. On your File Server Windows machine, click Start, Run, enter CMD, and press the Enter key. Find the IP address of your Windows machine and write it down.
Connecting to the File Share From a Different Windows Machine
8. Go to a different Windows machine, such as the host Windows XP system. Click Start, Run. In the Run box, enter two backslashes and the IP address you wrote in the box above, as shown to the right on this page. Use the IP address of your own Windows XP file server. Press the Enter key.
9. If a Connect to box appears, requesting a User name and Password, just click Cancel.
10. Look at your Ubuntu machine now. The ettercap window should one or more password hashes, as shown below on this page. It’s possible to crack these hashes, but it can be difficult. You need to use a tool like John the Ripper.
11. If you don’t see any hashes, try opening any local network share from any computer. The simplest way to do it is to go to any host Windows XP machine, click Start, Run and enter \\192.168.1.3