Friday, 14 October 2011

How to sniff plain-text passwords in 13 steps

The following is an instructional tutorial. I hope to show how easy it is to sniff people's passwords in plain-text form on virtually any wired network. Common applications for this would be on a university, school or otherwise large network. This has only been tested on a Windows machine, but can be used to sniff passwords from any operating system.

Step 1: Download, install and run Cain & Abel at http://www.oxid.it/cain.html.
Step 2: Click "Configure" in the top bar.
Step 3: In the "Sniffer" tab, click the adapter which is connected to the network to be sniffed, then click "Apply", then "OK".
Step 4: Click the "Sniffer" tab in the main window.
Step 5: Click the network card in the top bar (2nd icon from the left).
Step 6: Click the "+" button in the top bar.
Step 7: Select "All hosts in my subnet", click "OK". Entries should appear in the main window under the "IP address", "MAC address" and "OUI fingerprint" headings.
Step 8: From the "Sniffer" tab, click "APR" in the bottom tab.
Step 9: Click the top right pane in the main window. Click the "+" button in the top bar.
Step 10: Click on the router in the left pane. The router is generally the entry which has the lowest final IP value (xxx.xxx.xxx.*). Highlight the IP addresses to sniff in the right pane. Click "OK".
Step 11: Click the ARP icon in the top bar (3rd icon from the left). Wait until other users have logged into websites on other computers. Depending on the size of the network and the traffic which this network receives, this can range from minutes to hours.
Step 12: After some time has passed, click "Passwords" in the bottom tab.
Step 13: In the left pane, select the bolded entries. The right pane should show the time, server, username, password (in plaintext) and site accessed.

Please use this tutorial with caution as most private institutions, as well as countries, have strict rules and laws against network sniffing and could lead to expulsion from an institution, as well as critical litigation! This tutorial is for educational purposes only and should only be used to demonstrate the security weaknesses of common networking infrastructures.