Saturday, September 16, 2006

Hack that Officemate's Yahoo Password and Listen to YM Conversations

Let's admit it, living on that cubicle of yours could be a really boring sometimes, especially if you've got nothing to do. So today i thought of something productive (evil grin) I'll just listen to "my friend's" network activity. So I downloaded and installed Cain.

Well, Cain was primarily used as password recovery tool for windows, "by sniffing the network" (again evil grin). So there you get it, we'll sniff network traffics from his IP to other IPs in the network.

1. After installing and firing up Ca
in, click configure in the menu at the Sniffer Tab, select your network card (the one with your local IP address e.g. 192.168.x.x) see Fig. 1.

2. At the APR Tab select "Use Spoofed IP and MAC Address", make sure no one is using the the IP that you'll assign. Check on "Pre-Poison ARP caches". Select "Use ARP Reply Packets". See Fig 2.

3. Click OK to close the conf
iguration dialog. Go to "Sniffer Tab" you'll be presented with blank entries, we'll fill this up. Activate the "sniffer" then click on "add to list" you'll be presented with the mac address scanner dialog. Choose "select all tests" then OK. Hopefully the list will be filled up with the list of computers in the network. (Fig 3)

4. Under the Sniffer Tab, there are 5 Tabs at the bottom left of the screen Go to APR tab, Click on "add to list". On the left Side Select "your fr
iend's IP address" and on the right side select "all". Click OK. The purpose of this is to hijack IP traffic between your friend's IP address and all the Workstation in the network using APR (ARP Poison Routing).

5. Now well start the APR and we'll wait for about an hour on the passwords tab (still under the sniffer tab). You'll be surprised at how much information you sniffed in a day. At the passwords Tree:

SMB is where windows authentication takes place, copy the LM Hash and crack it using rainbow tables or you can go to and submit the LM Hash in this format:


where 819...c2e is the LM Hash that you've got. They can quickly crack the password for you in less than an hour.

Telnet is where all the IM conversati
ons go. well if you're lucky and your friend is running messenger you'll get some of the conversations while other parts of the message is encrypted.

HTTP is where all well, http authentication go, Username/Password/the URL etc.

6. Well, that's it for now, and just use caution in using this tool.


At Sat Sep 16, 12:28:00 PM GMT+8, Anonymous jp said...

nice one, i'll use this when i'm bored


Post a Comment

<< Home