Jump to content


Photo
- - - - -

Help Request: Ettercap oneway configuration


  • Please log in to reply
1 reply to this topic

#1 emilam

emilam

    Will I break 10 posts?

  • Members
  • 7 posts
  • Gender:Male

Posted 27 November 2010 - 06:49 PM

Hello,

I have a pentest next week where I know they will kill my port if
detected. Normally I use Cain, one b/c its such a great tool, but two
because I am lazy (because its such a great tool)

I have read through the man pages, looked through the ettercap forums
(tried to register but it errors out) I have been look for a few days,
but no one really knows how to properly set it up.

I put together a script (text file included) and I was hoping anyone could
help me with the following line:

ettercap -M arp:oneway -T -q -p -L ettercap$(date +%F-%H%M) -i $IFACE // //

I guess my question is what do I put in the // //'s. The man page is
missing the context for me to fully understand what the IPs shown actually
represent.

In addition, per the man page note, I used the following command to create
a route to the gw (11.11.14.1) on my attacking system.

route add -net 11.11.14.0 netmask 255.255.255.0 gw 11.11.14.1 eth0

Not sure that is correct either.

Please enjoy the script..would like to hear how it does for others.

Best Regards

Attached Files



#2 emilam

emilam

    Will I break 10 posts?

  • Members
  • 7 posts
  • Gender:Male

Posted 28 November 2010 - 03:02 PM

Hello,

I have a pentest next week where I know they will kill my port if
detected. Normally I use Cain, one b/c its such a great tool, but two
because I am lazy (because its such a great tool)

I have read through the man pages, looked through the ettercap forums
(tried to register but it errors out) I have been look for a few days,
but no one really knows how to properly set it up.

I put together a script (text file included) and I was hoping anyone could
help me with the following line:

ettercap -M arp:oneway -T -q -p -L ettercap$(date +%F-%H%M) -i $IFACE // //

I guess my question is what do I put in the // //'s. The man page is
missing the context for me to fully understand what the IPs shown actually
represent.

In addition, per the man page note, I used the following command to create
a route to the gw (11.11.14.1) on my attacking system.

route add -net 11.11.14.0 netmask 255.255.255.0 gw 11.11.14.1 eth0

Not sure that is correct either.

Please enjoy the script..would like to hear how it does for others.

Best Regards


I was able to get it figured out....

for oneway the config is /targets-ips/ /gateway/ such as the following

ettercap -M arp:oneway -T -q -p -i eth0 /11.11.14.100-150/ /11.11.14.1/

So you can add a line to my script that is a copy of the remote arp poision and just edit the 'arp:opneway' and switch the targets around.

I may port to python to remove the manual editing...but it works fine for me right now.

Best Regards




BinRev is hosted by the great people at Lunarpages!