in today's tutorial I'm going to show you how to steal Network traffic using Eder cap and wire shark to be clear I'm not talking about capturing my own traffic I'm talking about capturing traffic from other computers so a real man-in-the-middle Attack there's a lot to talk about so let's get [Music] going welcome or welcome back to the channel today I'm going to show you my favorite attack when conducting an internal penetration testing for a customer a lot of pent testers like to start off by scanning the network to see what systems are actually on that Network I prefer to listen to the network traffic and let the users point me to relevant networks and systems in addition while I'm listening hopefully I'm collecting usernames and passwords to kick things off let's begin a brief overview of what erer cap and wire shark are and how they can benefit your network pentest so erer cap is a versatile network security tool that can be used for various purposes including man- in-the-middle attacks Network sniffing and then also protocol dissection on the other hand wire shark is a powerful packet analyzer that can allow you to capture and then scrutinize the data that's also traveling across the network but together these tools provide a comprehensive view of Network activities even though we're going to be performing a man in the- Middle attack I personally actually consider this part of the Recon phase some people will argue with that view because what I actually am doing in fact is attacking the routing tables for all systems within my routing domain but in my opinion this is simply just an aggressive method of collecting data during the reconnaissance phase so I'm going to jump to the fun part right away and I'm going to show you an actual attack against a victim it's also going to be me but on a different machine and what we're going to do is we're going to do a man- in-the-middle attack and we're going to capture a username and password so in this network I have the cyrix level three server up and running I also have a clone of Cali just for the purposes of imitating an employee on the network and we're going to just call that our victim box okay so let me show you how I start my man- in-the-middle attack using both Eder cap and wire shark and uh I'm going to use the eth0 network connector so I'll just double click there or I can just hit this little fin at the top so I'll just start eth zero let it start collecting data so I'm going to use the graphic interface for Eder cap you can do it at the command line and you'll probably want to learn to especially when you do remote pen testing but uh to get it going I'm going to use pseudo Eder cap- capital G so we can see that wire shark is starting to collect some information you can see it's uh our DHCP traffic things like that so again it's just broadcast traffic but with the Ed cap so we're going to start that we have it set up to eth0 we're going to sniff at the startup and then I'm going to keep it on promiscuous mode and then I'll just start all right so it's running a bunch of scripts that will try to capture traffic along the way and it's actually creating its own file it's similar to a pcap file but uh we'll just go over to our victim server next and try to connect to the cyric if we open up a browser on our victim box and navigate to the cyric server we can try to log into the website and pass it some bogus username and password credentials so let's go to login we got username I'll just do [Applause] administrator too many A's and then for password I'm just going to do something all right very very secure password so I'll try to do login and I'll get an incorrect username and password but let's go back to the Cali box and take a look at what Eder cap has captured so we can see here that Eder cap caught and recognized that we had a username and password field entered it collected that information and then output it right here I'm going to stop the wire shark and take a look at the results from there so in order to find a packet I just click edit find packet make sure I change the packet to packet details and make sure that it's set to string and then I'll type in username and we can see here that there is a form item called username and it is administrator form item password equals Cordy 1 2 3 45 my very secure password all right so Eder cap and Wireshark both found the username and password but Eder cap brought it to our attention so in less than a minute we have successfully exploited a weakness in our Network and then captured credentials that we traveling across that Network Honestly though this is not really a common occurrence but it is something that is very happy when it happens so now that we got the wow factor out of the way we actually did an exploit and it only took what 30 seconds let me show you what we typically use Eder cap for along with wire shark so as I mentioned wire shark can be and should be used for Passive information gathering when you first start an internal penetration test uh and you can see here there's a whole bunch of data that it was collected over time but how do you narrow that down so if you go to statistics and then you go to endpoints and you click on ipv4 that gives you a list of IP addresses that communicate either internally out or externally in now that you have all this information you can start to understand better what the network configuration is for your customer's internal Network once we've captured enough traffic to our satisfaction we can begin analyzing packets uh it's better if we run both Eder cap and wire shark at the same time that way we can capture all the network traffic going through Eder cap and then into wire shark and then we can apply filters in wire shark and focus on specific protocols or hosts the trick to all of this is that systems that employees visit are usually high value targets from a pen testing perspective and that allows us to expand our understanding of what the internal Network looks like without having to guess especially if the customer doesn't give us any information about their internal Network to begin with now one crucial note before we wrap things up it's extremely imperative to only use these tools responsibly and ethically so make sure you always have permission from the customer to perform this kind of attack a layer or two attack and also adhere to any ethical and and legal guidelines that you have to follow if you found this tutorial helpful make sure that you give a thumbs up and please subscribe so also make sure to join our Discord server uh where we talk about everything pentest related and until next time thanks for joining and happy [Music] hacking a