5

Let's say that we have a room with a router and 30 PC's plugged in. Every PC has it's own 'subnet'. If we check for available hosts via ettercap/wireshark (on any PC), it only discoveres two hosts: our own and the router. I couldn't find any switches in the room, but they are probably hidden somewhere.

My teacher gave me a task, to sniff his wordpress password. As you probably know, login is easy, cause it can be easily enumerated, for ex. with wpsniff. In my own network, in home I work on w-shark, cause I have one mask, one router and it's simple - every packet is visible.

In the class, my IP address is like '10.169.100.181' and the 'main host' is on '100.1'.

Is there any way to configure ettercap to work with VLSM subnets, or any other way to retrieve any packet that is in a different subnet, but on the same router? He said on the first lesson, that there is a plugin for Firefox, that may work with a thing like this.

I know, that this question is stupid and you'll say that I should go learn somewhere, but I don't know where. If there is someone who can point a way (just the way), I would be grateful :)

Edit

Every cable goes near a wall to the same steel box, where is the router and switches probably. The only thing I know that on other PC's the 'main host' is on the same address as mine and the endings of local IP's are different. I have 10.169.100.181, my colleague has 10.169.100.182, but we both has the same 'router address' - 10.169.100.1. We just don't see each other.

Community
  • 1
Insane
  • 61
  • 2

1 Answers1

1

ok so first thing is it doesn't sound like your systems are on different subnets as it would usually be understood if your colleague is on 10.169.100.182 and you're on 10.169.100.181 . Assuming a usual subnet mask of 255.255.255.0 , everything starting 10.168.100. is on the same IP subnet.

Next question, when you say you can't "see" each other, what have you tried. Usually on a standard switched cabled network you won't see unicast traffic that you are not the source or destination for (you should see any broadcast or multicast traffic). What might be different to your setup at home is that if you're using wireless networking at home the situation will likely be different and there you may be able to see more traffic (depending on the exact config. of the network)

So to establish what filtering is in place you could test with your colleague to see what happens if you try to contact each others systems.

From what you've said you have access to Wireshark. so if you get that running, then ask your colleague to ping you or port scan you (using something like nmap) you can establish if there's firewalling in the way.

Assuming that there isn't and you can send traffic from one system to another, you can then (with proper authorisation of course) use standard arp poisoning tools to attempt to re-route traffic from your target system via your own and at that point you may be able to use the firefox plugin your teacher refers to (I'm assuming here he means firesheep or similar) see credentials in transit.

This won't work if the connection is protected by SSL encryption (which it should be), then there's more you'd need to do.

Rory McCune
  • 60,923
  • 14
  • 136
  • 217
  • I just realized that I tried the wrong IP address with ping. We had a task, to ping a PC with an IP address in range 10.169.100.100-200 and check on wireshark what happens. I got 10.169.100.103 and if my PC is 181, my colleague 182 - I didn't notice that 103 may not exist O.o. So I will try to ping my colleague when I'm back there. Back to the wireshark, it only shows my packets (outgoing and incoming), for ex. when pinging wikipedia. I didn't see any traffic from any other PC. Thank you very much for your reply, I will try to ping a PC that is alive ;D – Insane Nov 04 '15 at 10:42