How to sniff network traffic for PASSWORDS Using CAIN
Step ONE: First we want to download the CAIN application Website: http://www.oxid.it/cain.html Direct Download: Lonk MD5: 76605141C111...
http://kingofdkingz99.blogspot.com/2011/09/how-to-sniff-network-traffic-for.html
Step ONE:
First we want to download the CAIN application
Website: http://www.oxid.it/cain.html
Direct Download: Lonk
MD5: 76605141C11167F7EF0CDCAD3AFBA9FA
Step TWO:
Now we want to install the application
After we install the application we click on the .exe icon
![[Image: 83438611.jpg]](http://img846.imageshack.us/img846/2245/83438611.jpg)
When it opens you should get the basic start up look
![[Image: 26759668.jpg]](http://img825.imageshack.us/img825/2504/26759668.jpg)
From there we want to make sure the SNIFFER tab at top is clicked
And that the Host tab at the bottom is clicked.
Step THREE:
Now we need to configure the sniffer; you are choosing what network device you want the sniffer to use (use the one connected to the network you want to monitor)
So click Configure in the toolbar and this menu will pop-up.
Choose your network device.
![[Image: 25408317.jpg]](http://img823.imageshack.us/img823/2910/25408317.jpg)
Step FOUR:
Now that we have the sniffer configured we need to start sniffing.
So to start the sniffing on the device selected above you click the sniffing button (1). Then we want to sniff for devices so click the + button (2).
![[Image: 58474071.jpg]](http://img819.imageshack.us/img819/9091/58474071.jpg)
When you click the + button a menu will pop-up. This will sniff for devices in the range you set.
The easiest thing to do is leave it set to all host in my subnet and click OK.
![[Image: 95168851.jpg]](http://img52.imageshack.us/img52/5358/95168851.jpg)
Now it will start to scan on the network for devices on the network
![[Image: 88128926.jpg]](http://img835.imageshack.us/img835/1060/88128926.jpg)
The devices will show up in the background during the scan.
Step FIVE:
Now that we sniffed out devices on the network we want to start the ARP POISONING.
So in the lower tabs we click on the ARP tab
Keep the SNIFFER tab selected too.
Now in the left column click ARP and the + should be blue. Click it.
Now a menu like this should pop-up
![[Image: 83202361.jpg]](http://img820.imageshack.us/img820/2426/83202361.jpg)
The left side is where you select the ROUTER.
Mine for example is 192.168.1.1.
After selecting that the Other devices on the network should show up in the right hand column.
Select them all or what ever IP's you want to sniff for traffic.
![[Image: 70338696.jpg]](http://img192.imageshack.us/img192/8959/70338696.jpg)
Step SIX:
Now we want to start POISONING the devices.
So now click the toxic icon next to the sniffer button.
All the status's should turn to poisoning and in the lower cells you may
start to see traffic going in and out.
![[Image: 67218982.jpg]](http://img3.imageshack.us/img3/6242/67218982.jpg)
Step SEVEN:
After you see some traffic flowing in and out you want to look for passwords.
So now the lower tabs we are going to click PASSWORD.
Now the password list will show up. On the right hand side it shows types of passwords. For example HTML5, Pop3 (email) and more.
For this tut i just did a simple log in into Planetrenders.net (html5)
This is the log i got.
![[Image: 34071615.jpg]](http://img405.imageshack.us/img405/9793/34071615.jpg)
As you can see it's a little messy but you can see in one of the logs the
username of HACKFORUMS and the password of TEST1234.
If you also take note the Userfeild and Passfeild are
username= and password= which may make it easier to filterer when you get more logs.
Notes:
Some tips i have come across where don't only look at Html5 numbers next to the type will pop up so make sure you don't forget looking in MYSQL, POP3, ICQ, Ect.
Some password will be encrypted, don't fret you may be able to find the hash type like md5 and then find a cracker online, or the build in cain to decrypt it.
Also you may wanna check out the VOIP tab at the bottom, it records some conversations between people.
I recommend cracking a simple WEP network or go into a public wifi and sniff there not fun on own network.
Just play around with the tool to learn some more and let me know what you discovered.
Hope you enjoyed the tut and you learn and sniff some passwords.
First we want to download the CAIN application
Website: http://www.oxid.it/cain.html
Direct Download: Lonk
MD5: 76605141C11167F7EF0CDCAD3AFBA9FA
Step TWO:
Now we want to install the application
After we install the application we click on the .exe icon
When it opens you should get the basic start up look
From there we want to make sure the SNIFFER tab at top is clicked
And that the Host tab at the bottom is clicked.
Step THREE:
Now we need to configure the sniffer; you are choosing what network device you want the sniffer to use (use the one connected to the network you want to monitor)
So click Configure in the toolbar and this menu will pop-up.
Choose your network device.
Step FOUR:
Now that we have the sniffer configured we need to start sniffing.
So to start the sniffing on the device selected above you click the sniffing button (1). Then we want to sniff for devices so click the + button (2).
When you click the + button a menu will pop-up. This will sniff for devices in the range you set.
The easiest thing to do is leave it set to all host in my subnet and click OK.
Now it will start to scan on the network for devices on the network
The devices will show up in the background during the scan.
Step FIVE:
Now that we sniffed out devices on the network we want to start the ARP POISONING.
So in the lower tabs we click on the ARP tab
Keep the SNIFFER tab selected too.
Now in the left column click ARP and the + should be blue. Click it.
Now a menu like this should pop-up
The left side is where you select the ROUTER.
Mine for example is 192.168.1.1.
After selecting that the Other devices on the network should show up in the right hand column.
Select them all or what ever IP's you want to sniff for traffic.
Step SIX:
Now we want to start POISONING the devices.
So now click the toxic icon next to the sniffer button.
All the status's should turn to poisoning and in the lower cells you may
start to see traffic going in and out.
Step SEVEN:
After you see some traffic flowing in and out you want to look for passwords.
So now the lower tabs we are going to click PASSWORD.
Now the password list will show up. On the right hand side it shows types of passwords. For example HTML5, Pop3 (email) and more.
For this tut i just did a simple log in into Planetrenders.net (html5)
This is the log i got.
As you can see it's a little messy but you can see in one of the logs the
username of HACKFORUMS and the password of TEST1234.
If you also take note the Userfeild and Passfeild are
username= and password= which may make it easier to filterer when you get more logs.
Notes:
Some tips i have come across where don't only look at Html5 numbers next to the type will pop up so make sure you don't forget looking in MYSQL, POP3, ICQ, Ect.
Some password will be encrypted, don't fret you may be able to find the hash type like md5 and then find a cracker online, or the build in cain to decrypt it.
Also you may wanna check out the VOIP tab at the bottom, it records some conversations between people.
I recommend cracking a simple WEP network or go into a public wifi and sniff there not fun on own network.
Just play around with the tool to learn some more and let me know what you discovered.
Hope you enjoyed the tut and you learn and sniff some passwords.
