Stealing Passwords Using Wireshark and Ettercap

Thanks for watching and the positivity! 👍👍👍

Fantastic! Thanks for subscribing! You’re subscriber #1900 so kudos!! 🎉🏆🥇

So glad you enjoyed the video, and I truly appreciate your subscription! I’ll make more. 👍👍👍

Thanks for joining us and welcome to the community!!

Thanks! Glad you enjoyed it and there are more videos on their way.
Thanks again!

Thanks for watching and glad you found it useful! 👍👍👍

Fantastic- thanks for subscribing!!

@@pentest_TV Thank you for the quality content!!

Thank you! Definitely trying to make as high quality as possible and hoping to be noticed by the algorithm. Appreciate you watching and commenting! 👍👍👍

​@@pentest_TVMake better, even it is already perfect( i need clearer pronounciation, i am non native English)

Thanks for the input! Would English subtitles help (and not the crappy ones auto-generated by TH-cam?)

yes of course, and also you can make videos of 2 versions( for beginners (who doesnt knoe anything( like: pent test)( how to get linux) ( what is linux) and so on) and for the middle-expert

Sure - sounds like a good idea. Thanks!

Attacking and compromising encryption is a different type of attack. This demonstrates an attack against the network, specifically at layer 2. Thanks for watching and commenting! 👍👍👍

Based on my experience, I highly doubt the college network security is that high, but I would strongly encourage you to not do it at your college since you don't own the network and probably don't have permission to run a layer-2 attack on it. Remember, this reroutes ALL the local network traffic through your system before heading out to the router, so it's not a passive attack. Make sure you watch my other videos on how to set up a hacking lab before attempting this.

@@pentest_TV Thanks

That’s the rub. But you can also perform SSL hijacking since you’re routing all traffic through you.
However, you’d be surprised how many unencrypted applications are used internally within an organization. Regardless, performing a layer-2 attack and being successful is a finding in itself. But it also points you to critical infrastructure that you would want to attack but not know if it’s existence without watching the traffic. So many benefits from performing the attack.
Thanks for the comment and for watching!

No problem! Thanks for watching.

Kali is set to dark mode... settings -> appearance -> style tab

This is correct and while http isn't used often on Internet-facing websites, there are a number of plaintext protocols used extensively by users and system administrators during their day-to-day activities. Cleartext protocols are almost always found during internals including ftp, smtp, snmp, telnet, netbios, and more. Because of this, the techniques used in this video are critical to learn and perform during an internal penetration test.
Internals is where this really shines and is always one of the first things I do during an engagement. People reuse their passwords all the time and I can’t count how many times admins use their AD username and password on cleartext protocols.
Thanks for commenting and watching!

It works on all unencrypted protocols including http, ftp, telnet, snmp and more.

Thanks for watching and commenting! Glad you’re here. 👍👍👍

Compromising encryption is a different type of attack, but if you think about it, the attack accomplishes more than you think. We would use this for internal penetration testing, which uses a LOT of unencrypted protocols, including ftp, smtp, snmp, telnet, netbios and more. Performing a layer-2 attack is an attack that is considered “best-practice” when performing internal pentests, so this is a critical skill to learn. Thanks for watching and commenting!👍

@@pentest_TV fair enough! Ill check out more of your vids.

Thanks, and enjoy!

Thanks for joining us!

Because i also have a wlan1 And wlan0 in my pc

Oh, good question. That was the only network card in the system. You can find out the name of your network connections by typing out “ifconfig” (without the quotes) in a command window. If you’re using a windows system it’ll be different.
Thanks for the question!

Those are wireless network cards. WLAN = wireless eth=Ethernet. Check out my hacker lab videos to copy my environment: th-cam.com/play/PL2IKcHBQPBdKI9fmq7py5RPhZ1kKm5dkD.html&si=jBRU7mRzT1wJEoew

Not sure - I only use it on Linux.

100% an issue, but as I mentioned in the video it’s fairly rare to capture clear text authentication. But you’d be surprised how many unencrypted protocols are used within an enterprise on their internal network that this works against. My quickest win during an internal was when a Super Administrator connected to an ftp server re-using their windows SA credentials to connect. Less than 10 minutes after starting the internal and I already owned their network.
SMB 2.0 and earlier are also clear text, and that’s still very much in the wild. Port 1433 SQL is also unencrypted. The list goes on.
Thanks for watching and commenting!!

True, but there are a number of plaintext protocols used extensively, especially found during internals including ftp smtp snmp telnet netbios and more.
Internals is where this really shines and is always one of the first things I do during an engagement. People reuse their passwords all the time and I can’t count how many times admins use their AD username and password on cleartext protocols.
Thanks for commenting and watching!

Thanks for subscribing! Can’t help with the gmail account though.

That’s a different type of attack and something I’ll cover soon - this is a layer-2 attack that’s best practice during an internal pentest.

@@pentest_TV I think https attack often face hsts problem, last time I focused on adware attack

100% agree. Hacking https during a pentest via mitm just isn’t worth the level of effort anymore.