Stressful Password Sniffer

Network Picture

Abstract:

This project was developed for CSE571S at Washington University St.Louis. The main goal was to demonstrate knowledge in network security, show the faults in commonly used protocols and the lack of knowledge in applying security policies.


Description:

This program is a network packet sniffer that sniffs out server IP addresses, usernames, and passwords. It is built in Windows 7 and the setup described in this manual is based around a Windows 7 machine but the ideas portrayed can be applied to other systems. The program currently only captures telnet, ftp, and http passwords. The program can capture clear text and it can also capture and decrypt md5 passwords in http packets. The basic idea is to use the program to implement a man-in-the-middle attack. The Windows 7 PC is used to create a fake WIFI hot spot that will act as bait for clients to connect to. When clients connect and send out network packets, the program will collect the passwords real time and print out to screen. Any password decryption also happens in real time. Decryption is done by using the John the Ripper programFrom the client point of view, he or she would not normally suspect a MITM attack is occurring. This program was created for academic purposes and is not to be used for real world exploitation.


Setup:

Visual Studio 2010 Ultimate:

Stressful Password Sniffer Source Code


Stressful Password Sniffer Manual


Download WinPcap packet capture library development pack from here: http://www.winpcap.org/devel.htm

Unzip the file into the C drive. Open Visual Studio 2010 and create a new project and use Win32 Console Application as an empty project. Add main.c to the project. Right-click the project and select Properties. Under Configuration Properties -> C/C++ -> Additional Include Directories, add "C:\WpdPack\Include". Under Configuration Properties -> Linker -> Input -> Additional Dependencies, add "wpcap.lib" and "ws2_32.lib". Under Configuration Properties -> Linker -> General -> Additional Library Directories, add C:\WpdPack\Lib. Build the program.

John the Ripper Password Cracker:

Download the community enhhanced version for Windows from here: John the Ripper Password cracker

Unzip the file and place it in Visual Studio 2010\Projects\ \. Rename the top directory to "john". When running the program, newly cracked username/passwords will be output to screen. Previously cracked hashes will be in Visual Studio 2010\Projects\\\john\ run\john.pot

Fake WiFi hotspot:

Open the command prompt in Administrative Mode. Check if the Windows 7 machine has a network device that can create a WiFi hotspot. Type in "netsh wlan show drivers". If output contains "Hosted network supported : Yes", then the machine is suitable for a MITM attack. Create a connection by typing in the command "netsh wlan set hostednetwork mode=allow ssid= key=". In the previous command, change the ssid and key as appropriate. Start the hosted network: "netsh wlan start hostednetwork". Open "Open Network and Sharing Center". Notice that the hosted network has no internet access. To gain internet access, the hosted network will tap into the internet connection of the normal non-hosted connection. Select the normal non-hosted connection and then select Properties -> Sharing tab. Check the checkbox, "Allow other network users to connect through this computer's Internet connection". In the dropdown box, select the connection for the hosted network.


Program Execution:

At start-up, the program will list the network devices by number. Choose the number that corresponds to the hosted network that is to be connected to by the clients. The program will confirm the selection and will start polling for passwords. When a packet containing a user name and a password is captured, the program will display the type of protocol, the server IP address that the client is connecting to, the user's name, and the user's password. The program will do this for all packets until the program is closed. Telnet usernames and passwords are output to screen letter by letter in real time. For the other protocols, the usernames and passwords are output to screen after the user inputs the username or password and presses the key.


Limitations:

The program behaves very much like a program in beta. The program has been tested with some sites and situations but not all sites and situations have not been tested for various reasons, including development time constraints. For telnet, it will output non-alphabetic characters like that are typed by the user. For HTTP, password cracking is limited to the abilities of the John the Ripper program. Wordlists can be added to JtR to enhance md5 cracking. Password cracking is limited to just md5. The program was tested using only a single client. Program behaviour with multiple clients is unknown but the program should be able to service multiple clients.


References:

WinPcap, "The industry-standard windows packet capture library,"

[Windows network packet capture library]


WinPcap, "WinPcap tutorial: a step by step guide to using WinPcap,"

[Tutorial for using WinPcap to capture network traffic]


Dan Lo, "How to: Program Development with Winpcap Using Microsoft VisualStudio,"

[Video describing how to setup WinPcap in Visual Studio]


iTech, "How to turn your Windows 7/8 Laptop into a WiFi Hotspot 2014,"

[Video describing how to create a WiFi hot spot in Windows 7]


Martin Casado, "The Sniffer's Guide to Raw Traffic,"

[Tutorial for using the open source library libcap]


John the Ripper, "John the Ripper password cracker,"

password cracker for various hashed passwords]