CCIS2400: Security Essentials

Lab 7.5 --- Cracking Sniffed V C !ass"#rds $C%I &

'b(ecti)e At the end of this lab students will be able to use Cains built in network sniffer to sniff out and crack VNC passwords. et"#rk Sniffing f#r *ass"#rds Ethernet networks transmit data to all stations connected to the same collision domain. Therefore, network sniffers located on the same domain as a server, can sniff important data that does not even belong to them. Cain !ass"#rd +ec#)ery ,tility Cain and Abel version .! is a utilit" used to recover lost passwords. #t can recreate the hashes used to store and transfer passwords, thus eventuall" finding a matching hash and the recovered password. Cain has a built in network sniffer to sniff the $AN for certain t"pes of packets. %uch packets ma" contain the VNC password hash, thus allowing the hash to be recreated, and matched to find the original password. Lab !re*arati#n Completing this lab re&uires ' (Cs) a VNC %erver, and VNC Client, and an Attack*(C. +. ,ou and a classmate should complete $ab -.' before beginning this lab. . .ecord the #( address of "our classmates VNC %erver and Client VNC %erver) ///// . ///// . ///// . ///// VNC Client) ///// . ///// . ///// . /////

Note: Your VNC Client is will be your Attack-PC. '. 0e sure "our VNC %erver program is running. %et a relativel" weak VNC password 1one that most dictionar" attacks would &uickl" crack2. 3o not tell an"one what this password is.
Copyright Center for Systems Security and Information Assurance

-#"nl#ad Cain . %bel S#ft"are $%ttack-!C 'nly&

+. #f Cain . %bel is not alread" present on "our computer, "ou will need to download and install it. This is a free product. ,ou will find the installation file here) /tt*:00ca./tc.1nscu.edu0ccis2400 . The installation is prett" straight forward***"ou can accept all the defaults. '. The installation program 1ca/setup.e4e2 will want to install 2in!Ca* 1drivers5dlls for packet*capturing2. #f "ouve installed Ethereal or similar software, "our (C alread" has these drivers, but reinstalling them now wont hurt an"thing.

!re*are Cain t# Sniff and Crack !ass"#rds 1. $aunch Cain) Start !r#gra1s Cain Cain. . 6rom the menu*bar, click C#nfigure. Click the Sniffer tab and verif" that the appropriate network card is selected. Click '3 to return to the main Cain window. '. Click the Sniffer tab near the top of the Cain window, then click the !ass"#rds tab near the bottom of the Cain window. 7. Click the Start0St#* Sniffer button 1looks like a N#C2. !. $eave Cain running 1and sniffing2. 8ait for "our classmate5partner to complete this portion of the lab before proceeding.

Establis/ a V C C#nnecti#n $V C Client& +. 6rom "our VNC*client workstation, launch the VNC Viewer. . Enter the #( address "our VNC %erver, and click 9: to connect to the remote computer. 8hen prompted enter the same VNC password "ou used in $ab -.'. '. 9nce connected to "our VNC %erver, close the session.

Copyright Center for Systems Security and Information Assurance

Cracking t/e sniffed V C *ass"#rd +. #n Cains %niffer5(asswords window, "ou should see at least one entr". 6ind the entr" that corresponds to "our classmates VNC Clients #( address. . .ight click on the entr", and click Send 4# Cracker. '. Click the Cracker tab on the top toolbar, and V C on the left side of the cracker screen. Verif" that there is an entr" in the cracker. 7. %top the sniffer***click the Start0St#* Sniffer button. !. .ight*click the entr" to be cracked and select -icti#nary %ttack $L5&. %ince we know that a weak password has be set, uncheck all the options, then click the Start button.onl" using the password list to minimi;e the cracking time. <. #f the 3ictionar" Attack fails to crack the password, tr" a 6rute 7#rce $L5& attack. This step could take several minutes. -. 8hen the cracker is finished, the password will be displa"ed. .ecord this password below, then close Cain. 5y class1ate8s V C !ass"#rd: 99999999999999999999

C#nnect t# :#ur Class1ate8s V C Ser)er +. 6rom "our VNC*client workstation, launch the VNC Viewer. . Enter the #( address "our classmates VNC %erver, and click 9: to connect to the remote computer. 8hen prompted enter the VNC password "ou =ust cracked. '. 9nce connected to "our VNC %erver, close the session. ,*grade :#ur V C S#ft"are +. >ninstall VNC version '.'.- from both (Cs. . #nstall VNC version 7.+.+ on both (Cs 1viewer onl" on the Attack*(C2. '. .epeat the process to attempt cracking the VNC password***this should fail.

Copyright Center for Systems Security and Information Assurance

%**endi;: This lab was developed using Cain version .-.!, which can be obtained from) /tt*:00""".#;id.it The 9% environment for this lab was 8indows ?( (rofessional, Version @@ , %ervice (ack 1A5@72.

Copyright Center for Systems Security and Information Assurance