ARP spoofing and sniffing are not unfamiliar to friends who are playing black. The most popular method is to sniff the FTP password in the same network segment, so they generally like to penetrate the main site to open an FTP, however, in most cases, the probability of the master site opening is greater than that of FTP. It would be better to sniff 3389 directly.
Cain is a software that everyone is familiar with. It has the ARP spoofing, sniffing, and password cracking functions. Here we provide the latest version: http://www.ncph.net/cain.exe. I will not talk about it in some practical ways. I believe everyone will use this software. Originally, Cain provided the sniffing terminal (3389) password function, but it was never used. I have never used this function before, however, when I accidentally used the sniffing function, I enabled the sniffing function of 3389. At last, nothing else was detected. I sniffed an RDP value and started an analysis, the original 3389 password is in it.
Many of my friends read the penetration of the website in my blog and asked me how to sniff the 3389 password. So I plan to share this with you. For more information, see.
Here is a graphic Tutorial: Install cain.exe first, and install cain.exe by default.
1. Open the sniffer page:
2. enable port configuration and set port 3389 for sniffing:
3. Click sniffing and right-click to scan for Mac:
4. Open the ARP page and click "+" to open the spoofing settings:
5. Select a gateway on the left and a spoofed IP address on the right:
6. Click the cheat button to start spoofing:
7. A piece of data is spoofed:
8. Select ARP-RDP and right-click the data in the right sidebar:
9. Right-click the document to open it:
10: In this document, find the administrator username and password of 3389:
After the above tests are passed on the Internet and Intranet, the administrator password can be captured accurately, but it must be obtained after the Administrator successfully logs on. In fact, Cain uses ARP spoofing to intercept data transmission packets, and can crack 3389 of the encryption protocol, the software is good