Video: Man-in-the-Middle Attack on MySpace with Cain

| March 13, 2008

By Brian Wilson, CISSP, CCNA, CCSE, CCAI, MCP, Network+, Security+, JNCIA

Last year at ChicagoCon 2007, Brian Wilson gave a great talk entitled "Cain & Abel: Windows Can Hack, Too!" Although the presentation and audio recording of the talk can be downloaded from the ChicagoCon site at Library arrow Media Lab arrow 2007 Evening Presentation Files, I had totally forgotten to publish his videos. Just in case things didn’t go as planned during the live event or his laptop crapped out on him, Brian made a video of the MITM attack he demonstrated using Cain. They made it on the DVD passed out to the attendees, but unfortunately not in his column… until now!

Although we often talk about this incredibly versatile tool here on EH-Net, for the uninitiated…

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:Wilson}


chicagocon2008s_468x120.jpg

Author’s Note: Since ChicagoCon they fixed the issue I identified. I e-mailed all the sites I was able to MITM, and all of them fixed it but www.youtube.com (aka Google). I did not get a reply back from any of them. However, I indicated in the email that they had 90 days to fix the issue, before I release the information into the wild past my demo at Chicagocon. I guess most of them listened.

View other presentations from ChicagoCon 2007.

Category: Wilson

Comments are closed.