In this Kali Linux Tutorial, we show you how to use Net Creds to launch a MITM attack.Net creds is a python based script to sniff login credentials of victim visited the website. Download the Net Creds Tool Here.

Run the script in windows or Linux machine, its recommended to have python compiler to run the script on the windows machine.

Here I have used Kali Linux to sniff out victims network.It’s not necessary to install python in Kali Linux.Kali Linux has inbuild python compiler.

- Advertisement -

Also Read Xerosploit – Toolkit to Perform MITM, Spoofing, DOS, Images Sniffing/Replacement, WD Attacks

Attackers machine(Kali Linux)

Execute the script with a command: python net-creds.py -i eth0
Choose your appropriate interface, here I have used -i eth0 as my interface.

Sniff Out for Username & Password

Net-creds is sniffing out URLs visited to capture clear text network protocols.

Above illustrated image shows sniffed data has interesting juicy pieces of stuff in GET & POST request of the HTTP protocol.
Here found banking login credentials in POST Request for demo.testfire.net website.

Check Victims Credentials

Let us check out sniffed credentials is successfully for login.

Bingo !!! Log in successful for username & password.

Protocols Net-creds capable to Sniff

POST loads sent,HTTP form logins/passwords,HTTP basic auth logins/passwords,HTTP searches,FTP logins/passwords,IRC logins/passwords,POP logins/passwords.
IMAP logins/passwords,Telnet logins/passwords,SMTP,logins/passwords,SNMP community string,NTLMv1/v2 all supported protocols: HTTP, SMB, LDAP and Kerberos.

Protocols Vulnerable for MITM attack

HTTP: Sends passwords in clear text
TELNET: Transfer commands in plain text
SNMP: Sends passwords in clear text
POP: Sends passwords in clear text
FTP: Sends passwords in clear text
NNTP: Sends passwords in clear text
IMAP: Sends passwords in clear text

Mitigation for MITM attack

The first defense against packet sniffers is to use strong authentication, such as one-time passwords.
Antisniffer tools to detect the use of sniffers on a network.
Implement cryptographic protocols for network management include Secure Shell Protocol (SSH) and Secure Sockets Layer (SSL).

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Password Pentesting with Net-Creds to Sniff out Username and Password of Users in your Network

Attackers machine(Kali Linux)

Sniff Out for Username & Password

Check Victims Credentials

Protocols Net-creds capable to Sniff

Protocols Vulnerable for MITM attack

Mitigation for MITM attack

Latest articles

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

Meta Removed 2 Million Account Linked to Malicious Activities

Free Webinar

Protect Websites & APIs from Malware Attack

Discussion points

More like this

Tor Network Suffers IP Spoofing Attack Via Non-Exit Relays

10 Most Common Types of Cyber Attacks in 2023

Sniffing as easy as possible with Ettercap Tool

How To Access Dark Web Anonymously and know its Secretive and Mysterious Activities

How to Build and Run a Security Operations Center (SOC Guide) – 2023

Network Penetration Testing Checklist – 2024