howto do a man-in-the middle attack with APR on RDP using Cain & Abel
Sunday, March 8th, 2009Method
Warning: only try this on a network and on computers which you own or have permission to do this. In most countries it is illegal to do this on a network you do not own without permission of the owner.
The RDP protocol prior to version 6 is vulnerable for man in the middle (mitm) attacks. A man in the middle attack can be done one several ways, for example with arp poisoning routing (APR), an eval twin access point, DNS spoofing. Today, we’ll choose APR. APR only works on the local subnet, so the attacker must be somewhere in between the victim and the RDP server. The RDP server can be a any Windows host with terminal services or remote control enabled. In most cases the attacker is on the same subnet as the victim.
More information about arp-spoofing can be found on the wikipedia: