Re: [PEN-TEST] Deploying a Win32 Sniffer

[The Picard <thepicard () HOME COM>]

Also, the people from NT Objectives have a dynamically-loading version of
windump, dubbed 2.03, which doesn't require a reboot. However, it's not
stable and I've found that it messes up the network communication and/or
freezing the machine after several uses.

-----Original Message-----
From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf
Of MadHat
Sent: None
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: Deploying a Win32 Sniffer


At 04:36 PM 11/28/2000 -0500, you wrote:
> I have heard several people say that once you compromise a minor target
> you might want to install a packet sniffer to pickup IDs and passwords on
> the wire.
>
> The sniffers I have used (for example, DSniff for Win32) require a packet
> driver to be installed on the system and it be rebooted. Is there some way
> to sniff IDs/Passwords without that type of packet driver?


buttsniffer (http://packetstorm.securify.com/sniffers/buttsniffer)  is the
only one I know of that is out.  And can cause problems like crashing the
machine.  I have only played with it a little, so YMMV...

Foundstone says they have one called fsniff that will work, but they
haven't released it as of yet...



MadHat at unspecific.com