Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: dsniff-like tool?

From: Volker Tanger <volker.tanger () discon de>
Date: Wed, 12 Feb 2003 10:03:56 +0100
Greetings!

Andrew Stewart wrote:

Does anyone know of a tool with credential sniffing capabilities similar
to dsniff? (But that isn't dsniff ;-)

I've played with Ethereal but I'd like to try and find a tool with
focused password/credential snarfing ability.


http://phenoelit.de/phoss/
"PHoss is a sniffer designed to find HTTP, FTP, LDAP, Telnet, IMAP4 and POP3 logins on the wire. It also sniffs the VNC challange/response handshake." Especially in non-switchd networks quite an eye-opener. Lists nicely protocol, name and password for each appropriate packet coming along.
Personal experience with Phenoelit: some of them tried to social engineer into our CeBit network few years ago (out of sportsmanship I figure) but ended up getting social engineered themselves as they handed me their real, private "business card". But I guess they got better in that by now... (Greetings!) ;-) 

Bye

Volker Tanger
IT-Security Consulting

--

discon gmbh
WrangelstraƟe 100
D-10997 Berlin

Telefon  (030) 6104-3307
Telefax  (030) 6104-3461

volker.tanger () discon de
http://www.discon.de/



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: