Penetration Testing mailing list archives
Re: extracting passwords from ethereal dump
From: David Eduardo Acosta Rodríguez <david.acosta () internet-solutions com co>
Date: Mon, 20 Jun 2005 18:02:47 -0500
Hi: You can use DSniff http://www.monkey.org/~dugsong/dsniff/.
From the description in the web site:
"...dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI. .." Ing. David E. Acosta R. Security Consultant - CISSP Internet Solutions Colombia "The Information Security Experts" http://www.internet-solutions.com.co david.acosta () internet-solutions com co Phone (movil):(300)2089961 Phone (office):(091)3120910 ext 17 CONFIDENCIAL. La información contenida en este e-mail y cualquier archivo anexo es confidencial y sólo puede ser utilizada por el individuo o la compañía a la cual está dirigido. Si no es usted el destinatario autorizado, cualquier retención, difusión, distribución o copia de este mensaje está prohibida y es sancionada por la ley. Si por error recibe este mensaje, le ofrecemos disculpas y le agradecemos reenviar el mensaje al emisor original y eliminarlo de su inbox inmediatamente. ----- Original Message ----- From: "Mohamed Abdel Kader" <makster12 () hotmail com> To: <pen-test () securityfocus com> Sent: Monday, June 20, 2005 11:14 AM Subject: extracting passwords from ethereal dump
I was on a assessment and decided to get some of the traffic moving along the network. i got it using ethereal. now i want a program (other than ettercap) that can take this dump and extract the passwords. It would be helpful if the program can tell me the source and destination
as
well as the protocol in use for each detected password. thanks in advance pen-testers :o) MAK
Current thread:
- extracting passwords from ethereal dump Mohamed Abdel Kader (Jun 20)
- Re: extracting passwords from ethereal dump Nicolas Gregoire (Jun 21)
- Re: extracting passwords from ethereal dump Tim E (Jun 21)
- Re: extracting passwords from ethereal dump Noname (Jun 22)
- Re: extracting passwords from ethereal dump sfml (Jun 27)
- <Possible follow-ups>
- Re: extracting passwords from ethereal dump David Eduardo Acosta Rodríguez (Jun 20)
- RE: extracting passwords from ethereal dump Todd Towles (Jun 20)
- RE: extracting passwords from ethereal dump Steve A (Jun 20)
- Re: extracting passwords from ethereal dump andre protas (Jun 20)
- RE: extracting passwords from ethereal dump Kyle Starkey (Jun 21)
- Re: extracting passwords from ethereal dump Nicolas Gregoire (Jun 21)