Penetration Testing mailing list archives

Re: extracting passwords from ethereal dump

From: David Eduardo Acosta Rodríguez <david.acosta () internet-solutions com co>
Date: Mon, 20 Jun 2005 18:02:47 -0500

Hi:

You can use DSniff http://www.monkey.org/~dugsong/dsniff/.

From the description in the web site:


"...dsniff is a collection of tools for network auditing and penetration
testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy
passively monitor a network for interesting data (passwords, e-mail, files,
etc.). arpspoof, dnsspoof, and macof facilitate the interception of network
traffic normally unavailable to an attacker (e.g, due to layer-2 switching).
sshmitm and webmitm implement active monkey-in-the-middle attacks against
redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.
.."

         Ing. David E. Acosta R.
      Security Consultant - CISSP
       Internet Solutions Colombia
  "The Information Security Experts"
http://www.internet-solutions.com.co
 david.acosta () internet-solutions com co
       Phone (movil):(300)2089961
 Phone (office):(091)3120910 ext 17

CONFIDENCIAL. La información contenida en este e-mail y cualquier archivo
anexo es confidencial y sólo puede ser utilizada por el individuo o la
compañía a la cual está dirigido. Si no es usted el destinatario
autorizado, cualquier retención, difusión, distribución o copia de este
mensaje está prohibida y es sancionada por la ley. Si por error recibe este
mensaje, le ofrecemos disculpas y le agradecemos reenviar el mensaje al
emisor original y eliminarlo de su inbox inmediatamente.

----- Original Message ----- 
From: "Mohamed Abdel Kader" <makster12 () hotmail com>
To: <pen-test () securityfocus com>
Sent: Monday, June 20, 2005 11:14 AM
Subject: extracting passwords from ethereal dump

I was on a assessment and decided to get some of the traffic moving along
the network. i got it using ethereal.
now i want a program (other than ettercap) that can take this dump and
extract the passwords.
It would be helpful if the program can tell me the source and destination

as

well as the protocol in use for each detected password.

thanks in advance pen-testers :o)
MAK

Current thread:

extracting passwords from ethereal dump Mohamed Abdel Kader (Jun 20)
- Re: extracting passwords from ethereal dump Nicolas Gregoire (Jun 21)
  - Re: extracting passwords from ethereal dump Tim E (Jun 21)
  - Re: extracting passwords from ethereal dump Noname (Jun 22)
  - Re: extracting passwords from ethereal dump sfml (Jun 27)
- <Possible follow-ups>
- Re: extracting passwords from ethereal dump David Eduardo Acosta Rodríguez (Jun 20)
- RE: extracting passwords from ethereal dump Todd Towles (Jun 20)
- RE: extracting passwords from ethereal dump Steve A (Jun 20)
- Re: extracting passwords from ethereal dump andre protas (Jun 20)
- RE: extracting passwords from ethereal dump Kyle Starkey (Jun 21)