- Get link
- X
- Other Apps
Blogs
- Get link
- X
- Other Apps
Capturing passwords using Wireshark
what is Wireshark?
Wireshark is a network protocol analyser that allows you to monitor all traffic on a network; it can be used to troubleshoot dropped packets, exfiltration and to investigate malicious activity on your network.
TELNET session capture
The first issue here is that telnet has no built in security measures and is being used for remote network connection which means any passwords sent will be in plain text.
The Pcap I will be using is from root-me.org where the challenge is to find the user password from the captured session. This is a very easy challenge and should take no more than two minutes to complete.
Lets have a look at the Pcap!
If we order the Pcap file by protocol we can see all of the Telnet packets together. Telnet sends each character one by one so the username and password is not obvious straight away, but if we right click on a telnet packet and select Follow>TCP Stream. We will find the username and password.
By following the TCP Stream, it applied a display filter that selected all of the packets in the current stream displaying the username (fake) and the password (user) for us.
Comments
Post a Comment