sirgregg

So here's the thing. My employer has a couple of workers he doesn't really trust. He asked me to try and find a way to monitor his actions on the PC. I tried to find an auditing software but everything I could find is either very expensive or not really stealthy. I thought about capturing the packets between the PC and the router (since I'm mostly interested in the web traffic) and filtering them on the fly to save only the important information. I am not however sure if that's possible, and if - how to do that. How would you go about doing that? Any ideas, solutions?

I think what Troy actually asked two questions, both different from what you answered... 1) will the fon (using jasager I assume) work with encrypted networks that you don't have proper keys to? 2) will the fon work while the target's preferred network is actually there? As in which AP will intercept the pc's beacons faster? Unfortunately I don't have one so I can't answer any of those :(

I was doing some arpspoofing/sniffing at a coffeeshop the other day, just to see if it really works outside my house. I got around 200mb of packets with wireshark, and then fed it to dsniff to try and extract something. It spat out something quite strange: #garbagegarbage# ntp:AUTHINFO user someuser AUTHINFO pass somepass #garbagegarbage# Does it ring any bells? Can anyone identify the protocol, authorization type or anything? How could I find the actual packet in wireshark?

I would suggest taking the icons off the desktop and putting them someplace else (like the taskbar, add another level to it if you have to). If you really want to keep the where they are though, you might give Stardock Fences a try (assuming you're on windows). I used it once and was quite happy with it...

Not to be very sceptical, but.... 16 lowercase digits makes 16^26 possible combinations. That's about 2*10^31. Let's suppose you can try 1 000 000 000 passwords a second (which you probably cannot), then you need around 6*10^14 years to try all possible combinations... Conclusion - forget about bruteforcing. Either try a dictionary attack or (better) try to somehow bypass the password or (best) use social engineering to get it another way.

If it's just about hiding the user from the logon screen, than I believe you don't need to fiddle with the registry to do that... You can download Microsoft's TweakUI, go to 'logon' and select the users you want shown. This will only work on XP though.

Hi everyone I've been having fun with capturing and analyzing packets the other day. I realized that while basic http authentication and pop connections usernames and passwords appear just as plain text in the pcap software, more advanced protocols make it more difficult, if not impossible. I started wondering that while we might not be able to decrypt the tcp stream to extract the useful data, maybe we don't need to? Since we already have the encrypted credentials (or a cookie ID, not sure if I understand perfectly how this works), maybe we could start a connection with the server and just feed it the same packet we've already got? I captured the traffic of myself logging in to some services and then used netcat to open up a connection to the hosts. I pasted the http GET requests I captured with wireshark, but all I got was unfortunately Bad Request responses :( I did fail to achieve any positive results even though I tried a lot, but I still think it's quite a good idea, and maybe some of you more savvy hak5ers could give it a go or explain to me why I'm wrong and this will never work?