Jump to content

Wireshark questions / first hak


Grant
 Share

Recommended Posts

Hey guys

Been watching Hak5 since there debut on Revision3 and I'm loving it! Some of the stuff is a little over my head , but i enjoy learning new things about computers. I've been a " hardware guy " for awhile now building custom pcs for people and would like to extend my knowledge into the software arena.

Recently I've been interested in packet sniffing , mainly the program Wireshark. What I'm trying to do is capture user names and passwords on my home network ( more on the machine I'm using rather than the rest of the network ). So i have a few questions , if you guys dont mind

1. How EXACTLY do i get usernames and passwords from myspace using wireshark? I tested with my own login and cant seem to find the password......is it encrypted? I filtered to show only http and found the myspace entry. When I scroll over the username and password it doesn't show it

2. Can wireshark run in the backround while capturing?

3.When following the tcp stream where would i find this info , and what does it look like?

Thanks guys

Link to comment
Share on other sites

lol no myspace logins are not encrypted, theyre transmitted in plain text iva had lots of fun with peoples accounts just out of sheer boredom. its fun to snoop on the neighbors and to read their emails and maybe send some "hey im really gay" IM's to their facebook friends, but other than that honestly you find nothing but garbage when you snoop other peoples traffic, crap like jdate.com logins, aim yahoo and icq chats, boring ass emails and spam, myspace logins for sure, anti virus updates, retarted ass google searches, and i do mean fucking retarded its amazing what some people will type into the google search box, they talk to it as if theyre asking a person a question. so unless youre actually going to go somewhere and pwn some interesting shit prepare for the novelty to wear off quickly.

now all that being said i use a couple of programs that would make your arp spoofing, port mirroring, traffic sniffin, snooping nosy life a hell of a lot easier. the first one and one of my favorites is net resident from tamosoft.com, the second is more for wireless security auditing and will allow you to capture encrypted and unencrypted network traffic, inject custom made packets, crack wep and deauth wireless clients, decrypt wireless packets and reconstruct them on the fly in real time, and also supports a wide variety of packet capture types that you can import from other wireless applications for example .cap files from airodump or cain or airopeek or wireshark can be imported, packets reconstructed and a shitload of other options. you can also move netresident logs into commview and vice versa. anyways you can read the infos on it it will save me a lot of type.

heres a series of lopics from poor old joe and his iphone issues. i decided to be an ass and filtered his iphone off of his own wireless router then watched as he asked google fail questions to try and figure out what was wrong.

joes iphone

iphoine.jpg

quizimg.png

joes computer

joe_1.jpg

quizimg.png

andjoe asking for halp

goog_1.jpg

quizimg.png

Link to comment
Share on other sites

Ok the reason I'm using Wireshark is because its free ( completely free , not trialware) , and it needs to be discrete since the victim will be using the same computer as me.

And about reading myspace logins in plain text , would you have a screenshot of this ( you can garble out the sensitive stuff ).

And again can wireshark run in the backround?

Edit: i just want to practice in a safe environment so until i learn this i dont want to get in any trouble

Link to comment
Share on other sites

Is wireshark running on the same machine? I fnot, you need to do a MITM to capture the traffic of the other user. Or, if your on wireless, get BackTrack and fireup Wireshark in it while your network card is in monitor mode and you should be able to capture the password. So long as its not cookie authentication, and they actually have to type the email and password, you would be able to capture it with wireshark. If they login autmatically with a cookie, you would have to either replay the cookie, or session hijack using somehting like Hamster and Ferret.

Link to comment
Share on other sites

is this what you want to see? lol you thought i was lying about the passes being transmitted in plain text or what? :P

myspacepwnt.jpg

quizimg.png

heres an example of emails getting pwt over pop3 also

pop3pass.jpg

quizimg.png

and really im sure if you like an application youll find a way to get it at a huuge discount ;) but if youd rather dick around all day with different OS's, figuring out which drivers i need, how to use these clunky ugly limited applications then thats your choice, but i just thought i'd let you know that theres much better, and much easier to use solutions out there.

Link to comment
Share on other sites

keylogger would work much better in this situation, or a scam page since its a local attack.

Yeah you're probably right , i did want to learn how to sniff packets though. I might try it out if you know of any free ones that can run discretely that aren't riddled with viruses. PM me if you do

Is wireshark running on the same machine? I fnot, you need to do a MITM to capture the traffic of the other user. Or, if your on wireless, get BackTrack and fireup Wireshark in it while your network card is in monitor mode and you should be able to capture the password. So long as its not cookie authentication, and they actually have to type the email and password, you would be able to capture it with wireshark. If they login autmatically with a cookie, you would have to either replay the cookie, or session hijack using somehting like Hamster and Ferret.

Yes , wireshark is running on the same machine. And yeah they have to type it out

is this what you want to see? lol you thought i was lying about the passes being transmitted in plain text or what? :P

myspacepwnt.jpg

quizimg.png

heres an example of emails getting pwt over pop3 also

pop3pass.jpg

quizimg.png

and really im sure if you like an application youll find a way to get it at a huuge discount ;) but if youd rather dick around all day with different OS's, figuring out which drivers i need, how to use these clunky ugly limited applications then thats your choice, but i just thought i'd let you know that theres much better, and much easier to use solutions out there.

No thats cool , its just that Netresident program is like $200-300!! Really expensive for something i may only use a few times. Pm me if you know of a way " around this " ;)

But this hack started out as a learning experience , now kinda turned into a small prank on my roommate. I'm going to be moving out this weekend and wanted to do something like what Vector said in his first post

jaja lol

Link to comment
Share on other sites

Start googling. We have pretty much given you a start. If you capture the packet of someone typing in the name and pass for MySpace, Wireshark will show it, you just hsve to filter the results to get it. Most likely it will be in an HTTP POST event, but you can also search for strings like "login" or if you know their email address, search for it(CTRL+F, then select string and enter the word you want to find in wireshark)

Link to comment
Share on other sites

i do mean fucking retarded its amazing what some people will type into the google search box, they talk to it as if theyre asking a person a question.

It's due to the death of ask jeeves I swear.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...