whitehat Posted April 10, 2012 Share Posted April 10, 2012 (edited) woogie boogie Edited May 16, 2012 by whitehat Quote Link to comment Share on other sites More sharing options...
whitehat Posted April 11, 2012 Author Share Posted April 11, 2012 · Hidden by whitehat, May 16, 2012 - sec Hidden by whitehat, May 16, 2012 - sec i'll just bump this one time if i may Link to comment
Mr-Protocol Posted April 11, 2012 Share Posted April 11, 2012 I'd suggest running wireshark on your ICS machine and then running a packet analyzer on it. For example NetworkMiner, to see that kind of data you could expect. Keep in mind that anything encrypted will not be able to be picked up or recognized (easily, but there are some situations where you can decrypt the data). NetworkMiner http://www.netresec.com/?page=NetworkMiner This is another packet analysis tool which is pretty nice. http://www.netwitness.com/products-services/investigator-freeware Quote Link to comment Share on other sites More sharing options...
whitehat Posted April 11, 2012 Author Share Posted April 11, 2012 (edited) · Hidden by whitehat, May 16, 2012 - sec Hidden by whitehat, May 16, 2012 - sec I'd suggest running wireshark on your ICS machine and then running a packet analyzer on it. For example NetworkMiner, to see that kind of data you could expect. Keep in mind that anything encrypted will not be able to be picked up or recognized (easily, but there are some situations where you can decrypt the data). NetworkMiner http://www.netresec.com/?page=NetworkMiner This is another packet analysis tool which is pretty nice. http://www.netwitness.com/products-services/investigator-freeware Thanks for your reply Mr Protocol. Oh I do see the packets tho. I have a few hundred MB of old dump logs from my BT training. But the only thing I know how to do is try to break WEP. What else can you do with it? I'm just generally curious. Have you ever gotten any passwords other than home internet pw's? Any site logins or username/password combos? I use Wireshark bc it's built into my OS. Are the others better? Edited April 11, 2012 by whitehat Link to comment
Mr-Protocol Posted April 11, 2012 Share Posted April 11, 2012 Wireshark can get the packets, that's all you need. How you get information out of the pcap is your choice. Back a while ago when not many sites used HTTPS you could get logins, cookies, watch IM convos as they happen. Now with most everything being encrypted now, it's tough. Quote Link to comment Share on other sites More sharing options...
whitehat Posted April 11, 2012 Author Share Posted April 11, 2012 · Hidden by whitehat, May 16, 2012 - sec Hidden by whitehat, May 16, 2012 - sec Back a while ago when not many sites used HTTPS you could get logins, cookies, watch IM convos as they happen. Now with most everything being encrypted now, it's tough. I see. So all the info is there, but it's encrypted b/c of httpS. So can we use sslstrip? Link to comment
Mr-Protocol Posted April 11, 2012 Share Posted April 11, 2012 I see. So all the info is there, but it's encrypted b/c of httpS. So can we use sslstrip? Some info would be encrypted. And yes you can use SSL Strip to see some of it, but if they use HSTS you wont see it. http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security Quote Link to comment Share on other sites More sharing options...
whitehat Posted April 11, 2012 Author Share Posted April 11, 2012 · Hidden by whitehat, May 16, 2012 - sec Hidden by whitehat, May 16, 2012 - sec Some info would be encrypted. And yes you can use SSL Strip to see some of it, but if they use HSTS you wont see it. http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security What would I do without you? Link to comment
Mr-Protocol Posted April 11, 2012 Share Posted April 11, 2012 What would I do without you? I would imagine, being tortured by spam bots :P. Quote Link to comment Share on other sites More sharing options...
blu3nowh3r3 Posted April 11, 2012 Share Posted April 11, 2012 ^^^ roflcopters Quote Link to comment Share on other sites More sharing options...
condor Posted April 11, 2012 Share Posted April 11, 2012 Your best bet is to have a target. Being an opportunist is a small part of 'hacking'. Once a target is acquired, you can filter out all the garble. Jeff did some very bad things to my sister. I have been watching Jeff for 7 years. Jeff goes to a certain clinical Dr. I go to same Dr. Bring USB switchblade. While Dr. is out of office, I inject a reverse shell payload into Dr.'s PC. Go home. Log into my shell account, and voila! I'm in Dr.s PC. Now I doctor some patient files to make it look as though Jeff is really a woman trapped in a mans body. Jeff's 'been taking female hormones to "prepare" for his transgender surgery. (the one I'm about to schedule for him). Now I go after a particular surgeon. Watch his habits. He has a child (Ben, 17) who plays World of Warcraft all day, damn near everyday. I get to 'know' Ben through his facebook and the WoW forums. Ben downloads a wonderful cheat from me that I have edited and added a backdoor. Now I can watch Ben's father (target surgeon) log into the Hospital servers and do his normal 'from-home' work. Armed with this info, I research the system that manages the patient Database and add the necessary files to legitimize his transgender surgery. Now if I can just get Jeff into said hospital for something minor..... ....he'll wake up a woman, the S.O.B! now try my hax Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.