Jump to content

Packet Analysis (newbie Question)


whitehat
 Share

Recommended Posts

I'd suggest running wireshark on your ICS machine and then running a packet analyzer on it. For example NetworkMiner, to see that kind of data you could expect. Keep in mind that anything encrypted will not be able to be picked up or recognized (easily, but there are some situations where you can decrypt the data).

NetworkMiner

http://www.netresec.com/?page=NetworkMiner

This is another packet analysis tool which is pretty nice.

http://www.netwitness.com/products-services/investigator-freeware

Link to comment
Share on other sites

Posted (edited) · Hidden by whitehat, May 16, 2012 - sec
Hidden by whitehat, May 16, 2012 - sec

I'd suggest running wireshark on your ICS machine and then running a packet analyzer on it. For example NetworkMiner, to see that kind of data you could expect. Keep in mind that anything encrypted will not be able to be picked up or recognized (easily, but there are some situations where you can decrypt the data).

NetworkMiner

http://www.netresec.com/?page=NetworkMiner

This is another packet analysis tool which is pretty nice.

http://www.netwitness.com/products-services/investigator-freeware

Thanks for your reply Mr Protocol.

Oh I do see the packets tho. I have a few hundred MB of old dump logs from my BT training. But the only thing I know how to do is try to break WEP. What else can you do with it? I'm just generally curious. Have you ever gotten any passwords other than home internet pw's? Any site logins or username/password combos? I use Wireshark bc it's built into my OS. Are the others better?

Edited by whitehat
Link to comment

Wireshark can get the packets, that's all you need. How you get information out of the pcap is your choice.

Back a while ago when not many sites used HTTPS you could get logins, cookies, watch IM convos as they happen. Now with most everything being encrypted now, it's tough.

Link to comment
Share on other sites

Posted · Hidden by whitehat, May 16, 2012 - sec
Hidden by whitehat, May 16, 2012 - sec

Back a while ago when not many sites used HTTPS you could get logins, cookies, watch IM convos as they happen. Now with most everything being encrypted now, it's tough.

I see. So all the info is there, but it's encrypted b/c of httpS. So can we use sslstrip?

Link to comment

Your best bet is to have a target. Being an opportunist is a small part of 'hacking'. Once a target is acquired, you can filter out all the garble.

Jeff did some very bad things to my sister. I have been watching Jeff for 7 years. Jeff goes to a certain clinical Dr. I go to same Dr. Bring USB switchblade. While Dr. is out of office, I inject a reverse shell payload into Dr.'s PC. Go home. Log into my shell account, and voila! I'm in Dr.s PC. Now I doctor some patient files to make it look as though Jeff is really a woman trapped in a mans body. Jeff's 'been taking female hormones to "prepare" for his transgender surgery. (the one I'm about to schedule for him).

Now I go after a particular surgeon. Watch his habits. He has a child (Ben, 17) who plays World of Warcraft all day, damn near everyday. I get to 'know' Ben through his facebook and the WoW forums. Ben downloads a wonderful cheat from me that I have edited and added a backdoor.

Now I can watch Ben's father (target surgeon) log into the Hospital servers and do his normal 'from-home' work.

Armed with this info, I research the system that manages the patient Database and add the necessary files to legitimize his transgender surgery. Now if I can just get Jeff into said hospital for something minor.....

....he'll wake up a woman, the S.O.B! now try my hax

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...