Jump to content

Ngrep Worth It?


Recommended Posts

Ngrep sounded great on the mark 3 but I know it was resource hungry just like sslstrip, I want to collect credentials so running sslstrip would be #1 and something like ngrep would be cool too But would it be easier to just find that data afterwards like with a pcap file from tcpdump?

so I was thinking maybe we could use an offsite toolkit for the pineapple to do this kind of stuff and make it as easy and cool looking like the pineapple, possibly have a feature that formats a thumb drive and sets up the partitions plus files like pre-installed packages and roll pages?

BTW where is ngrep? it's stated as "MITM tools: urlsnarf, dnsspoof & ngrep" in the hak shop?

What are your opinions on collecting data? have it all on the pineapple or some off site?

Link to comment
Share on other sites

Ngrep sounded great on the mark 3 but I know it was resource hungry just like sslstrip, I want to collect credentials so running sslstrip would be #1 and something like ngrep would be cool too But would it be easier to just find that data afterwards like with a pcap file from tcpdump?

so I was thinking maybe we could use an offsite toolkit for the pineapple to do this kind of stuff and make it as easy and cool looking like the pineapple, possibly have a feature that formats a thumb drive and sets up the partitions plus files like pre-installed packages and roll pages?

BTW where is ngrep? it's stated as "MITM tools: urlsnarf, dnsspoof & ngrep" in the hak shop?

What are your opinions on collecting data? have it all on the pineapple or some off site?

ngrep is only good for catching plaintext credentials - and you have to specify quite precisely what you want out of it (ftp logins for example). If you're already tcpdumping, you're going to get every plaintext credential anyways, you'll just have to search them out in the capture file - so if you're comfortable in wireshark with some packet analysis, you'll be fine - but if you want something easy, or more likely, if you're targeting a victim for one type of login (their company ftp say...) ngrep is the way to go. Ngrep was in the gui on the mark3 (and still is) but it didn't make the transition to the mark4 for some reason...you'd have to ask Seb. I believe its still installed on the mark4, just not in the UI (command line ftw anyways right?) - but I never use it lol, I'm a pcap man.

As for collecting data on or off site - I don't think you'd have any problem running tcpdump, ngrep, and sslstrip and dumping it all to a big fat USB stick and then scp'ing it off at your leisure - give it a shot, theres no harm in trying :)

telot

Link to comment
Share on other sites

I dont mean to show my noobness but I think the option to format 'on-board' is a stellar idea, even if its just a module which can be removed later.

Regarding Ngrep, it was in earlier releases of the firmware ~ just commented out of the php. I have looked at the new page coding and could not find it as it was before but I would think it has to be there for some of the other features to work 'out of the box'.

I wish I had more time to spend with my pineapple, but exploration and achievement thru hacking is half the fun :)

Syn.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...