Wirshark

I got Wirshark, and I cant get any packets.
Can someone help me? When I go to the options, it dose not list any interfaces...
Whats the deal?

And can I somehow put wireshark on my flash drive? lol

-edit
woohoo 888 post!

you need to be root to run wireshark
(normal user privileges don't allow for capturing network traffic in promiscuous mode)

There should be an option in the apps menu to run as root
if not, it's just a simple

Code:

---

sudo wireshark

---

as for the flash drive
Do you have a full, bootable Linux install on there?
if you do, just boot into it and install wireshark

Hey thanks Ynot! That worked!! Woohoo! This is amazingly easy!
(there was an option to open Wireshark in root, but it said "Not recommended"

running any app as root can potentially be dangerous
but for some tasks, it's unavoidable
like installing software, or capturing network traffic, or whatever

Ok, thanks Ynot.

Really all you can do with this is basicaly view network trafic right? And only trafic on your network.

Quote:

---

Originally Posted by magical mike

Ok, thanks Ynot.

Really all you can do with this is basicaly view network trafic right? And only trafic on your network.

---

You can get network traffic that is picked up by that network interface. What that includes depends on your network setup.

LOL, My brothers myspace password lol...
And my sisters.
And my moms email lol..
But not my brothers runescape :(
(Maybe I have not found it yet) But I think its secure or something. Like an Https or whatever.

Quote:

---

Originally Posted by magical mike

But not my brothers runescape :(
(Maybe I have not found it yet) But I think its secure or something. Like an Https or whatever.

---

http://en.wikipedia.org/wiki/Man_in_the_middle_attack

purely in the interest of education and learning, of course

Oh thanks Ynot :D I learned something today! So I can see the comuncations between him and the runescape server right

I'm assuming this is a website (you said https) rather than anything else

Yeah, theoretically
- Setup an https server on your machine (using apache)
- Mirror the original login page from the site on your machine
- Setup the form to first send the login details to a file, and then redirect off to the actual runescape page
- Modify the victim's hosts file so www.runescape.com (or whatever the address is) points to your machine instead
- anything sent back from the runescape server, redirect to the victim

classic attack

ahaha thats great! lol.
I use to use apache when I had windows, to make gey little web pages.
But this is a better use.
lol...

(Of course he is only my bro people, I am not going to permanantly steal his password from him. Incase people are wondering).
Anyways. I cant find apache in the add/remove. Can I get it somewear else?

(Oh BTW I got my ATI Drivers working, with ubuntu 8.10)

Now, whenever I find passwords, there are two sections for passwords
One says IDPassword, anoher says Password
And on the Idpassword its only like one letter.
and on the password the password looks encrytpted.
Is it suppose to be like this?

Yes, probably
packet sniffing is easy
hence there's not a whole lot of sensitive info that travels unencrypted (or un-obfuscated) over the wire

It's almost never as easy as
"ooh look, some plain text login credentials"

Encryption happens all the time
Unless you're using something "truly" insecure

Take this site, as an example
HTTP only
there is no encrypted channel between your machine & the DV webserver
therefore anyone with access to your network traffic can see exactly what you send & receive from the DV webserver, including the login procedure

But, encryption does take place
Capture the conversation between your machine and the DV webserver while logging in
see what happens

It'll look something like this (I've changed the actual hashes for obvious reasons)

Code:

---

83901030da60c56d2d74682e9828; bbsessionhash=374e6f94ee6169fbc7927830392e540e; bblastvisit=1235724432; bblastactivity=0
Content-Type: application/x-www-form-urlencoded
Content-Length: 178

vb_login_username=Ynot&cookieuser=1&vb_login_password=&s=&do=login&vb_login_md5password=cd923e2a02e64f85e8c656161d262087&vb_login_md5password_utf=cd923e2a02e64f85e8c656161d262087

---

You'll notice that at no point does the raw, readable password for my account travel across the network
The encryption happens client side

A quick look at the html source for the login form shows this

Code:

---

<form action="login.php?do=login" method="post" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, 0)">

---

So, in order for someone to actually get my password, they'd have to either compromise my machine, or crack the MD5 hash

obviously, compromising my machine is the easy option
(Well, so they think ;)
this is the big difference between windows & linux - all they need for a windows client machine is a keylogger - good luck getting a keylogger onto a *nix machine undetected)

but cracking the hash is certainly do-able
You'd need to find how it constructs the input (salts, etc.)
but it all happens client side, so everyone has the same javascript encryption function

Crack the hash and reconstruct the textbox input by going backwards through the md5hash javascript function

It'd be far better if this site used SSL encryption (https)
as then, the only way to compromise someone's account would be to gain control of the DV webserver

As it stands, all you need is the network conversation and bit of work to backtrack though the client side encryption

Geez, is there a program out that Decrypts for you? I think i remember something like that when I was taking the computer merit badge.
(I was the only one there who had linux) But he said something about packets, and decryption.
And we learned about https also.
Can you use packet information to gain control fo a computer on a network?
Like I know ubuntu has that thing were you can log onto other computers.
(Mods I am just curious dont lock the thread please,Its not like I am not building a blue box or anything)

Quote:

---

Originally Posted by magical mike

Geez, is there a program out that Decrypts for you? I think i remember something like that when I was taking the computer merit badge.

---

yeah, there's quite a few
either dictionary attacks, brute force, or using rainbow tables

MD5 is also susceptible to hash collisions
(where more than one phrase hashes to the same output)

Quote:

---

Originally Posted by magical mike

Can you use packet information to gain control fo a computer on a network?

---

Any information is helpful
but generally no
packet sniffing is usually done to assume the identity of another user / machine, and gain access to stuff on a server you wouldn't normally have access to

There's certain cool things you can do with wireless networks by sniffing the packets

Quote:

---

Originally Posted by magical mike

Like I know ubuntu has that thing were you can log onto other computers.

---

SSH
SSH is completely encrypted - just like HTTPS

You can obviously still capture the packets, but it'll be jibberish
Only the server itself can decrypt the contents, no-one else

Quote:

---

Originally Posted by magical mike

(Mods I am just curious dont lock the thread please,Its not like I am not building a blue box or anything)

---

I am a mod
and yeah, knowledge is power

the knowledge needed to break into a system is the same knowledge needed to secure a system against a break-in

locking a thread about computer security doesn't help anyone