Wirshark

[magical mike]

I got Wirshark, and I cant get any packets. Can someone help me? When I go to the options, it dose not list any interfaces... Whats the deal? And can I somehow put wireshark on my flash drive? lol -edit woohoo 888 post!

[Ynot]

you need to be root to run wireshark (normal user privileges don't allow for capturing network traffic in promiscuous mode) There should be an option in the apps menu to run as root if not, it's just a simple Code: sudo wireshark as for the flash drive Do you have a full, bootable Linux install on there? if you do, just boot into it and install wireshark

[magical mike]

Hey thanks Ynot! That worked!! Woohoo! This is amazingly easy! (there was an option to open Wireshark in root, but it said "Not recommended"

[Ynot]

running any app as root can potentially be dangerous but for some tasks, it's unavoidable like installing software, or capturing network traffic, or whatever

[magical mike]

Ok, thanks Ynot. Really all you can do with this is basicaly view network trafic right? And only trafic on your network.

[Stalker]

Ok, thanks Ynot. Really all you can do with this is basicaly view network trafic right? And only trafic on your network. You can get network traffic that is picked up by that network interface. What that includes depends on your network setup.

[magical mike]

LOL, My brothers myspace password lol... And my sisters. And my moms email lol.. But not my brothers runescape (Maybe I have not found it yet) But I think its secure or something. Like an Https or whatever.

[Ynot]

But not my brothers runescape (Maybe I have not found it yet) But I think its secure or something. Like an Https or whatever. http://en.wikipedia.org/wiki/Man_in_the_middle_attack purely in the interest of education and learning, of course

[magical mike]

Oh thanks Ynot I learned something today! So I can see the comuncations between him and the runescape server right

[Ynot]

I'm assuming this is a website (you said https) rather than anything else Yeah, theoretically - Setup an https server on your machine (using apache) - Mirror the original login page from the site on your machine - Setup the form to first send the login details to a file, and then redirect off to the actual runescape page - Modify the victim's hosts file so www.runescape.com (or whatever the address is) points to your machine instead - anything sent back from the runescape server, redirect to the victim classic attack

[magical mike]

ahaha thats great! lol. I use to use apache when I had windows, to make gey little web pages. But this is a better use. lol... (Of course he is only my bro people, I am not going to permanantly steal his password from him. Incase people are wondering). Anyways. I cant find apache in the add/remove. Can I get it somewear else? (Oh BTW I got my ATI Drivers working, with ubuntu 8.10)

[magical mike]

Now, whenever I find passwords, there are two sections for passwords One says IDPassword, anoher says Password And on the Idpassword its only like one letter. and on the password the password looks encrytpted. Is it suppose to be like this?

[Ynot]

Yes, probably packet sniffing is easy hence there's not a whole lot of sensitive info that travels unencrypted (or un-obfuscated) over the wire It's almost never as easy as "ooh look, some plain text login credentials" Encryption happens all the time Unless you're using something "truly" insecure Take this site, as an example HTTP only there is no encrypted channel between your machine & the DV webserver therefore anyone with access to your network traffic can see exactly what you send & receive from the DV webserver, including the login procedure But, encryption does take place Capture the conversation between your machine and the DV webserver while logging in see what happens It'll look something like this (I've changed the actual hashes for obvious reasons) Code: 83901030da60c56d2d74682e9828; bbsessionhash=374e6f94ee6169fbc7927830392e540e; bblastvisit=1235724432; bblastactivity=0 Content-Type: application/x-www-form-urlencoded Content-Length: 178 vb_login_username=Ynot&cookieuser=1&vb_login_password=&s=&do=login&vb_login_md5password=cd923e2a02e64f85e8c656161d262087&vb_login_md5password_utf=cd923e2a02e64f85e8c656161d262087 You'll notice that at no point does the raw, readable password for my account travel across the network The encryption happens client side A quick look at the html source for the login form shows this Code: <form action="login.php?do=login" method="post" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, 0)"> So, in order for someone to actually get my password, they'd have to either compromise my machine, or crack the MD5 hash obviously, compromising my machine is the easy option (Well, so they think this is the big difference between windows & linux - all they need for a windows client machine is a keylogger - good luck getting a keylogger onto a *nix machine undetected) but cracking the hash is certainly do-able You'd need to find how it constructs the input (salts, etc.) but it all happens client side, so everyone has the same javascript encryption function Crack the hash and reconstruct the textbox input by going backwards through the md5hash javascript function It'd be far better if this site used SSL encryption (https) as then, the only way to compromise someone's account would be to gain control of the DV webserver As it stands, all you need is the network conversation and bit of work to backtrack though the client side encryption

[magical mike]

Geez, is there a program out that Decrypts for you? I think i remember something like that when I was taking the computer merit badge. (I was the only one there who had linux) But he said something about packets, and decryption. And we learned about https also. Can you use packet information to gain control fo a computer on a network? Like I know ubuntu has that thing were you can log onto other computers. (Mods I am just curious dont lock the thread please,Its not like I am not building a blue box or anything)

[Ynot]

Geez, is there a program out that Decrypts for you? I think i remember something like that when I was taking the computer merit badge. yeah, there's quite a few either dictionary attacks, brute force, or using rainbow tables MD5 is also susceptible to hash collisions (where more than one phrase hashes to the same output) Can you use packet information to gain control fo a computer on a network? Any information is helpful but generally no packet sniffing is usually done to assume the identity of another user / machine, and gain access to stuff on a server you wouldn't normally have access to There's certain cool things you can do with wireless networks by sniffing the packets Like I know ubuntu has that thing were you can log onto other computers. SSH SSH is completely encrypted - just like HTTPS You can obviously still capture the packets, but it'll be jibberish Only the server itself can decrypt the contents, no-one else (Mods I am just curious dont lock the thread please,Its not like I am not building a blue box or anything) I am a mod and yeah, knowledge is power the knowledge needed to break into a system is the same knowledge needed to secure a system against a break-in locking a thread about computer security doesn't help anyone