Penetration Testing mailing list archives
Re: extracting passwords from ethereal dump
From: sfml () gomor org
Date: Mon, 27 Jun 2005 14:34:41 +0200
On Tue, Jun 21, 2005 at 04:32:27PM +0200, Nicolas Gregoire wrote:
Le lundi 20 juin 2005 à 19:14 +0300, Mohamed Abdel Kader a écrit :I was on a assessment and decided to get some of the traffic moving along the network. i got it using ethereal. now i want a program (other than ettercap) that can take this dump and extract the passwords.Hey, I just had a quasi identical situation last week. I captured 2 Gb of trafic while arp-spoofing some hosts (during an internal pentest) and I had to extract as much information as possible from my pcap files.
Maybe the following script could be of use also. Not sure if it will work on a 2Gb file, but this could be a good test ;) --8<-- #!/usr/bin/perl use strict; use warnings; use Net::Pkt; my $dump = Net::Packet::Dump->new( file => $ARGV[0], filter => $ARGV[1] ? $ARGV[0] : '', overwrite => 1, unlinkOnDestroy => 0, noStore => 1, callStart => 1, ); while (my $f = $dump->next) { if ($f->l7) { my $binData = $f->l7->data; print unpack('H*', $binData), "\n"; # Do whatever you want with this $binData here } } --8<-- -- ^ ___ ___ FreeBSD Network - http://www.GomoR.org/ <-+ | / __ |__/ Systems & Security Engineer | | \__/ | \ ---[ zsh$ alias psed='perl -pe ' ]--- | +--> Net::Packet <=> http://search.cpan.org/~gomor/ <--+
Current thread:
- extracting passwords from ethereal dump Mohamed Abdel Kader (Jun 20)
- Re: extracting passwords from ethereal dump Nicolas Gregoire (Jun 21)
- Re: extracting passwords from ethereal dump Tim E (Jun 21)
- Re: extracting passwords from ethereal dump Noname (Jun 22)
- Re: extracting passwords from ethereal dump sfml (Jun 27)
- <Possible follow-ups>
- Re: extracting passwords from ethereal dump David Eduardo Acosta Rodríguez (Jun 20)
- RE: extracting passwords from ethereal dump Todd Towles (Jun 20)
- RE: extracting passwords from ethereal dump Steve A (Jun 20)
- Re: extracting passwords from ethereal dump andre protas (Jun 20)
- RE: extracting passwords from ethereal dump Kyle Starkey (Jun 21)
- Re: extracting passwords from ethereal dump Nicolas Gregoire (Jun 21)