Results 1 to 7 of 7

Thread: Sniffing MSN password on a network.

  1. #1
    Member Dissident85's Avatar
    Join Date
    Jun 2008
    Posts
    127

    Default Sniffing MSN password on a network.

    Hi all, I was playing around with Ettercap and Wireshark trying to see if I could find my MSN messenger password. I used Ettercap to do some arp poisoning and then Wreshark to sniff and dump all the data to a text file… I started to analyse the traffic but I was unable to find my password in it…

    I was just wondering if perhaps MSN messenger hashes the password? I don’t think it encrypts it because I think I was able to find my username…

    Has anyone else tried this before? Or perhaps someone could shed some light on how the msn messenger login works?

  2. #2
    Junior Member SBerry's Avatar
    Join Date
    Dec 2007
    Posts
    94

    Default

    Hotmail uses SSL to encrypt the data. You must set up Ettercap correctly in etter.conf to get it working with SSL. Off the top of my head you need to uncomment the iptables lines in the config file. Have you done this?

  3. #3
    Junior Member
    Join Date
    Feb 2008
    Posts
    44

    Default

    heres an interesting link describing this issue.....
    http://www.derkeiler.com/Mailing-Lis...2-09/0017.html

    "Well... the algorithm is an md5 sum of the password + a random value
    that the server gives to the client in the moment they start the auth
    transaction. Like everything else, it is crackable, but a lot of cpu
    cylces."
    RxCoup - Killthepage

  4. #4
    Member Dissident85's Avatar
    Join Date
    Jun 2008
    Posts
    127

    Default

    Quote Originally Posted by SBerry View Post
    To answer your question MSN use SSL to encrypt the data. You must set up Ettercap correctly in etter.conf to get it working with SSL. Off the top of my head you need to uncomment the iptables lines in the config file. Have you done this?
    I don’t think msn uses SSL to encrypt its data, because I was able to capture conversations, and I think possibly the username.

    But even if I did spoof the SSL cert by using my own fake one, wouldn’t messenger realise that it is not the correct cert? I know when I have played around intercepting http traffic, you receive a warning about the face cert… well an unregistered one... i think, correct me if i am wrong...

  5. #5
    Member Dissident85's Avatar
    Join Date
    Jun 2008
    Posts
    127

    Default

    Quote Originally Posted by marten:10 View Post
    heres an interesting link describing this issue.....
    derkeiler com/Mailing-Lists/securityfocus/security-basics/2002-09/0017.html

    "Well... the algorithm is an md5 sum of the password + a random value
    that the server gives to the client in the moment they start the auth
    transaction. Like everything else, it is crackable, but a lot of cpu
    cylces."
    Thats what i tought it would be, so you would have to capture the random value and the md5. and then using some sort of dictonary or brute force attack to crack it... which if they have a strong password, well it could take a while...

  6. #6
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    I don’t think msn uses SSL to encrypt its data, because I was able to capture conversations, and I think possibly the username.
    That is correct. Hotmail.com, which naturally uses the same password, does on the other hand use SSL encryption and the passwords can therefore be intercepted in clear-text using ettercap's ability to replace the SSL certificate with your own.

    I realize that this is not what you are asking for in this thread, but since the password will be the same it might be an approach worth considering as opposed to trying to crack the MD5 hash using wordlists or bruteforce.

    I know when I have played around intercepting http traffic, you receive a warning about the face cert… well an unregistered one... i think, correct me if i am wrong...
    Yes the browser will pop up a warning about the SSL certificate, which probably 99% of all users will ignore.
    -Monkeys are like nature's humans.

  7. #7
    Junior Member SBerry's Avatar
    Join Date
    Dec 2007
    Posts
    94

    Default

    Thanks Tron. When I posted the suggestion it was 4 in the morning GMT. Hotmail and MSN (Messenger) at that time in the morning were the same thing to me. Thought he meant Hotmail!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •