Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Wireshark pword reading

  1. #1
    Junior Member
    Join Date
    Jan 2009
    Posts
    26

    Default Wireshark pword reading

    Hi Guys

    I am using wireshark to monitor my incoming/outgoing data. Anyway, I tried logging into a vBulletin forum and when I tried to find the password in wireshark I couldn't find it. The closest I could find was the username and a 'hashed' string. Anyone know whats going on ?

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Its going to sound like Im stating the obvious here.... the password is being hashed before its sent over the wire. Google for "password hashing"...
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Junior Member
    Join Date
    Jan 2009
    Posts
    26

    Default

    I know you can hash pwords in the DB but I didnt know there was a way to hash pwords on the clientside.

  4. #4
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Sure. Its fairly common for passwords to be hashed by network clients before they are sent over the wire. For one thing it allows the password to be sent via the network in a form that isnt clear text, without having the encrypt the entire communication session. It also provides an easy to use mechanism to allow the password to be checked without having to store it in a clear text or reversible form on the server itself.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  5. #5
    Junior Member
    Join Date
    Feb 2010
    Posts
    42

    Default

    anyone know of a good tutorial on how to use wireshark for pen testing? i have messed around with the program a bit but im still a bit clueless about what exactly i am looking for.
    thanks in advance.
    -Wes-

  6. #6
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by wesmagyar View Post
    anyone know of a good tutorial on how to use wireshark for pen testing? i have messed around with the program a bit but im still a bit clueless about what exactly i am looking for.
    thanks in advance.
    -Wes-
    The documentation is probably about as good as it gets. I mean is there something a bit more specific you are having problems with?
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  7. #7
    Junior Member
    Join Date
    Feb 2010
    Posts
    42

    Default

    well ill look there too but i wasreally looking for somthing with real life examples of how wireshark would be used in a pentest. what kind of packets to look for and so on.
    -Wes-

  8. #8
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by wesmagyar View Post
    well ill look there too but i wasreally looking for somthing with real life examples of how wireshark would be used in a pentest. what kind of packets to look for and so on.
    -Wes-
    Hence the fact we need you to be more specific.
    We could tell you how to filter for arp requests but if you are not looking for arp requests then that would be a little futile right?
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  9. #9
    Junior Member
    Join Date
    Feb 2010
    Posts
    42

    Default

    Ok, well I've tried using it on my computer to try to look at I'm conversation and filtered it for yahoo when I was using yahoo but I couldn't understand what the packets contained. I've also looked at packets when I've logged into websites but same problem. I'm guessing I probably need to get a book on tcp/ip to try and understand it better but I was hoping there might be a more direct approach
    I've used utilities before the would capture and follow I'm conversations or web pages that where being browsed before but I just wanted to understand how they work and what packets they where looking for and how to read them and so on.
    Also if the formatting of this message is kind of borked its cuz I'm using my crackberry to post itm
    -Wes-

  10. #10
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    That was the reason I suggested to look at the Doc's
    Try this page of said documentation.
    Wireshark: Display Filter Reference: Yahoo Messenger Protocol
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •