Sniffing and Grabbing attachments with Wireshark

This kind of attack only works if the victim/target is using http to connect to their mail server and not https. In this case, the connection is unsecured!

This means we can do packet sniffing without having to do much donkey work. For that, we use Wireshark (which has a great deal of capabilities beyond this alone).

It may seem strange that we’re attacking our own machine in this scenario, but a little more reading on Wireshark will let you know how this will work.

To add to that, for this attack you will also need to have a table of magic numbers at hand because they will be very useful to you.

Comments

Password Cracking: RainbowCrack table generation, sorting and usage

I had to do this demo after one of my students asked for my assistance regarding how to use this tool. Usually, I just assign different tools to them individually depending on the aspect of penetration testing we are covering (session hijacking, vulnerability scanning, etc) and then tell them to submit a report and a video demo of how the tool is used. Anyway, after a brief one-to-one discussion I realized the student had actually done the research on how rainbow tables operate (above and beyond the material in the lecture slides) so I figured that if he was here asking for assistance, he genuinely needed it. The tool is available at the RainbowCrack site. A detailed description of this nifty tool can also be found here . So, firstly I had to generate the rainbow tables. The command line syntax is: rtgen hash_algorithm charset plaintext_len_min plaintext_len_max table_index chain_len chain_num part_index where: hash_algorithm Rainbow table is hash algorithm sp...

Forensics: Extraction of email evidence using Wireshark and NetworkMiner

The video at the end of this post is a demo of a solution to a forensic challenge from this site . The goal of the challenge is to extract necessary information for an investigation from a pcap file. the site, forensicscontest.com, has a number of similar challenges that you can try out as well. Obviously, there is more than one way to skin a pcap (the other methods can be found among the solutions/walkthroughs on the site itself) and in this case 2 tools were used: Wireshark NetworkMiner Just to cover a few "mysterious" sections of the video, there is a point where I sorted the packets in wireshark in alphabetical order then looked for the first SMTP packet. The reason is that since we are investigating email evidence, the common protocols we should search for include IMAP, SMTP etc. In this case, the criminal used SMTP. Next, there is a point where we highlight the stream index in the detailed section of the packet. This is because each stream refers ...

The new Curriculum and its impact on cybersecurity in Zimbabwe: Should we be worried?

There has been a great deal of uproar from many corners in our local society regarding the structure of the new Primary and Secondary school curriculum, but in this article I will not delve into my support for one side or the other as a whole. What I would like to focus on though, is the Computer Science subject (which I believe is very impressive to say the least) and how it ties into the bigger picture that is cyber security. This is with respect to the growth of what are known as threat actors in cyber security and the need for everyone to take their personal and organizational security seriously. By definition, a threat actor is basically any individual who may possibly cause harm to you or your organization, be it physically or in our case, digitally. You see, contrary to popular belief, or maybe I should refer to it as “media-based” belief, the people who can compromise your digital security, are not only just teenage hackers on the other side of the world wh...

Robsec

Search This Blog