The Seattle SAGE Group (SSG)
Seattle based special interest group for system and network administrators.

Password Sniffing

  1. Latest form that has everyone scrambling
    1. Can not detect from any host but the sniffer
    2. Compromises all hosts talked to from the subnet

  2. How it is done
    1. Hacker gains root access (if the ethernet device is world writeable not needed)
    2. Hacker installs program (A COMPILED PROGRAM)
    3. Hacker hides log files
    4. Hacker collects from time to time (or has an automated post out method)

  3. Output is VERY NICE 
           Using logical device le0 [/dev/le0] Output to stdout.
       Log started at -> Fri Feb 07 08:29:08 [pid 23456]
       : -- TCP/IP LOG -- TM: Fri Feb 07 08:29:08
       PATH: victim.host.bar.com(67811) -> local.host.bar.com(telnet)
       STAT: Fri Feb 07 08:29:10, 34 pkts, 73 bytes [TH_FIN]
       DATA: (255)(255)^C(255)(251)^X(255)(250)^X
       : VT100(255)(240)(255)(253)^A(255)(252)^Alogin
       : password
       : -- TCP/IP LOG -- TM: Fri Feb 07 08:30:34
       PATH: victim.host.bar.com(67811) -> local.host.bar.com(telnet)
       STAT: Fri Feb 07 08:31:09, 14 pkts, 62 bytes [TH_FIN]
       DATA: USER lyong
       :   : PASS jk88kdf
Table of Contents Previous Page Next Page