In part 3 of our series, I showed you how to use Wireshark to sniff traffic and hopefully gather some passwords. It’s a lot of digging through a haystack to find a needle. It works, and if you know some of the protocols, you can search for keywords to help you. But if you’re just lazy, there are two excellent tools for just passwords: dsniff on Unix, and Cain & Abel on Windows.
Both tools do a little bit more than sniffing and support things like ARP spoofing and man-in-the-middle attacks. dsniff is old and not updated much any more, but it’ll pick up clear text passwords quite well. Cain & Abel is kept fairly up-to-date. However, both only deal with protocol specific passwords. So you’re not going to sniff any webpage passwords through them. You’ll still have to look for those passwords manually.
Cain & Abel is a whole lot more than just a sniffer; I suggest you play with it. However, what we’re concerned about is the sniffing capabilities. If you select the sniffer tab at the top, and the passwords tab at the bottom, then click on the “Start Sniffer” button near the top, you will see any protocol passwords it can see. In the screenshot, I had to force a cleartext password to go across the wire, as almost everything on our network is encrypted. I logged into an FTP server anonymously. Cain & Abel picked that up.
As you can see down the left side, there are a few types of passwords that can be picked up.
Dsniff is all command line, and doesn’t pick up as many protocols, but it works for most of them. In the screenshot, I used the -d option, but it’s not necessary.
You can see that it can be pretty easy to sniff cleartext passwords, so don’t use them!
Each Thursday, Security Musings features a security-related technology or tool. Featured items do not imply a recommendation by Gemini Security Solutions. For more information about how Gemini Security Solutions can help you solve your security issues, contact us!