Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Packet Sniffer for capturing session?

  1. #1
    Senior Member
    Join Date
    Jul 2008
    Posts
    153

    Packet Sniffer for capturing session?

    Dear friends,
    I was surfing the net that I came across the following message in a board:
    /////////////////////////////////////////////////////////////////
    I've got a soft that capture the Yahoo session like:

    "http://login.yahoo.com/config/login?.tries=3&.
    src=ym&.md5=&.hash=&.js=1&.last=&promo=&.intl=us&. bypass=&.partner=&.u=40avnjt1da3t7&.v=0&.challenge =gJHnjP93jlYiEyzbwnYDOBQNrmn5&.y
    plus=&.emailCode=&pkg=&stepid=&.ev=&hasMsgr=1&.chk P=Y&.done=http%3A//mail.yahoo.com&login=test123&passwd=9c207190bd4143 0c9157fc5c
    a8a84d57&.persistent=&.save=1&.hash=1&.md5=1"

    Can anyone know how to decode the passwd hidden under
    "&passwd=9c207190bd41430c9157fc5ca8a84d57&" ???
    ///////////////////////////////////////////////////////////////////
    I think it had been something like packet sniffers but not sure.
    Does anyone have a feeling toward what it had been? or guess?

    Thanks all

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    hash=1&.md5=1
    It's an MD5 hash, can't decode that only bruteforce it.

    I think it had been something like packet sniffers but not sure.
    Why don't you try it yourself?

    http://www.wireshark.org
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391

    Wink

    As SirDice mentioned it is a md5 hash and i suspect that you would have a slim chance at "cracking" the hash.

    And even if you did crack it what purpose would it serve? I mean really is it worth spending an amount of time to get into someon'es yahoo account...

    Simply because as soon as the actual owner of the account become's aware of it, they will notify yahoo and the account will be suspended and reset with new password etc.

    So you will be at stage 1 again very quickly.

  4. #4
    Senior Member
    Join Date
    Jul 2008
    Posts
    153
    Thanks Sir,
    I just downloaded the wireshark and googled it but let me say something.
    Yes the pass is md5 but as I have found out, he has logged in with his own user and pass into yahoo and by capturing his own session by wireshark, he has gained the md5 hash of his pass!!!!!!!!So what? What's the result of using wireshark this way!!!!
    I know that md5 has a 1-way algorithm. So when we first make an account in yahoo it stores a md5 copy of our pass in his database (say HASH1). The next time you wanna login, you gave him again your pass...yahoo changes it into md5 (say HASH2) and compares it with HASH1...if they are the same u can enter. OK. I thought he had found HASH1 in his post...I mean the hash of real pass that's stored in server database otherwise what's the benefit of finding your own md5 pass!!!!!!!!!
    Anyhow do you think there is any footprint of HASH1 any any of sent or received packets during email login? And can it be sniffed?
    Last edited by boyboy400; August 28th, 2008 at 01:09 PM.

  5. #5
    Senior Member
    Join Date
    Jul 2008
    Posts
    153
    Thanks t34b4g5 too. But what do you think about my next post? Am I right? Also I agree with you, in general, about worthlessness of hacking others privacy but in hackers manifesto there's a sentence: do not judge me cause you don't know me. Only God can judge me.
    I myself believe the above sentences from manifesto (and of course I have some discussions about it <winkle>)

  6. #6
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    If you look closely at the url you'll also find a challenge in there..
    So it's a challenge/response type authentication.
    Just sniffing the current MD5 won't help you as it depends on the challenge..

    http://en.wikipedia.org/wiki/Challen...authentication
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  7. #7
    Senior Member
    Join Date
    Jul 2008
    Posts
    153
    Dear SirDice,
    I read about challenge/response type authentication. Thanks for the link but would you please give some sharp answers to my 2 questions (I'm so sorry for being so newbie)
    1-In my first question above, when we know that there had been a challenge/responce, does it mean that the hash of password is manipulated with some string? I mean for example if the pass had been 123 and its hash mush be abcdef, yahoo added a string to it and what we have is: "hash=xyzabcdef"? Am I right?
    2- Was I right about the wireshark? I mean does it have sniffed the hash of his own password (not the hash of someone else)? Because apparently it sniffs the packages(being sent and received) of the computer it's installed on!!
    Thanks

  8. #8
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391
    Quote Originally Posted by boyboy400
    about worthlessness of hacking others privacy but in hackers manifesto there's a sentence: do not judge me cause you don't know me. Only God can judge me.
    I myself believe the above sentences from manifesto (and of course I have some discussions about it <winkle>)
    The Hackers manifesto is as outdated as the sentence you just quoted.

  9. #9
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391

    Smile

    Ok here's a link to MD5 DarkDBProject V1.2 - Hash database

    i'm not going to explain what to do with it, but maybe give this a play with and see if it helps.

  10. #10
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    but in hackers manifesto there's a sentence: do not judge me cause you don't know me. Only God can judge me.
    I myself believe the above sentences from manifesto
    Shame that the Feds and the Courts don't.

Similar Threads

  1. Windows Error Messages
    By cheyenne1212 in forum Miscellaneous Security Discussions
    Replies: 7
    Last Post: February 1st, 2012, 02:51 PM
  2. A look into IDS/Snort Whole thing by QoD
    By qod in forum The Security Tutorials Forum
    Replies: 6
    Last Post: February 27th, 2004, 03:03 AM
  3. Packet Crafting via HPing v2
    By don in forum The Security Tutorials Forum
    Replies: 9
    Last Post: January 8th, 2003, 02:40 PM
  4. The Worlds Longest Thread!
    By Noble Hamlet in forum AntiOnline's General Chit Chat
    Replies: 1100
    Last Post: March 17th, 2002, 09:38 AM
  5. Traceroute: under the hood
    By antihaxor in forum Non-Security Archives
    Replies: 0
    Last Post: January 24th, 2002, 05:42 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •