Hi all, As long as I can remember reading various articles/docs, they all say that telnet is not secure because all traffic is in clear text. Well, out of boredom, I try to sniff username and password from a telnet session. The command I use: tcpdump tcp port 23 -vvv -w test.txt Then I read the result: strings test.txt |`D |fD |fD 38400,38400 Red Hat Enterprise Linux ESD Ologin: D 5eE LsE _tE Password: F [aG |hG jaH Last login: Wed Feb 6 15:53:3H ]0;test4 at server:~ GV{ But it succeeds with FTP. strings test.txt <.9@ 4.:@ 220 (vsFTPd 2.0.1) 4.;@ @.<@ USER test4 331 Please specify the passwor 4.=@ B.>@ PASS secret 230 Login successful. 4.?@ :.@@ SYST 215 UNIX Type: L8 4.A@ Did I miss something? How do we capture telnet password using tcpdump? Thank you. -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 15:51:58 up 8:16, 2.6.22-14-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org The real challenge of teaching is getting your students motivated to learn. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part. URL: <http://lists.centos.org/pipermail/centos/attachments/20080206/8c1d3d53/attachment.sig>
Hi, you should set the snaplen (length of packets to be captured) to 0 (max packetsize) like : tcpdump tcp port 23 -s 0 -w test.txt Otherwise you won't get the full packets. And you can use wireshark to read the dumpfile and easily find the password(s). Michel On Wed, 2008-02-06 at 15:57 +0700, Fajar Priyanto wrote:> Hi all, > As long as I can remember reading various articles/docs, they all say that > telnet is not secure because all traffic is in clear text. Well, out of > boredom, I try to sniff username and password from a telnet session. > > The command I use: tcpdump tcp port 23 -vvv -w test.txt > Then I read the result: strings test.txt > |`D > |fD > |fD > 38400,38400 > Red Hat Enterprise Linux ESD > Ologin: D > 5eE > LsE > _tE > Password: F > [aG > |hG > jaH > Last login: Wed Feb 6 15:53:3H > ]0;test4 at server:~ > GV{ > > But it succeeds with FTP. > strings test.txt > <.9@ > 4.:@ > 220 (vsFTPd 2.0.1) > 4.;@ > @.<@ > USER test4 > 331 Please specify the passwor > 4.=@ > B.>@ > PASS secret > 230 Login successful. > 4.?@ > :.@@ > SYST > 215 UNIX Type: L8 > 4.A@ > > > Did I miss something? How do we capture telnet password using tcpdump? > Thank you. > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos
Fajar Priyanto wrote:> Hi all, > As long as I can remember reading various articles/docs, they all say that > telnet is not secure because all traffic is in clear text. Well, out of > boredom, I try to sniff username and password from a telnet session. > > The command I use: tcpdump tcp port 23 -vvv -w test.txt > Then I read the result: strings test.txt >with wireshark, I easily see... ..... ..#..'.. .38400,38400....'.......VT100.................;.......!...test .test .. where, test and test are the account and password of the dummy account I created. you're not seeing it with `strings`, because its sent one character per packet as you type it.
On Wed, Feb 06, 2008, Fajar Priyanto wrote:>Hi all, >As long as I can remember reading various articles/docs, they all say that >telnet is not secure because all traffic is in clear text. Well, out of >boredom, I try to sniff username and password from a telnet session.Another program I like for things like this is tcpflow which takes the same command line arguments as tcpdump, but creates separate files for each side of a tcp connection. It displays the data in plain text which makes debugging things like unencrypted imap and pop connections fairly easy. Bill -- INTERNET: bill at celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 The very powerful and the very stupid have one thing in common. Instead of altering their views to fit the facts, they alter the facts to fit their views ... which can be very uncomfortable if you happen to be one of the facts that needs altering. -- Doctor Who, "Face of Evil"
On Feb 6, 2008, at 1:57 AM, Fajar Priyanto wrote:> Hi all, > As long as I can remember reading various articles/docs, they all > say that > telnet is not secure because all traffic is in clear text. Well, out > of > boredom, I try to sniff username and password from a telnet session.I would suggest using dsniff, it has the ability to parse out passwords in the flows that it see's. http://monkey.org/~dugsong/dsniff/ Joshua Gimer