Daily Cup of Tech

If you are having a hard time convincing your manager that you need to start using encrypted e-mail or to go away from POP3 e-mail access, here is a nifty little trick!

1. Install Wireshark on a computer that is off the network.
2. Install a managed switch that supports port mirroring or port spanning between your Internet connection and your firewall.
3. Mirror the port that your firewall is plugged into to another port andplug your computer with Wireshark into that port.
4. Capture the information with Wireshark for about an hour (or however long you want) using the following filter:

   pop.request.command == "USER" || pop.request.command == "PASS"

5. Show your manager everyone’s username and password that you captured from outside the network on the Internet!

You can also find all of the FTP passwords using the same method and this filter:

ftp.request.command == "USER" || ftp.request.command == "PASS"

Similar Posts:

• Get Command Prompt On Remote System
• 20 Ways To Mark Safer Internet Day 2007
• Troubleshooting DNS
• Don’t Be a Soldier in the Botnet Army
• Open Source Media Systems 23 of 24: eAR OS

If you found this post useful, why don't you buy me a cup of coffee to show your gratitude?

Trackback link - http://www.dailycupoftech.com/2007/10/25/e-mail-password-discovery-trick/trackback/

 

15 Responses to “E-Mail Password Discovery Trick”

1. Serge van Ginderachter Says:
   October 25th, 2007 at 12:22 pm

   Instead of going through the hassle of switches with port mirroring you might check if your router has an onboard hub to switch in. You might also look into the arpspoof tools in the dsniff tools package.

2. John Says:
   October 25th, 2007 at 12:27 pm

   To me, “outside the network” usually does not mean that you have access to the firewall, can install a switch in between and connect a random computer to the … uhm, network.

3. Jerad Kaliher Says:
   October 25th, 2007 at 2:59 pm

   I haven’t used packet sniffers or protocol analyzers in so long. This post really made me nostalgic. Thinking about my old irc days, tinkering and having fun. Now I’m stuck with a 9 to 5.

   I need to start getting back into tech and programming like I used to.

4. Matt Says:
   October 25th, 2007 at 3:28 pm

   You can also use wireshark with no switch/hub. I have two onboard NICs. If you bridge the network adapters, and put your computer in line between device A and device B, you can sniff that bridge. Just as good and you don’t need a hub/smart switch. I use it a lot with my laptop (i have an onboard NIC and a usb NIC)

5. Nalyd Says:
   October 25th, 2007 at 8:10 pm

   Be aware that at some companies this may be a breach of you IT department’s acceptable use policies, which could lead to all sorts of problems.

6. Lou Says:
   October 26th, 2007 at 7:13 am

   A mildly deceiving article. A person “on the Internet” would not have the type of access to internal network operations that you describe implementing with the managed switch. The IT department would have that access but there is a level of assumed and required trust that accompanies their job. They would not need to resort to these techniques.

   Also, in many, if not the majority of, companies - the act of installing a network sniffer is prohibited by the average user and is a cause for disciplinary action or dismissal.

   It’s not a secret that POP3 traffic is in the clear. A simple technical pro/con discussion with their manager should be all that is need for the IT department to request a more secure method of email transmission. Resorting to trickery and violating corporate policies to prove a point seems a little juvenile and tells me that the person doing it should NOT be in the IT department to begin with.

7. Adrian Says:
   October 29th, 2007 at 12:19 am

   Sounds like jemmying the doors one weekend to prove to the boss you need better locks — a career limiting move.

   I’m agreeing with Nalyd and Lou, you start breaking your company policies and you go looking for a new job!

8. Internet and Computer Security Defence Says:
   October 29th, 2007 at 5:17 am

   Troj/LegMir-Y - Spyware Trojan - Sophos threat analysis They could send you to sites that contain gross pictures, harmful software, or scams that will try to steal your password. Think before you click! …Steal E-Mail PasswordsA “charlatan” server may be operated by a hacker to steal your NetID password. This could be used to log into your account and hack other computers, … Skype Trojan poses as the real thing to steal your password

9. Utterly Boring - Surfing The Web So You Don't Have To Says:
   November 14th, 2007 at 6:23 am

   Disable wget if you don’t need it.Free software to find your security flaws.Mandriva’s open letter to Steve Ballmer.Your desktop is not a destination.Having a hard time convincing your boss to use encrypted e-mail?This might do it.Salvage an old system with Damn Small Linux.How to See What Pages a Traffic Source is Linking in Google Analytics.How to recover a deleted Word document.Top ten off switches. [IMG]

10. Bend Blogs Says:
    November 14th, 2007 at 8:12 am

    Disable wget if you don’t need it.Free software to find your security flaws.Mandriva’s open letter to Steve Ballmer.Your desktop is not a destination.Having a hard time convincing your boss to use encrypted e-mail?This might do it.Salvage an old system with Damn Small Linux.How to See What Pages a Traffic Source is Linking in Google Analytics.How to recover a deleted Word document.Top ten off switches. [IMG ] [IMG ] [IMG ] [IMG ]

11. Knightwise.com - Home Says:
    December 18th, 2007 at 5:53 pm

    But what if that access point is in fact NOT owned by a Noobie ! What if it where a honey-pot .. a flytrap for wireless warriors like you and me who piggy bag our Ip on somebody else’s wireless.The article featured on Dailycupoftechshows you how easy it is to sniff out unencrypted email passwords. Those of you who are still using classic pop 3 email might find it a tad shocking to discover just how easy it is to sniff your password. From experience I know that it is equally easy

12. Ben the cs reapz Says:
    February 11th, 2009 at 10:30 am

    Tried it with no success. you might wanna split the code in two, the injector isnt working.

13. Cardiology website design Says:
    June 22nd, 2009 at 2:02 am

    Hi,
    I found your blog on google and read a few of your other posts. I just added you to my Google News Reader. Keep up the good work. Look forward to reading more from you in the future.
    Regards,
    Jane

14. MySpace Proxy Says:
    June 24th, 2009 at 3:18 am

    I’m gonna pass this one along to my friend - she’s gonna realy like this one - thanks again!

15. News Script Says:
    December 5th, 2009 at 12:59 am

    Thank you for your insight. The article was worth every minute reading it (and the upcoming re-reads). Brilliant post.

Leave a Reply