It would work on a switched network with yersinia (www.yersinia.net) also.
Bart Sent from my Verizon Wireless BlackBerry -----Original Message----- From: Abdul Qabiz <[email protected]> Date: Wed, 16 Dec 2009 19:09:10 To: PaulDotCom Security Weekly Mailing List<[email protected]> Subject: Re: [Pauldotcom] Can a sys admin see a gmail account I think, one can use tools like ettercap and really do mitm and dns-spoofing. I believe, this would only work on switched network? On 16/12/09 6:40 PM, Michael Douglas wrote: > Perhaps I'm not aware of how google or modern web browsers handle > things... but I thought an admin would be able to mount your C$ share > (yes I know I can't assume everyone's running windows... but come on!) > Once they have access to your HD, it's just a matter of reading the > local cache. > > Here's an older BlackHat Briefings talk about this from 2003 > www.blackhat.com/presentations/bh-usa-03/bh-us-03-akin.pdf (yes it is a pdf) > > The techniques in the above link are far from perfect... sent mail > isn't cached for instance... I need to try this out again. But I > had... I mean Bob had -- Yeah Bob -- had lots of fun with this a while > back. > > - Mick > > > > On Wed, Dec 16, 2009 at 1:49 AM, Joel Esler<[email protected]> wrote: > >> Let's assume this. Is it possible? Yes. However, it'd be extremely >> difficult and extremely unlikely. Theoretically, yes, they can see what you >> are doing. But I'd bet not. >> J >> >> On Tue, Dec 15, 2009 at 8:55 PM, Abdul Qabiz<[email protected]> wrote: >> >>> You are right, many admins don't have that much time. However, I learnt, >>> any user on network can actually find out about your cookies, that can >>> be scary situation. >>> >>> I would not trust any network, except the one I control. >>> >>> >>> >>> On 16/12/09 12:23 AM, Michael Miller wrote: >>> >>>> I would have to agree. If I was a "EVIL BOFH" I would use >>>> slidejacking to get into the users session. One question I'm asking >>>> my self right now is, How much time do the admins have to do this? >>>> Unless it's sanctioned by management. They would be violating any >>>> number of state& federal laws, and possibly company policy. If you >>>> fear you are being investigated at work. Don't use your work computer >>>> for non-business related communications. >>>> >>>> -mmiller >>>> >>>> On Tue, Dec 15, 2009 at 1:25 AM, Abdul Qabiz<[email protected]> wrote: >>>> >>>> >>>>> What I have learnt, if you are on switched network, one can play MITM >>>>> attack >>>>> or dns spoofing, to get the GX cookies. >>>>> >>>>> That's all you need, GX cookies. One can use GX cookies to login into >>>>> your >>>>> gmail account. >>>>> >>>>> >>>>> On 15/12/09 2:00 AM, Shawn McGovern wrote: >>>>> >>>>> Ok so my question was posted in a forum and someone gave me and answer >>>>> but >>>>> didnt explain it and then the forum post was when closed on me. So I >>>>> will >>>>> ask here for clarity and try not to kill me for this, I am trying to >>>>> learn. >>>>> >>>>> So if someone uses a corporate network to check a Gmail (using SSL). >>>>> If >>>>> they check to make sure that they have a secure connection -- once >>>>> connected >>>>> -- and then they check the certificate to see if the cert hierarchy has >>>>> been >>>>> tampered with. Everything looks fine. Are any admin or whomever able >>>>> to >>>>> see you emails? Forget about software on the computer you are using, >>>>> only >>>>> through the network monitoring. >>>>> >>>>> I was told in the forum that they could use a monitoring program like >>>>> wireshark to view them. In the wireshark forum I read that you would >>>>> need >>>>> the private key to decrypt the messages and in the forum they said that >>>>> a >>>>> sys admin can get the private key? Is that information correct? and >>>>> if so >>>>> how would they be able to get the private key? >>>>> >>>>> >>>>> Thanks in advance >>>>> >>>>> _______________________________________________ >>>>> Pauldotcom mailing list >>>>> [email protected] >>>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>>> Main Web Site: http://pauldotcom.com >>>>> >>>>> _______________________________________________ >>>>> Pauldotcom mailing list >>>>> [email protected] >>>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>>> Main Web Site: http://pauldotcom.com >>>>> >>>>> >>>>> >>>> _______________________________________________ >>>> Pauldotcom mailing list >>>> [email protected] >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> Main Web Site: http://pauldotcom.com >>>> >>>> >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >> >> >> -- >> Joel Esler | 302-223-5974 | gtalk: [email protected] >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> >> > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
