Greetings! Andrew Stewart wrote:
http://phenoelit.de/phoss/Does anyone know of a tool with credential sniffing capabilities similar to dsniff? (But that isn't dsniff ;-)I've played with Ethereal but I'd like to try and find a tool with focused password/credential snarfing ability.
"PHoss is a sniffer designed to find HTTP, FTP, LDAP, Telnet, IMAP4 and POP3 logins on the wire. It also sniffs the VNC challange/response handshake."
Especially in non-switchd networks quite an eye-opener. Lists nicely protocol, name and password for each appropriate packet coming along.
Personal experience with Phenoelit: some of them tried to social engineer into our CeBit network few years ago (out of sportsmanship I figure) but ended up getting social engineered themselves as they handed me their real, private "business card". But I guess they got better in that by now... (Greetings!) ;-)
Bye
Volker Tanger
IT-Security Consulting
--
discon gmbh
Wrangelstra�e 100
D-10997 Berlin
Telefon (030) 6104-3307
Telefax (030) 6104-3461
[EMAIL PROTECTED]
http://www.discon.de/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
