Date: Thu, 13 Dec 2018 23:11:05 +0100 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: question - hash extraction from .cap tcpdump files On Thu, Dec 13, 2018 at 9:23 AM JohnyKrekan <krekan@...nykrekan.com> wrote: > Hello, I want to ask whether you could recommend an utility which would > allow me to extract hashes (and plain passwords as well) so I could later > use those hashes with John for testing their security. Here are some scripts included with JtR jumbo that appear to have pcap processing functionality: $ fgrep -rwl pcap run run/pcap2john.py run/krb2john.py run/radius2john.pl run/network2john.lua Further, pcap2john.py starts with a note listing other programs (not scripts, so only available after you build JtR from source): "Note: This program does not have the functionality of wpapcap2john, SIPdump, eapmd5tojohn, and vncpcap2john programs which are included with JtR Jumbo." On Thu, Dec 13, 2018 at 11:07:06AM -0500, Rich Rumble wrote: > John can do this already when you provide the pcap's for traffic: VNC, WiFi > (PSK), EIGRP, HSRP, IKE-PSK, Gadu-Gadu, Kerberos, SSH and others: > https://openwall.info/wiki/john/sample-non-hashes > https://openwall.info/wiki/john/WPA-PSK SSH doesn't belong on that list: we only support cracking of its private key passphrases. > As far as plain-passwords you probably want to look at sniffing them with a > filter applied to tcpdump/wireshark which is beyond the scope of this list. > A qucik search turned up some useful results > https://www.google.com/search?q=pcap+filter+plain+text+passwords There's also the now ancient dsniff, which was good, but I imagine you might have difficulty getting it to build on a modern system: https://en.wikipedia.org/wiki/DSniff https://www.monkey.org/~dugsong/dsniff/ Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.