Evil Elf

Wireshark and Password Cracking

Packet capture

Given the right permissions, anyone can load a program such as Wireshark and start capturing network traffic. We can easily filter through a network capture file, and view what data our computer has been sending and receiving, as well as sniffing traffic on a switch or hub and reveal what everyone has been looking at.

Without packet data being encrypted, we could see all network requests and responses, along with its data. If the packet data wasn't encrypted, we could see what websites people have been visiting, users personal information (credentials, bank account data, etc). Protocols such as telnet and http will transfer data in plaintext, which means we can extract human-readable data out of it.

Useful terms:

  • Packet - a packet consists of control information and user data, which is also known as the payload

  • Protocol - a network protocol is a set of rules followed by the network (an example of a protocol is HTTP)

  • Port - a network port is a number that identifies one side of a connection between two computers. Computers use port numbers to determine to which process or application a message should be delivered

Password cracking

Hashing and encryption are not the same. If we encrypt something, we can decrypt it again to the original plain text data. With a hash, it only works one way. We can turn it into another not-human readable form and it cannot be reversed. With a hash, the only way to tell the value of the hash is, taking characters, hashing them and comparing them to see if both hashes are the same.

We can try and Crack the Hash by taking a wordlist, using a hashing algorithm and hashing each word from the list, comparing it to the original. If it's the same hash, we have the word that was original hashed, if not we can move onto the next word to compare.

Dissecting an hash:

Blue shows the username, the green shows all the hash information, and the red color shows the rest of the data.

Using the first $6 we can look up what type of hash algorithm was used, checking this page: https:/hashcat.net/wiki/doku.php?id=example_hashes.

Download the pcap and open it with Wireshark.

Follow TCP Stream

Find the type of hash

Find hash-type number in hashcat

Crack the hash

PreviousArctic ForumNextTraining

Last updated