Wireshark? – Digitalmunition




Home Forums Wireshark?

This topic contains 1 reply, has 2 voices, and was last updated by  Sugoypotato 1 month, 2 weeks ago.

  • Author
    Posts
  • #292916

    anonymous
    Participant

    So I have a pcap file that I downloaded, and my goal is to find the password used (for school, not real hacking, don’t worry). I see a bunch of FTP packets transmitted and followed the TCP stream. This was the output:

    220 Microsoft FTP Service

    USER ftp

    331 Anonymous access allowed, send identity (e-mail name) as password.

    PASS

    230-XYZCOMPANY.COM FTP SITE

    230 Anonymous user logged in.

    SYST

    215 Windows_NT

    TYPE I

    200 Type set to I.

    PORT 192,168,1,50,174,33

    200 PORT command successful.

    STOR fgdump.exe

    150 Opening BINARY mode data connection for fgdump.exe.

    226 Transfer complete.

    QUIT

    221 See you later

    So I can’t see the password. This user used their access to pass a bunch of malicious executables through. How do I get the password (only the goal of the project) if it is blank? I see it says to use email name as password, but I don’t see any emails names in the rest of the stream.

    Thank you for the help, I am just beginning and learning new things everyday.

  • #292917

    Sugoypotato

    Hint:
    Read ftp RFC (to find out how the password exchange protocol works, whats gets sent first and stuffs like that)
    Literally try to grep password/pass

You must be logged in to reply to this topic.