Wireshark? – Digitalmunition

Home Forums Wireshark?

This topic contains 1 reply, has 2 voices, and was last updated by  Sugoypotato 1 month, 2 weeks ago.

  • Author
  • #292916


    So I have a pcap file that I downloaded, and my goal is to find the password used (for school, not real hacking, don’t worry). I see a bunch of FTP packets transmitted and followed the TCP stream. This was the output:

    220 Microsoft FTP Service

    USER ftp

    331 Anonymous access allowed, send identity (e-mail name) as password.



    230 Anonymous user logged in.


    215 Windows_NT

    TYPE I

    200 Type set to I.

    PORT 192,168,1,50,174,33

    200 PORT command successful.

    STOR fgdump.exe

    150 Opening BINARY mode data connection for fgdump.exe.

    226 Transfer complete.


    221 See you later

    So I can’t see the password. This user used their access to pass a bunch of malicious executables through. How do I get the password (only the goal of the project) if it is blank? I see it says to use email name as password, but I don’t see any emails names in the rest of the stream.

    Thank you for the help, I am just beginning and learning new things everyday.

  • #292917


    Read ftp RFC (to find out how the password exchange protocol works, whats gets sent first and stuffs like that)
    Literally try to grep password/pass

You must be logged in to reply to this topic.