Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: to dsniff or not to dsniff

from [Alok Vijayant] Network Security [Permanent Link]
Subject: Re: to dsniff or not to dsniff
Date: Mon, 22 May 2006 00:14:24 +0530
Hey Guys,
I have placed Keystroke loggers on a few sensitive machines on my network and am trying to send data from target machines to a web server using IE Send() function. Can somebody suggest me a robust and intelligent method to capture such data on the web server which is not very processor intensive.

Thanks for guidelines.


Alok Vijayant
alokvijayant@bol.net.in
----- Original Message ----- From: "Robin Wood" <dninja@gmail.com>
To: "Ivan ." <ivanhec@gmail.com>
Cc: "Gary E. Miller" <gem@rellim.com>; <pen-test@securityfocus.com>
Sent: Sunday, May 21, 2006 7:18 PM
Subject: Re: to dsniff or not to dsniff


I've finally tried to get all this working from source, I've got
libnet 1.0.2a compiled ok but when I come to compile libnids 1.16 I
get the following errors:

for dir in src samples ; do (cd $dir ; make all) ; done
make[1]: Entering directory `/usr/src/libnids-1.16/src'
gcc -c -g -O2 -D_BSD_SOURCE -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD
-DHAVE_NET_ETHERNET_H -Wall -DHAVE_ICMPHDR=1 -DHAVE_TCP_STATES=1
-DHAVE_BSD_UDPHDR=1 -I.   ip_options.c
ip_options.c:31:2: error: #error "unknown byte ordering"
ip_options.c:83:2: error: #error "unknown byte ordering"
ip_options.c: In function 'ip_options_compile':
ip_options.c:113: error: 'struct iphdr' has no member named 'ihl'
ip_options.c:213: error: 'struct timestamp' has no member named 'flags'
ip_options.c:271: error: 'struct timestamp' has no member named 'overflow'
ip_options.c:277: error: 'struct timestamp' has no member named 'overflow'
make[1]: *** [ip_options.o] Error 1

So I added -DLIBNET_LIL_ENDIAN to the makefile and tried again, got a
bit further and got:

gcc -c -g -O2 -D_BSD_SOURCE -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD
-DHAVE_NET_ETHERNET_H -Wall -DHAVE_ICMPHDR=1 -DHAVE_TCP_STATES=1
-DHAVE_BSD_UDPHDR=1 -DLIBNET_LIL_ENDIAN -I.   killtcp.c
killtcp.c: In function 'nids_killtcp':
killtcp.c:17: error: 'IP_H' undeclared (first use in this function)
killtcp.c:17: error: (Each undeclared identifier is reported only once
killtcp.c:17: error: for each function it appears in.)
killtcp.c:17: error: 'TCP_H' undeclared (first use in this function)

At this point I'm assuming that either I've missed something or
something is wrong. Is there anyone out there who has got this
compiled from source and, if so, can you give any tips?

Thanks

Robin

PS The distro is Arch, gcc -v gives:

Using built-in specs.
Target: i686-pc-linux-gnu
Configured with: ../gcc-4.0.3/configure --host=i686-pc-linux-gnu
--build=i686-pc-linux-gnu --prefix=/usr --enable-shared
--enable-languages=c,c++,objc --enable-threads=posix
--enable-__cxa_atexit
Thread model: posix
gcc version 4.0.3

in case that matters.


On 5/9/06, Robin Wood <dninja@gmail.com> wrote: 
Hi all
Thanks for the recommendations, I'm going to get it installed and play
with it as everyone seems to be saying that it is worth it.

I'm running ArchLinux distro and I'm fairly new to it so dsniff may be
there somewhere but not in the basic repositories and I haven't got
round to working out how to use others so I'll install from source and
do a static build against the older libraries.

Thanks

Robin

On 5/9/06, Ivan . <ivanhec@gmail.com> wrote:
> fair enouh, I like Ubuntu as my laptop is fully supported.
>
> Yes I recommend using it, it's not only dnsiff, but filesnarf,
> mailsnarf, msgsnarf, urlsnarf, and webspy
>
> cheers
> Ivan
>
> On 5/8/06, Robin Wood <dninja@gmail.com> wrote:
> > I'm running arch linux at the moment, found ubuntu got too bloated.
> > Arch may have it somewhere but I'm yet to fully understand the package
> > manager so could have missed it.
> >
> > Does this mean that you recommend using dsniff?
> >
> > Robin
> >
> > On 5/8/06, Ivan . <ivanhec@gmail.com> wrote:
> > > Robin,
> > >
> > > Try Ubuntu, it has it. Comment out the "universe" section in your
> > > sources list, and then do
> > >
> > > ivan@vatra:~$ sudo apt-get install dsniff
> > >
> > > and yoru laughing
> > >
> > > cheers
> > > Ivan
> > >
> > > On 5/8/06, Gary E. Miller <gem@rellim.com> wrote:
> > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > Hash: SHA1
> > > >
> > > > Yo Robin!
> > > >
> > > > On Sun, 7 May 2006, Robin Wood wrote:
> > > >
> > > > > My distro doesn't have dsniff as a package so I've trid to > > > > > compile it
> > > > > and came across a few issues, in resolving them I realised that
> > > > > dnsniff is quite old and relies on some unsuported packages.
> > > >
> > > > I have not run into another package that does what dsniff does as
> > > > easily as dsniff does it. Long past time for a new maintainter to
> > > > pick it up and run with it. Should not be too hard for someone
> > > > that understands low level IP.
> > > >
> > > > RGDS
> > > > GARY
> > > > - ---------------------------------------------------------------------------
> > > > Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
> > > > gem@rellim.com Tel:+1(541)382-8588
> > > >
> > > > -----BEGIN PGP SIGNATURE-----
> > > > Version: GnuPG v1.4.2.1 (GNU/Linux)
> > > >
> > > > iD8DBQFEXr5l8KZibdeR3qURAgzeAKCYk1fLPDBf/7p6yU5cC0JxNJK1RQCfVJKF
> > > > i3s9A38X/2KXXi4PPm1/jJ8=
> > > > =j2iv
> > > > -----END PGP SIGNATURE-----
> > > >
> > > >
> > > > ------------------------------------------------------------------------------
> > > > This List Sponsored by: Cenzic
> > > >
> > > > Concerned about Web Application Security?
> > > > Why not go with the #1 solution - Cenzic, the only one to win the > > > > Analyst's
> > > > Choice Award from eWeek. As attacks through web applications > > > > continue to rise,
> > > > you need to proactively protect your applications from hackers. > > > > Cenzic has the
> > > > most comprehensive solutions to meet your application security > > > > penetration
> > > > testing and vulnerability management needs. You have an option to > > > > go with a
> > > > managed service (Cenzic ClickToSecure) or an enterprise software
> > > > (Cenzic Hailstorm). Download FREE whitepaper on how a managed > > > > service can
> > > > help you: http://www.cenzic.com/news_events/wpappsec.php
> > > > And, now for a limited time we can do a FREE audit for you to > > > > confirm your
> > > > results from other product. Contact us at request@cenzic.com for > > > > details.
> > > > ------------------------------------------------------------------------------
> > > >
> > > >
> > >
> >
>


------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------



------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: to dsniff or not to dsniff, Robin Wood
Next by Date:  Restoring ssh session, foringer@gmail.com
Previous by Thread:  Re: to dsniff or not to dsniff, Robin Wood
Next by Thread:  Re: to dsniff or not to dsniff, Gene Cronk
Indexes:  [Date] [Thread] [Top] [All Lists]