OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Chris Keladis (chrisCMC.CWO.NET.AU)
Date: Thu Mar 22 2001 - 15:57:32 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Is it a correct assumption that you have no administrative access to the
    switch, to enable a form of mirroring to duplicate traffic seen on other
    switch ports, to yours? (Not sure if this spans VLANs however).

    If not, there's alot of arp games you can play to confuse the switch,
    but i can't vouch for their effectiveness since i've always had option a
    available :-)

    Regards,

    Chris.

    "Ben Cohen, Ohad" wrote:

    > Sounds like what I have experienced.
    > Has anyone reading this list succeeded in l0pht SMB capturing on
    > switched NT4.0 networks
    > ? Can you lucky people elaborate how exactly was it done ? maybe
    > I'm just doing
    > something silly I could never track down alone.... ya know, those
    > little "minus/plus"
    > mistakes...:)
    >
    > thanks,
    > ~Ben.
    >
    >
    > Sean Ballard wrote:
    >
    >> What about getting data off a switched network segmented into
    >> multiple vlans? I have no success with 2.5.2 and the only hash I can
    >> pull from the packetsniffer module is my own. ./Sean
    >>
    >> -----Original Message-----
    >> From: Carino Gustavo Javier [mailto:GCARINOPECOM.COM.AR]
    >> Sent: Tuesday, March 20, 2001 1:39 PM
    >> To: FOCUS-MSSECURITYFOCUS.COM
    >> Subject: Re: l0phtcrack on a switched network, still...
    >>
    >>
    >> I haven't any problems with The version,l0phtcrack
    >> 2.52, in myswitched NT4.0 networks
    >> Is this your version?
    >>
    >> ----------
    >> De: Ben Cohen,
    >> Ohad[SMTP:absinthNETVISION.NET.IL]
    >> Responder a: Focus on Microsoft Mailing List
    >> Enviado el: Monday, March 19, 2001 7:11 PM
    >> Para: FOCUS-MSSECURITYFOCUS.COM
    >> Asunto: l0phtcrack on a switched network,
    >> still...
    >>
    >> Hi...
    >>
    >> I still can't get l0phtcrack SMB capture function to
    >> work on my switched
    >> network.
    >> I got the NDIS protocol up 'n' running and used WCI
    >> to arpspoof the network.
    >> while the WCI enumerated the network, l0pht captured
    >> tones of SMB packets,
    >> all from my host and my username on, with different
    >> destination IP
    >> addresses.
    >> During the actual WCI work, l0pht remained SMB
    >> bare-handed. nothing was
    >> captured.
    >> Btw, l0pht's manuals explicitly says that the NDIS
    >> network layer
    >> protocol and some other
    >> too should be removed in order for l0pht to properly
    >> work.
    >>
    >> HAS anyone succeeded in sniffing and decrypting
    >> switched NT4.0 networks
    >> login packets ?
    >>
    >> thanks,
    >> Ben.
    >>