dsniff project An experiment in social engineering to get rid of plaintext network authentication.Passwords recently captured with dsniff from our local network, updated periodically.
----------------- 03/13/00 12:38:42 X.X.X.X -> X.X.X.X (telnet) XXX Biscruggele% ----------------- 03/13/00 11:09:53 X.X.X.X -> X.X.X.X (ftp) USER XXX PASS tschedftp ----------------- 03/13/00 10:32:58 X.X.X.X -> X.X.X.X (imap) LOGIN XXX nabilj ----------------- 03/13/00 10:30:10 X.X.X.X -> X.X.X.X (telnet) XXX car9^ter ----------------- 03/14/00 12:16:10 X.X.X.X -> X.X.X.X (icq) XXX59140 swzhu123 ----------------- 03/14/00 11:31:30 X.X.X.X -> X.X.X.X (telnet) XXX yanshime sqlplus XXX/mai2mai ----------------- 03/14/00 15:48:15 X.X.X.X -> X.X.X.X (telnet) XXX yanshime su i2000net ----------------- 03/13/00 15:10:12 X.X.X.X -> X.X.X.X (telnet) XXX Ctpsuck# ----------------- 03/13/00 13:37:34 X.X.X.X -> X.X.X.X (telnet) XXX laichen88 ----------------- 03/13/00 10:25:57 X.X.X.X -> X.X.X.X (telnet) XXX u8ts,i1ts ----------------- 03/14/00 03:34:50 X.X.X.X -> X.X.X.X (napster) XXX ultimate 0 "v2.0a" ----------------- 03/14/00 18:31:42 X.X.X.X -> X.X.X.X (icq) XXX tbone ----------------- 03/14/00 16:15:40 X.X.X.X -> X.X.X.X (aim) toc_signon login.oscar.aol.com 5190 XXX 0x300c05443b1d0d [defkorn] ----------------- 03/14/00 19:47:15 X.X.X.X -> X.X.X.X (napster) XXX tbone 6699 "Gnapster 1.3.4" ----------------- 03/14/00 15:51:19 X.X.X.X -> X.X.X.X (ftp) USER XXX PASS ^zex(otic ----------------- 03/14/00 07:31:29 X.X.X.X -> X.X.X.X (icq) XXX yelmer ----------------- 02/28/00 16:59:18 X.X.X.X -> X.X.X.X (www) GET /secure/vlispdf/stk1700/index1.cfm HTTP/1.1 Host: X.X.X Authorization: Basic XXXtb3RoeWVtYWhvbmV5OmpvcmRhbg== [XXX:jordan] ----------------- 03/06/00 15:31:21 X.X.X.X -> X.X.X.X (imap) LOGIN XXX Grote#bitch. ----------------- 03/03/00 10:26:48 X.X.X.X -> X.X.X.X (telnet) XXX rajkkarD9 ----------------- 02/25/00 17:14:26 X.X.X.X -> X.X.X.X (ftp) USER XXX PASS Anklayeaucad- ----------------- 03/02/00 15:20:59 X.X.X.X -> X.X.X.X (telnet) XXX shiyan70090951 ----------------- 03/02/00 20:32:41 X.X.X.X -> X.X.X.X (ftp) USER XXX PASS !hlrt@uofM ----------------- 02/29/00 16:29:42 X.X.X.X -> X.X.X.X (telnet) XXX i2000net ----------------- 02/29/00 17:17:11 X.X.X.X -> X.X.X.X (telnet) XXX manmarsh ----------------- 02/28/00 09:03:18 X.X.X.X -> X.X.X.X (telnet) XXX 98XippKA ----------------- 02/29/00 17:34:52 X.X.X.X -> X.X.X.X (telnet) XXX PiKasso ----------------- 03/06/00 12:14:14 X.X.X.X -> X.X.X.X (ftp) USER XXX PASS sarah1024 ----------------- 03/06/00 12:14:18 X.X.X.X -> X.X.X.X (telnet) XXX 143Mtyn! ----------------- 03/03/00 07:03:38 X.X.X.X -> X.X.X.X (ftp) USER XXX PASS #@gruPPO:" ----------------- 03/06/00 13:30:03 X.X.X.X -> X.X.X.X (www) GET /tbl_properties.php3?server=1&db=XXX&table=Customer HTTP/1.1 Host: X.X.X Authorization: Basic XXXvbmduYW46emhvbmduYW4xMjM= [XXX:zhongnan123] ----------------- 03/01/00 16:10:44 X.X.X.X -> X.X.X.X (telnet) XXX derf.310 ----------------- 03/03/00 12:43:42 X.X.X.X -> X.X.X.X (telnet) XXX paddington1 ----------------- 03/06/00 13:07:34 X.X.X.X -> X.X.X.X (mountd) /mnt/win/olympus/asb [00 00 00 00 ca ba eb fe 03 00 00 00 02 00 00 00 01 03 00 00 01 03 00 00 01 00 00 00 00 00 00 00] ----------------- 03/02/00 17:43:56 X.X.X.X -> X.X.X.X (www) GET /format/bot.1.jpg HTTP/1.0 Proxy-authorization: Basic XXX0MDoxMjk5NA== [XXX:12994] Host: X.X.X.X ----------------- 02/29/00 19:17:37 X.X.X.X -> X.X.X.X (www) GET /photoshop/private/images/privatepage_005_f_r1_c1.gif HTTP/1.1 Host: X.X.X Authorization: Basic XXXvdG9zaG9wOnJlc29sdXRpb24= [XXX:resolution] ----------------- 03/02/00 16:53:36 X.X.X.X -> X.X.X.X (telnet) XXX $yvette% ----------------- 03/01/00 17:38:16 X.X.X.X -> X.X.X.X (www) GET /format/mid.1.jpg HTTP/1.0 Host: X.X.X.X Proxy-Authorization: Basic XXXvbWVzOmFiYzEyM2FiYw== [XXX:abc123abc] ----------------- 02/25/00 10:56:12 X.X.X.X -> X.X.X.X (ftp) USER XXX PASS !nf(n@teDre@m$ ----------------- 02/25/00 09:33:43 X.X.X.X -> X.X.X.X (pop3) AUTH LOGIN XXX1Z2dldHQ= [XXX] ZG9tamFuNjI= [domjan62] ----------------- 02/25/00 09:32:18 X.X.X.X -> X.X.X.X (imap) LOGIN XXX yaotun ----------------- 02/25/00 10:23:58 X.X.X.X -> X.X.X.X (telnet) XXX *BlinK182 ----------------- 02/25/00 08:52:08 X.X.X.X -> X.X.X.X (imap) LOGIN XXX jaime0618 ----------------- 02/24/00 19:37:47 X.X.X.X -> X.X.X.X (ftp) USER XXX PASS shiyan70 ACCT XXX ----------------- 02/25/00 08:55:14 X.X.X.X -> X.X.X.X (imap) LOGIN XXX Tastd1tmn5 ----------------- 02/24/00 19:24:54 X.X.X.X -> X.X.X.X (pop3) AUTH LOGIN XXXodQ== [XXX] c2hpeWFuNzA= [shiyan70] ----------------- 02/25/00 12:56:43 X.X.X.X -> X.X.X.X (telnet) XXX !nf(n@teDre@m$ ----------------- 02/25/00 13:30:53 X.X.X.X -> X.X.X.X (ftp) USER XXX PASS yaotun ----------------- 02/25/00 10:10:22 X.X.X.X -> X.X.X.X (telnet) XXX ready001 ----------------- 02/25/00 11:18:28 X.X.X.X -> X.X.X.X (ftp) USER XXX PASS Tastd1tmn5 ----------------- 02/26/00 00:27:47 X.X.X.X -> X.X.X.X (www) GET /netnomics/articles/2000/2-1/net9902.pdf HTTP/1.0 Host: X.X.X Authorization: Basic XXXwaGVycHVuazpjeXBoZXJwdW5r [XXX:cypherpun] ----------------- 02/25/00 12:08:55 X.X.X.X -> X.X.X.X (mountd) /mnt/win/mp3/asb [00 00 00 00 ca ba eb fe 67 00 00 00 02 00 00 00 01 03 00 00 01 03 00 00 01 00 00 00 00 00 00 00] ----------------- 02/24/00 17:09:41 X.X.X.X -> X.X.X.X (www) GET /mobile.html HTTP/1.0 Host: X.X.X.X/mobile.html Proxy-Authorization: Basic XXX1c2VyMTpibXVzZXI= [XXX:bmuser] ----------------- 02/24/00 16:42:00 X.X.X.X -> X.X.X.X (www) GET /usage/usage_0200.html HTTP/1.1 Host: X.X.X Authorization: Basic XXXibGljOnRvMjFjbg== [XXX:to21cn] GET /usage/usage_0200.html HTTP/1.1 Host: X.X.X Authorization: Basic XXXodTpzemh1MTIz [XXX:szhu12] ----------------- 02/24/00 16:54:00 X.X.X.X -> X.X.X.X (imap) 00001 LOGIN XXX Frisbee! ----------------- 02/24/00 17:24:43 X.X.X.X -> X.X.X.X (snmp) [version 1] internal ----------------- 02/24/00 17:13:41 X.X.X.X -> X.X.X.X (ftp) USER XXX PASS rakkarD9 ----------------- 02/24/00 16:22:11 X.X.X.X -> X.X.X.X (pop3) USER XXX PASS Ichuta! ----------------- 02/24/00 17:28:27 X.X.X.X -> X.X.X.X (telnet) XXX yanshime ----------------- 02/24/00 15:36:39 X.X.X.X -> X.X.X.X (pop3) USER XXX PASS tywade ----------------- 02/24/00 15:44:50 X.X.X.X -> X.X.X.X (pop3) USER XXX PASS sckmdck ----------------- 02/24/00 17:01:27 X.X.X.X -> X.X.X.X (telnet) XXX shiyan70 ----------------- 02/24/00 15:46:37 X.X.X.X -> X.X.X.X (pop3) USER XXX PASS shiyan70 ----------------- 02/24/00 15:37:33 X.X.X.X -> X.X.X.X (pop3) USER XXX PASS 3873#* ----------------- 02/24/00 15:45:06 X.X.X.X -> X.X.X.X (imap) 002N LOGIN "XXX" "Anklayeaucad-" ----------------- 02/23/00 16:27:40 X.X.X.X -> X.X.X.X (telnet) XXX COOTER1 ----------------- 02/24/00 10:52:30 X.X.X.X -> X.X.X.X (telnet) XXX sdrg.upm ----------------- 02/24/00 11:32:40 X.X.X.X -> X.X.X.X (ftp) USER XXX PASS wo45 ----------------- 02/24/00 15:15:04 X.X.X.X -> X.X.X.X (www) GET / HTTP/1.0 Proxy-Authorization: Basic XXXrazpiYWNrdXA= [XXX:backup] Host: X.X.X.X ----------------- 02/17/00 15:27:05 X.X.X.X -> X.X.X.X (ftp) USER XXX PASS jeffab ----------------- 02/17/00 05:23:26 X.X.X.X -> X.X.X.X (www) GET /projects/citi-netscape/ HTTP/1.0 Host: X.X.X.X Proxy-Authorization: Basic XXXwcm94eTFcZWNwcm94eWxpbms6cHJveHltZQA= [XXX\XXX:proxyme] ----------------- 02/17/00 18:08:24 X.X.X.X -> X.X.X.X (ftp) USER XXX PASS nanofuck ----------------- 02/16/00 14:25:16 XXX -> XXX (www) GET /us/mac/VISEData HTTP/1.1 Host: XXX Authorization: Basic cXRtYWM6 [qtmac] ----------------- 02/16/00 17:36:25 X.X.X.X -> X.X.X.X (imap) A001 LOGIN "XXX" "catteeth" ----------------- 02/16/00 17:39:41 X.X.X.X -> X.X.X.X (imap) A001 LOGIN "XXX" "cat4snog" ----------------- 02/15/00 16:32:24 X.X.X.X -> X.X.X.X (telnet) XXX wyoumm ----------------- 02/16/00 12:43:55 X.X.X.X -> X.X.X.X (imap) A001 LOGIN "XXX" "cat2tcl" ----------------- 02/16/00 15:33:02 X.X.X.X -> X.X.X.X (ftp) USER XXX PASS 11112222 ----------------- 02/16/00 14:24:59 X.X.X.X -> X.X.X.X (www) GET /projects/linux-scalability/ HTTP/1.0 Host: X.X.X.X Proxy-Authorization: Basic XXX0Om5RczRmQG9Q [XXX:nQs4f@o] ----------------- 02/15/00 17:32:06 X.X.X.X -> X.X.X.X (www) GET /format/mid.1.jpg HTTP/1.0 Host: X.X.X.X Proxy-authorization: Basic XXXYXJpc0BicmV3LW1laXN0ZXIuY29tOnRoaXMgaXMgdGhlIHRpbWUh [XXX@X.X:this is the time] ----------------- 02/11/00 12:42:17 X.X.X.X -> X.X.X.X (www) GET /isat HTTP/1.1 Host: X.X.X Authorization: Basic XXXtYmVyOmluc3RpdHV0ZQ== [XXX:institute] ----------------- 02/14/00 12:59:27 X.X.X.X -> X.X.X.X (mountd) /home/XXX [00 00 00 00 20 ed 82 c1 87 0d 00 00 41 3c 01 00 11 08 00 00 11 08 00 00 87 0d 00 00 00 00 00 00] ----------------- 02/10/00 17:20:51 X.X.X.X -> X.X.X.X (pop3) USER XXX PASS .twins, ----------------- 02/12/00 23:25:52 X.X.X.X -> X.X.X.X (ftp) USER XXX PASS hgg784k ----------------- 02/11/00 08:54:41 X.X.X.X -> X.X.X.X (ftp) USER XXX PASS sbk1bNkE ----------------- 02/11/00 17:38:21 X.X.X.X -> X.X.X.X (mountd) /usr/local [00 00 00 00 d0 b4 3c c0 02 00 00 00 02 00 00 00 02 03 00 00 02 03 00 00 02 00 00 00 00 00 00 00] ----------------- 02/12/00 06:16:12 X.X.X.X -> X.X.X.X (ftp) USER XXX PASS LLgu8N ----------------- 02/10/00 23:49:49 X.X.X.X -> X.X.X.X (telnet) XXX (HOhoHO) ----------------- 02/11/00 11:39:23 X.X.X.X -> X.X.X.X (telnet) XXX Let'ski ----------------- 02/13/00 16:25:37 X.X.X.X -> X.X.X.X (www) GET /controlPanel/default HTTP/1.1 Host: X.X.X.X Authorization: Basic XXX2aW5AdW1pY2guZWR1OmNhdDRzbm9n [XXX:cat4sno] ----------------- 01/25/00 14:19:31 X.X.X.X -> X.X.X.X (pop3) USER XXX PASS Anderson. ----------------- 01/26/00 09:02:30 X.X.X.X -> X.X.X.X (www) GET /_derived/home_cmp_artsy010_hbtn_a.gif HTTP/1.0 Host: X.X.X Authorization: Basic XXXcGFydG5lcjpzYWZlbW9uZXk= [XXX:safemoney] ----------------- 01/24/00 12:52:03 X.X.X.X -> X.X.X.X (ftp) USER XXX PASS cat4snog ----------------- 01/22/00 11:26:25 X.X.X.X -> X.X.X.X (pop3) USER XXX PASS qwert hx1138 ----------------- 01/26/00 17:03:00 X.X.X.X -> X.X.X.X (telnet) XXX arat'san ----------------- 01/23/00 22:16:55 X.X.X.X -> X.X.X.X (telnet) XXX cycle:381 ----------------- 01/22/00 08:20:16 X.X.X.X -> X.X.X.X (ftp) USER XXX PASS Alpc2p3O ----------------- 01/26/00 17:51:03 X.X.X.X -> X.X.X.X (ftp) USER XXX PASS d73sbwv5 ----------------- 01/21/00 14:56:56 X.X.X.X -> X.X.X.X (ftp) USER XXX PASS chorgy ----------------- 01/25/00 08:53:30 X.X.X.X -> X.X.X.X (ftp) USER XXX PASS cat2tcl ----------------- 01/22/00 18:02:33 X.X.X.X -> X.X.X.X (ftp) USER XXX PASS A.K.R.N! ----------------- 01/21/00 07:50:27 X.X.X.X -> X.X.X.X (pop3) USER XXX PASS bat2bite ----------------- 01/23/00 16:51:17 X.X.X.X -> X.X.X.X (telnet) XXX KaruVatta_0 ----------------- 01/21/00 11:42:51 X.X.X.X -> X.X.X.X (ftp) USER XXX PASS HOWL ABE BOCK TROT ONTO LIST ----------------- 01/23/00 16:57:30 X.X.X.X -> X.X.X.X (telnet) XXX ma3baba ----------------- 01/26/00 16:39:03 X.X.X.X -> X.X.X.X (telnet) XXX $#bab,. ----------------- 01/26/00 14:24:19 X.X.X.X -> X.X.X.X (login) [XXX:XXX] XXX i'm Engaged? ----------------- 01/23/00 16:46:26 X.X.X.X -> X.X.X.X (telnet) XXX @cheech@ ----------------- 01/21/00 07:18:42 X.X.X.X -> X.X.X.X (pop3) USER XXX PASS thx1138 ----------------- 02/10/00 14:45:55 X.X.X.X -> X.X.X.X (pop3) AUTH LOGIN XXXj [XXX] XXXpbFBXRA== [mailPWD] ----------------- 02/10/00 14:28:26 X.X.X.X -> X.X.X.X (pop3) USER XXX PASS thy1138 ----------------- 02/10/00 14:29:16 X.X.X.X -> X.X.X.X (pop3) USER XXX PASS me!!OW**
|