hacking help needed.

haha, not trying to learn hacking but i do need to explain it to my manager.

I'm trying to explain to upper management we need SSL for our OWA. Currently anyone show login to their OWA from outside the company are sending usernames and passwords in clear text form because we don't have any SSL.

I'm not a hacker so I don't have the talent to demostrate to our upper management how easy it is for this to happen.

All I have said was it is possible to use a packet monitoring tool between the client and public IP.

I like to elabrate on this but I just don't know.

Can anyone help me in details of how a hacker can retrieve our username and password if we don't use SSL for our OWA??

Really, the easiest and most effective way is to find some articles that directly address that topic. I'm sure there are a lot of them in the MS knowledge base.

well i tried to search it but nothing is available.

most article just tells you how to prevent it but doesn't tell you how it can happen.

also if the articles tells you how it happens. then it's too general like what i mentioned above: "a packet tool monitoring between client and server or just monitoring the public IP".

i really not trying to learn how to hack so I don't need to know the tool's name. what i do need to know is how are they monitoring the public IP?

are they sitting on a router 1, 2, or 3 hops from our gateway? or what??

Well, it can be captured where ever the packet travels, which on the internet is a lot of places. So at any point it can either be listened to or intercepted and forwarded on. I guess you need to explain to them that the internet is not a direct communication between two points, but a jungle where the communication is passed from one point to another until it actually gets to the intended recipient. And in some places it might be broadcast for anyone to grab and analyze.

I think the main point that you can make is that unless some type of secure communication agreement is setup between the two machines, then the machines are talking in a common language that needs to be understood by anyone, and if they are talking in a common language, that means that any one can also understand what is being sent.

You could run a trace route to another server and show them how many different places the data is going before it actually gets to the intended recipient. A tool in Windows can be installed from the windows components section called network monitor and that will capture any packets sent on the network interface cards connection (most lans now have switches so they don't forward data that isn't intended for that particular nic) and you can then open those packets and actually read clear text in them.

Hopefully someone can find a way to explain it better and clearer.

The most likely scenario is that your mobile users will check their email at a hot spot. If someone is capturing packets, their username and password is in plain view. Just for fun, I had my laptop turned on capturing packets in my backpack while I walked in to a coffee shop. This was during lunch time so there were several business guys in there checking email. From the time it took me to finish off my Caramel Java Kula with two shots of vanilla, I collected nearly a dozen usernames & passwords. If my hat was darker, I could've done some very bad things.

The best way to convey the importance of an encrypted connection is to show him. Have him (or anyone) log in to OWA on a wireless connection while you run Wireshark on your wireless laptop. If you have wireless at work, the same danger is present. Even if the wireless connection itself is encrypted, other users that are attached to the same SSID can capture their packets. When you show someone their password in clear text, they suddenly understand. I did this to my wife, and now she's very aware of SSL.

all you have to do is explain like these guys then say, "we even know when you're looking at porn" then pick a guy out and look him dead in the eye.


great advice by rfquinn.

You can use ettercap on your wired network. It does U/P capture so that shoul dbe enough to scare the crap out of your boss if thats what you're looking for.

yes, i'm going to demo this for them.

wireshark, it is hard to read. how does one interpret this? plus it's hard to find. i only capture 10 seconds. if i left it as longs as my coffee then for sure i'll never find it. too much crap to look through.

ettercap seems nice according to you screen shot. but it's only for linux. is there something else similar to ettercap but for windows??

"if i left it as longs as my coffee then for sure i'll never find it. too much crap to look through."

use filters to remove everything but HTTP traffic from your boss's machine to the web server.

Ok i filtered all the http protocols out

i do see the user name, domain, and host in the middle frame.

I don't see the password anywhere else?

I searched 3 to 4 lines down and up from the top frame and still nothing.

Is the password supposed to be in the TCP protocol or only http protocol?

i like to demo this for uppermanagment right now since everyone is here together.

any ideas?

i see NTLM then a long encrypted code.

so can i decode a NTLM? or is this good enough to tell them if somebody where to packet trace the clear text in front of our public IP then the code would show up here??

You can run ettercap on mac osx since its unix based. I don't know of anything like it for windows.

cool stuff