pktmon.exe

Discussion forum for all Windows batch related topics.

Moderator: DosItHelp

Post Reply
Message
Author
npocmaka_
Posts: 493
Joined: 24 Jun 2013 17:10
Location: Bulgaria
Contact:

pktmon.exe

#1 Post by npocmaka_ » 19 May 2020 04:13

There's a new command line tool in windows 10 that I've missed and looks interesting:

https://www.bleepingcomputer.com/news/m ... ow-to-use/

Samir
Posts: 359
Joined: 16 Jul 2013 12:00
Location: HSV
Contact:

Re: pktmon.exe

#2 Post by Samir » 19 May 2020 10:37

Very useful and very dangerous at the same time as a compromised system on a network can now automatically hack the network with the right batch file. :shock:

ShadowThief
Expert
Posts: 954
Joined: 06 Sep 2013 21:28
Location: Virginia, United States

Re: pktmon.exe

#3 Post by ShadowThief » 19 May 2020 10:59

Samir wrote:
19 May 2020 10:37
Very useful and very dangerous at the same time as a compromised system on a network can now automatically hack the network with the right batch file. :shock:
That's a bit misleading. You can snoop on traffic, but you can't inherently do anything with it. It's like Wireshark.

Samir
Posts: 359
Joined: 16 Jul 2013 12:00
Location: HSV
Contact:

Re: pktmon.exe

#4 Post by Samir » 19 May 2020 12:41

ShadowThief wrote:
19 May 2020 10:59
Samir wrote:
19 May 2020 10:37
Very useful and very dangerous at the same time as a compromised system on a network can now automatically hack the network with the right batch file. :shock:
That's a bit misleading. You can snoop on traffic, but you can't inherently do anything with it. It's like Wireshark.
But in the article, the author was able to get ftp passwords sent in the clear. Not all traffic on a lan is encrypted so I can easily see this being used by a malware toolkit to scrape for information that is later exploited.

npocmaka_
Posts: 493
Joined: 24 Jun 2013 17:10
Location: Bulgaria
Contact:

Re: pktmon.exe

#5 Post by npocmaka_ » 19 May 2020 13:28

Samir wrote:
19 May 2020 12:41
ShadowThief wrote:
19 May 2020 10:59
Samir wrote:
19 May 2020 10:37
Very useful and very dangerous at the same time as a compromised system on a network can now automatically hack the network with the right batch file. :shock:
That's a bit misleading. You can snoop on traffic, but you can't inherently do anything with it. It's like Wireshark.
But in the article, the author was able to get ftp passwords sent in the clear. Not all traffic on a lan is encrypted so I can easily see this being used by a malware toolkit to scrape for information that is later exploited.

It needs elevated permissions to be started so probably it is not so harmful

ShadowThief
Expert
Posts: 954
Joined: 06 Sep 2013 21:28
Location: Virginia, United States

Re: pktmon.exe

#6 Post by ShadowThief » 19 May 2020 13:45

Samir wrote:
19 May 2020 12:41
ShadowThief wrote:
19 May 2020 10:59
Samir wrote:
19 May 2020 10:37
Very useful and very dangerous at the same time as a compromised system on a network can now automatically hack the network with the right batch file. :shock:
That's a bit misleading. You can snoop on traffic, but you can't inherently do anything with it. It's like Wireshark.
But in the article, the author was able to get ftp passwords sent in the clear. Not all traffic on a lan is encrypted so I can easily see this being used by a malware toolkit to scrape for information that is later exploited.
Sorry, by "it" I meant pktmon. Naturally you can do things with the data you obtain, and the fact that FTP sends all data including passwords in cleartext has been known for years - that's why using SFTP is recommended.

Samir
Posts: 359
Joined: 16 Jul 2013 12:00
Location: HSV
Contact:

Re: pktmon.exe

#7 Post by Samir » 19 May 2020 15:05

npocmaka_ wrote:
19 May 2020 13:28
Samir wrote:
19 May 2020 12:41
ShadowThief wrote:
19 May 2020 10:59


That's a bit misleading. You can snoop on traffic, but you can't inherently do anything with it. It's like Wireshark.
But in the article, the author was able to get ftp passwords sent in the clear. Not all traffic on a lan is encrypted so I can easily see this being used by a malware toolkit to scrape for information that is later exploited.

It needs elevated permissions to be started so probably it is not so harmful
Good point. Hopefully that's enough to prevent abuse.

Samir
Posts: 359
Joined: 16 Jul 2013 12:00
Location: HSV
Contact:

Re: pktmon.exe

#8 Post by Samir » 19 May 2020 15:07

ShadowThief wrote:
19 May 2020 13:45
Samir wrote:
19 May 2020 12:41
ShadowThief wrote:
19 May 2020 10:59


That's a bit misleading. You can snoop on traffic, but you can't inherently do anything with it. It's like Wireshark.
But in the article, the author was able to get ftp passwords sent in the clear. Not all traffic on a lan is encrypted so I can easily see this being used by a malware toolkit to scrape for information that is later exploited.
Sorry, by "it" I meant pktmon. Naturally you can do things with the data you obtain, and the fact that FTP sends all data including passwords in cleartext has been known for years - that's why using SFTP is recommended.
Of course, but my thoughts are if you could wireshark a lan using a compromised system, you can get a lot more than just that system. And for that to be built-into windows without some heavy security is going to open it up to abuse.

Post Reply