There's a new command line tool in windows 10 that I've missed and looks interesting:
https://www.bleepingcomputer.com/news/m ... ow-to-use/
pktmon.exe
Moderator: DosItHelp
Re: pktmon.exe
Very useful and very dangerous at the same time as a compromised system on a network can now automatically hack the network with the right batch file.
-
- Expert
- Posts: 1160
- Joined: 06 Sep 2013 21:28
- Location: Virginia, United States
Re: pktmon.exe
That's a bit misleading. You can snoop on traffic, but you can't inherently do anything with it. It's like Wireshark.
Re: pktmon.exe
But in the article, the author was able to get ftp passwords sent in the clear. Not all traffic on a lan is encrypted so I can easily see this being used by a malware toolkit to scrape for information that is later exploited.ShadowThief wrote: ↑19 May 2020 10:59That's a bit misleading. You can snoop on traffic, but you can't inherently do anything with it. It's like Wireshark.
Re: pktmon.exe
Samir wrote: ↑19 May 2020 12:41But in the article, the author was able to get ftp passwords sent in the clear. Not all traffic on a lan is encrypted so I can easily see this being used by a malware toolkit to scrape for information that is later exploited.ShadowThief wrote: ↑19 May 2020 10:59That's a bit misleading. You can snoop on traffic, but you can't inherently do anything with it. It's like Wireshark.
It needs elevated permissions to be started so probably it is not so harmful
-
- Expert
- Posts: 1160
- Joined: 06 Sep 2013 21:28
- Location: Virginia, United States
Re: pktmon.exe
Sorry, by "it" I meant pktmon. Naturally you can do things with the data you obtain, and the fact that FTP sends all data including passwords in cleartext has been known for years - that's why using SFTP is recommended.Samir wrote: ↑19 May 2020 12:41But in the article, the author was able to get ftp passwords sent in the clear. Not all traffic on a lan is encrypted so I can easily see this being used by a malware toolkit to scrape for information that is later exploited.ShadowThief wrote: ↑19 May 2020 10:59That's a bit misleading. You can snoop on traffic, but you can't inherently do anything with it. It's like Wireshark.
Re: pktmon.exe
Good point. Hopefully that's enough to prevent abuse.npocmaka_ wrote: ↑19 May 2020 13:28Samir wrote: ↑19 May 2020 12:41But in the article, the author was able to get ftp passwords sent in the clear. Not all traffic on a lan is encrypted so I can easily see this being used by a malware toolkit to scrape for information that is later exploited.ShadowThief wrote: ↑19 May 2020 10:59
That's a bit misleading. You can snoop on traffic, but you can't inherently do anything with it. It's like Wireshark.
It needs elevated permissions to be started so probably it is not so harmful
Re: pktmon.exe
Of course, but my thoughts are if you could wireshark a lan using a compromised system, you can get a lot more than just that system. And for that to be built-into windows without some heavy security is going to open it up to abuse.ShadowThief wrote: ↑19 May 2020 13:45Sorry, by "it" I meant pktmon. Naturally you can do things with the data you obtain, and the fact that FTP sends all data including passwords in cleartext has been known for years - that's why using SFTP is recommended.Samir wrote: ↑19 May 2020 12:41But in the article, the author was able to get ftp passwords sent in the clear. Not all traffic on a lan is encrypted so I can easily see this being used by a malware toolkit to scrape for information that is later exploited.ShadowThief wrote: ↑19 May 2020 10:59
That's a bit misleading. You can snoop on traffic, but you can't inherently do anything with it. It's like Wireshark.