Page 1 of 1
pktmon.exe
Posted: 19 May 2020 04:13
by npocmaka_
There's a new command line tool in windows 10 that I've missed and looks interesting:
https://www.bleepingcomputer.com/news/m ... ow-to-use/
Re: pktmon.exe
Posted: 19 May 2020 10:37
by Samir
Very useful and very dangerous at the same time as a compromised system on a network can now automatically hack the network with the right batch file.
Re: pktmon.exe
Posted: 19 May 2020 10:59
by ShadowThief
Samir wrote: ↑19 May 2020 10:37
Very useful and very dangerous at the same time as a compromised system on a network can now automatically hack the network with the right batch file.
That's a bit misleading. You can snoop on traffic, but you can't inherently do anything with it. It's like Wireshark.
Re: pktmon.exe
Posted: 19 May 2020 12:41
by Samir
ShadowThief wrote: ↑19 May 2020 10:59
Samir wrote: ↑19 May 2020 10:37
Very useful and very dangerous at the same time as a compromised system on a network can now automatically hack the network with the right batch file.
That's a bit misleading. You can snoop on traffic, but you can't inherently do anything with it. It's like Wireshark.
But in the article, the author was able to get ftp passwords sent in the clear. Not all traffic on a lan is encrypted so I can easily see this being used by a malware toolkit to scrape for information that is later exploited.
Re: pktmon.exe
Posted: 19 May 2020 13:28
by npocmaka_
Samir wrote: ↑19 May 2020 12:41
ShadowThief wrote: ↑19 May 2020 10:59
Samir wrote: ↑19 May 2020 10:37
Very useful and very dangerous at the same time as a compromised system on a network can now automatically hack the network with the right batch file.
That's a bit misleading. You can snoop on traffic, but you can't inherently do anything with it. It's like Wireshark.
But in the article, the author was able to get ftp passwords sent in the clear. Not all traffic on a lan is encrypted so I can easily see this being used by a malware toolkit to scrape for information that is later exploited.
It needs elevated permissions to be started so probably it is not so harmful
Re: pktmon.exe
Posted: 19 May 2020 13:45
by ShadowThief
Samir wrote: ↑19 May 2020 12:41
ShadowThief wrote: ↑19 May 2020 10:59
Samir wrote: ↑19 May 2020 10:37
Very useful and very dangerous at the same time as a compromised system on a network can now automatically hack the network with the right batch file.
That's a bit misleading. You can snoop on traffic, but you can't inherently do anything with it. It's like Wireshark.
But in the article, the author was able to get ftp passwords sent in the clear. Not all traffic on a lan is encrypted so I can easily see this being used by a malware toolkit to scrape for information that is later exploited.
Sorry, by "it" I meant pktmon. Naturally you can do things with the data you obtain, and the fact that FTP sends all data including passwords in cleartext has been known for years - that's why using SFTP is recommended.
Re: pktmon.exe
Posted: 19 May 2020 15:05
by Samir
npocmaka_ wrote: ↑19 May 2020 13:28
Samir wrote: ↑19 May 2020 12:41
ShadowThief wrote: ↑19 May 2020 10:59
That's a bit misleading. You can snoop on traffic, but you can't inherently do anything with it. It's like Wireshark.
But in the article, the author was able to get ftp passwords sent in the clear. Not all traffic on a lan is encrypted so I can easily see this being used by a malware toolkit to scrape for information that is later exploited.
It needs elevated permissions to be started so probably it is not so harmful
Good point. Hopefully that's enough to prevent abuse.
Re: pktmon.exe
Posted: 19 May 2020 15:07
by Samir
ShadowThief wrote: ↑19 May 2020 13:45
Samir wrote: ↑19 May 2020 12:41
ShadowThief wrote: ↑19 May 2020 10:59
That's a bit misleading. You can snoop on traffic, but you can't inherently do anything with it. It's like Wireshark.
But in the article, the author was able to get ftp passwords sent in the clear. Not all traffic on a lan is encrypted so I can easily see this being used by a malware toolkit to scrape for information that is later exploited.
Sorry, by "it" I meant pktmon. Naturally you can do things with the data you obtain, and the fact that FTP sends all data including passwords in cleartext has been known for years - that's why using SFTP is recommended.
Of course, but my thoughts are if you could wireshark a lan using a compromised system, you can get a lot more than just that system. And for that to be built-into windows without some heavy security is going to open it up to abuse.