Website Password hacking using WireShark

Step 3: Analyze POST data for username and password

Now right click on that line and select Follow TCP Steam

Website Password hacking using WireShark - blackMORE Ops - 4

This will open a new Window that contains something like this:

HTTP/1.1 302 Found 
Date: Mon, 10 Nov 2014 23:52:21 GMT 
Server: Apache/2.2.15 (CentOS) 
X-Powered-By: PHP/5.3.3 
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" 
Set-Cookie: non=non; expires=Thu, 07-Nov-2024 23:52:21 GMT; path=/ 
Set-Cookie: password=e4b7c855be6e3d4307b8d6ba4cd4ab91; expires=Thu, 07-Nov-2024 23:52:21 GMT; path=/ 
Set-Cookie: scifuser=sampleuser; expires=Thu, 07-Nov-2024 23:52:21 GMT; path=/ 
Location: loggedin.php 
Content-Length: 0 
Connection: close 
Content-Type: text/html; charset=UTF-8

I’ve highlighted the user name and password field.

So in this case,

  1. username: sampleuser
  2. password: e4b7c855be6e3d4307b8d6ba4cd4ab91

But hang on, e4b7c855be6e3d4307b8d6ba4cd4ab91 can’t be a real password. It must be a hash value.

Note that some website’s doesn’t hash password’s at all even during sign on. For those, you’ve already got the username and password. In this case, let’s go bit far and identify this hash value

Step 4: Identify hash type

I will use hash-identifier to find out which type of hash is that. Open terminal and type in hash-identifier and paste the hash value. hash-identifier will give you possible matches.

See screenshot below:

Website Password hacking using WireShark - blackMORE Ops - 6

Now one thing for sure, we know it’s not a Domain Cached Credential. So it must be a MD5 hash value.

I can crack that using hashcat or cudahashcat. There’s an extensive guide on how to do that here.

Check Also

Identifying harmful activity on your captured traffic

This Python script utilises Wireshark or TCPdump to analyse network traffic stored in a specified …

How to fix You can’t access this shared folder because your organization’s security policies block unauthenticated guest access error on Windows 11

If you have the following error on Windows 11 “You can’t access this shared folder …

36 comments

  1. hi :)
    As always many thanks for the interesting material in the mythical
    blackmoreops.com

    PS I did some tests ” refresher ” on some old and famous forum at http :
    & After the filter http.request.method == " POST "
    the credentials are in ” CLEAR ” in Base-Line text-data(wireshark)
    ex: http://postimg.org/image/loiekr3jz/full/

    thx-again :-)

  2. is that only capture your own network packet, right?
    so, when we want to capture other computer packet, we must do arp poisoning, please correct me…

    • Hi Akyra,
      Correct. Or if you have access to the Gateway device(for example a router/proxy), you can just do it in there and all the HTTP password for the whole network will come up in Plaintext. Truly scary assuming that someone used the same password in a secured website and in a non-secured website. It’s very old hack but works till date.
      My intention is to show how easily it can be done and people should be aware of it. Cheers,
      -BMO

      • thanks blackmore ops
        I have access to a person network … i know his router mac and from armitage i can access all his computers too but i m unable to find a way to wireshark his computers as u have jst said that its very easy to do so.. but due to my lack to knowledge i cannot do it..
        when i start capturing data from wireshark it only shows the ip im using.. means its capturing only my data not his… would appreciate if u can explain how to capture his date and get passwords…

      • it would be so helpful, f you could get me a tutorial on the method you just said.
        pls help me out.

  3. You can also look for “data-text-lines” in the wireshark filter.
    It gives all the packets were tis line is present.

  4. Please note that sensitive data may be protected on the client-side when playing with plain-text connections e.g. with some JavaScript help. see http://tech.pro/tutorial/631/secure-authentication-without-ssl-using-javascript

  5. How do i know the desktop password over the network of my colleagues computer using wireshark.

  6. I get an error when I type in the filter, basically saying it’s invalid.. any ideas?

  7. can we know the route where the traffic is being directed too? using wireshark? thank you

  8. Can I do all this on my android??
    I want to hack my university DSL router username and password, so can anyone tell??

  9. hello friends,

    My name is gabi and i really need some help with my newly installed Kali 2.0 Sana.

    It actually worked for some couple of weeks and later started acting weird. The issue is this ;

    I cannot browse the internet with either iceweasel or Firefox
    I cannot use the terminal to ping any public internet address, even google dns server
    BUT
    I can use the TOR browser only to access the internet (WEIRD).

    This is driving me crazy, just when i am preparing for my CEHv8 and other security certifications.

    Please guys, the experts, help me out here. I will really appreciate any help.

    Thanks

    Gabi

    • look in the /etc folder for another folder named “Networkmanagement” , in this folder must be a config file, open it with a text editor and you will find the option somethink like “network” oder “networkcard managed” = false, just replace the “false” with “true” and save the config file, then you will be noticed that you are connected to the internet.

  10. Do these systems work with macs?

  11. hey bro i need help urgently i hacked my neighbours wifi but he know but don’t know who i am so i was thinking if i want to be remains anonymous how can i be or if any apps i am using hotspot shield elite. i need assurance he can never trace me …

  12. Hello. I am just wondering, if a wireless USB card is really needed? As for my computer, I have one built in. What would this be called in the Wireshark capture interfaces?

  13. Do you need a professional to go to for all of your cyber/internet issues, i implore you to hire the best only so as to get your job completed without hassles.
    For more info contact:
    Darkwebssolutions on gmail or text +9193076946

  14. can u help me to hack a website and get the username and password ~
    if can pls email to me
    jack@live.cn

  15. Please assist with retrieving the data website below.

  16. Does he charge money over it ?

  17. Will this only work if the victim uses an http link or will it still work if they use https and the website has an http version?

  18. any alternate tool to hack website?

  19. contact dennixrichison@gmail. com for hacking services

Leave your solution or comment to help others.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from blackMORE Ops

Subscribe now to keep reading and get access to the full archive.

Continue reading

Privacy Policy on Cookies Usage

Some services used in this site uses cookies to tailor user experience or to show ads.