Hackers Cafe

Sign Out of Gmail Account Remotely
Gmail is one of the widely use email service.There are lot of features in gmail. There is a security feature for gmail known as remote logout. Many of use more than one computers to login to gmail account. Some times we often leave the browser opened & not being logged out of gmail or we are in cyber cafe and any power cut or computer faliure occurs and if the computer is at office or any public place your account may be hacked or misused by someone else.
But there is a method by which you can l;og out from your gmail account remotely.
Open you gmail account and go to bottom of the page ,there you will see something as shown below..

gmail-remote-logout

Now you can click on “Details” which shows you a pop-up having details about your last sessions.Click on “Sign out all other sessions” to sign out of gmail at all other places exept the current.
By this simple feature you can check that your gmail account is hacked or not.

Sign Out of Gmail Account Remotely
Gmail is one of the widely use email service.There are lot of features in gmail. There is a security feature for gmail known as remote logout. Many of use more than one computers to login to gmail account. Some times we often leave the browser opened & not being logged out of gmail or we are in cyber cafe and any power cut or computer faliure occurs and if the computer is at office or any public place your account may be hacked or misused by someone else.
But there is a method by which you can l;og out from your gmail account remotely.
Open you gmail account and go to bottom of the page ,there you will see something as shown below..

gmail-remote-logout

Now you can click on “Details” which shows you a pop-up having details about your last sessions.Click on “Sign out all other sessions” to sign out of gmail at all other places exept the current.
By this simple feature you can check that your gmail account is hacked or not.

Found a great website that logs IPs and gives you the lat/long./isp.
1)Create Account
http://www.chatrack.frihost.net/index-1.php
2)Get one of the links and tell someone on AIM or whatever to click it, choose any of the images and tell them you painted it or some stupid shit like that.
3)When they look at the image, it logs their IP.
4)Bonus points:
-Tell them its animated and 20 seconds in it will change, this allows the website to have time to ensure all their info is retrieved.
........................................................................................................................................................................................

Found a great website that logs IPs and gives you the lat/long./isp.
1)Create Account
http://www.chatrack.frihost.net/index-1.php
2)Get one of the links and tell someone on AIM or whatever to click it, choose any of the images and tell them you painted it or some stupid shit like that.
3)When they look at the image, it logs their IP.
4)Bonus points:
-Tell them its animated and 20 seconds in it will change, this allows the website to have time to ensure all their info is retrieved.
........................................................................................................................................................................................

How to Get Facebook Email Address
Facebook has just new features in which it will give email addresses to users ,at this time facebook email id is not open to everyone ,you have to request invittation.In order to get a invite to this new service you need to visit following link where in you would be asked to click on the ‘Request Invite’ button.
http://www.facebook.com/about/messages/

Facebook-email-Invite

if you are lucky you will get the yourname@facebook.com email id as soon as possible .Please note that Your email address will match your public username, for example:
Profile: facebook.com/username
Then your email address will be
Email: username@facebook.com
If you don’t have a username you can go here facebook.com/username/ to get or click below
http://www.facebook.com/username/

How to Get Facebook Email Address
Facebook has just new features in which it will give email addresses to users ,at this time facebook email id is not open to everyone ,you have to request invittation.In order to get a invite to this new service you need to visit following link where in you would be asked to click on the ‘Request Invite’ button.
http://www.facebook.com/about/messages/

Facebook-email-Invite

if you are lucky you will get the yourname@facebook.com email id as soon as possible .Please note that Your email address will match your public username, for example:
Profile: facebook.com/username
Then your email address will be
Email: username@facebook.com
If you don’t have a username you can go here facebook.com/username/ to get or click below
http://www.facebook.com/username/

Screen Shot Of Version 2.6
Ardamax 2.8 + tutorial

Ardamax Keylogger 2.9 is good, but not as good as Ardamax Keylogger 2.8, reason being is because on Ardamax Keylogger 2.9, when your victim clicks the file, it comes up saying "This will install Ardamax monitoring tool, do you wish to continue?", where as if you use Ardamax 2.8, it will just infect they're PC when they click it, nothing comes up, it'll just auto-install.

I. Get Ardamax 2.8:

Download:
http://www.4shared.com/file/83797643/c7dd0121/ardamax28key.html

1. Once you've downloaded it, you'll see a little notepad icon in your taskbar, now right-hand click it and click 'Enter registration key...', now type in this where it says registration name and under it where it says

Once done click 'Ok' and you should get a pop-up saying 'Registration key accepted. Thanks for registering'

II. Creating the Keylogger Engine:

2. Now your going to make the Keylogger Engine (The thing you give to your victim). Click 'Remote Installation...', now, click 'next' until you get to Appearences.

3. Now that your at Appearences, click 'Additional components' and un-tick 'Log Viewer' like done in the screenshot

4. Now you should be at 'Invisibility', make sure all the boxes are ticked, then click 'Next'.

5. Now you should be at 'Security', now, click 'Enable' and put your password (it can be any password you like, make it something easy so you can remember). Once done, make sure all the boxes are ticked and click 'Next'.

6. Now you should be at 'Web Update', just click 'Next' when your here.

7. Ok, you should now be at 'Options', this all depends on you, if you want your Keylogger to be a secret on your computer so your family know you ain't been up to anything naughty, then tick 'Start in hidden mode' and click 'Next'
(Remember, if in future you want to make a new Keylogger Engine, then press: CTRL + SHIFT + ALT + H at the same time.

8. Ok, now you should be at 'Control', click the box that says 'Send logs every', now make it so it sends logs every 30 minutes, then where it says Delivery, un-tick 'Email' and tick 'FTP', leave the 'Include' bit as it is, now un-tick the box where it says 'Send only if log size exceeds', once thats done, it should all look like it does in this screenshot:

cont: Now you should be at 'FTP', create a free account at http://www.drivehq.com/secure/FreeSignup...m=storage, then make sure your at 'Online Storage', then make a new folder called: Logs (this is where the logs are sent to when you keylogg someone), Now on your FTP on Ardamax Keylogger, where it says 'FTP Host:', put this:

http://ftp.drivehq.com

Now where it says 'Remote Folder:', put this: Logs

Now where it says 'Userame:' and 'Password:', put your DriveHQ username and password, then it should look something like this

Once done, do NOT change your DriveHQ password or rename/delete the folder called 'Logs', if you do, the logs will not come through.

9. You should now be at 'Control', make sure all the boxes are 'ticked' then click 'Next'.

10. Where it says 'Screen Shots', adjust them as you like, but I recommend every 2 hours and full screen, once done click 'Next'.

11. Now you should be at 'Destination', now you have to choose where you put your Keylogger Engine, where it says 'Keylogger egine path:', click 'browse' and choose where you want to put your Keylogger Engine.

12. Now un-tick 'Open the folder containing the keylogger engine' (this should stop you from logging yourself) and then choose the Icon you want for the keylogger engine, choose one and then click 'Next' then 'Finish'.

III. Binding the Keylogger Engine with another file:

13. Download Easy Binder 2.0

Download:

RapidShare: 1-CLICK Web hosting - Easy Filehosting

RapidShare: 1-CLICK Web hosting - Easy Filehosting

PLEASE NOTE THAT YOU WILL NEED THE .NET FRAMEWORK v2.0 IN ORDER TO RUN THE BINDER GET IT HERE:
x64:

http://www.Mcft.com/downloads/details.as...laylang=en

x86:

http://www.Mcft.com/downloads/details.as...laylang=en

14. Open it and then click the little green '+' image in the bottom left corner, then it should browse your files, go to wherever you put the Keylogger Engine and then click the file called 'Install'.

15. Do the same again but don't add the Keylogger Engine (Install), add a picture or something.

16. You need to get a .ico image, this is easy, just go to FavIcon from Pics -- how to create a favicon.ico for your website and upload the Image you want to be converted to .ico, once its done, click 'download'.

17. On the Binder, click 'Settings' and then where it says 'Select An Icon', click the '...' image and then browse your files, where it says 'Files of type', scroll down and select 'All Files [*.*]', then select your .ico image which you just made like so:

18. Now on the Easy Binder, where it says 'Set Output File', click the '...' button and then put it where you want your binded files to be saved, put the name you want on the file and then click 'Save'.

19. Go to 'File's' on the Binder and then click 'Bind File's'. Now this new file you've just made is the keylogger and a image in one, if your doing this with Ardamax 2.8 then when your victim opens the file, a harmless image comes up and they're PC also gets infected with Ardamax Keylogger.

Now spred and enjoy your logs!

Well have fun with it.

http://www.Serials.ws

Key: TVOGVGCPMUFCORA OR Name: Ziggy - SnD Team Serial: POFLCUHWBWAVYKL OR e37843hr73h74rhu OR UCCCBXOPYOMXACN OR TUQTNNQUOUPPQUQ

Screen Shot Of Version 2.6
Ardamax 2.8 + tutorial

Ardamax Keylogger 2.9 is good, but not as good as Ardamax Keylogger 2.8, reason being is because on Ardamax Keylogger 2.9, when your victim clicks the file, it comes up saying "This will install Ardamax monitoring tool, do you wish to continue?", where as if you use Ardamax 2.8, it will just infect they're PC when they click it, nothing comes up, it'll just auto-install.

I. Get Ardamax 2.8:

Download:
http://www.4shared.com/file/83797643/c7dd0121/ardamax28key.html

1. Once you've downloaded it, you'll see a little notepad icon in your taskbar, now right-hand click it and click 'Enter registration key...', now type in this where it says registration name and under it where it says

Once done click 'Ok' and you should get a pop-up saying 'Registration key accepted. Thanks for registering'

II. Creating the Keylogger Engine:

2. Now your going to make the Keylogger Engine (The thing you give to your victim). Click 'Remote Installation...', now, click 'next' until you get to Appearences.

3. Now that your at Appearences, click 'Additional components' and un-tick 'Log Viewer' like done in the screenshot

4. Now you should be at 'Invisibility', make sure all the boxes are ticked, then click 'Next'.

5. Now you should be at 'Security', now, click 'Enable' and put your password (it can be any password you like, make it something easy so you can remember). Once done, make sure all the boxes are ticked and click 'Next'.

6. Now you should be at 'Web Update', just click 'Next' when your here.

7. Ok, you should now be at 'Options', this all depends on you, if you want your Keylogger to be a secret on your computer so your family know you ain't been up to anything naughty, then tick 'Start in hidden mode' and click 'Next'
(Remember, if in future you want to make a new Keylogger Engine, then press: CTRL + SHIFT + ALT + H at the same time.

8. Ok, now you should be at 'Control', click the box that says 'Send logs every', now make it so it sends logs every 30 minutes, then where it says Delivery, un-tick 'Email' and tick 'FTP', leave the 'Include' bit as it is, now un-tick the box where it says 'Send only if log size exceeds', once thats done, it should all look like it does in this screenshot:

cont: Now you should be at 'FTP', create a free account at http://www.drivehq.com/secure/FreeSignup...m=storage, then make sure your at 'Online Storage', then make a new folder called: Logs (this is where the logs are sent to when you keylogg someone), Now on your FTP on Ardamax Keylogger, where it says 'FTP Host:', put this:

http://ftp.drivehq.com

Now where it says 'Remote Folder:', put this: Logs

Now where it says 'Userame:' and 'Password:', put your DriveHQ username and password, then it should look something like this

Once done, do NOT change your DriveHQ password or rename/delete the folder called 'Logs', if you do, the logs will not come through.

9. You should now be at 'Control', make sure all the boxes are 'ticked' then click 'Next'.

10. Where it says 'Screen Shots', adjust them as you like, but I recommend every 2 hours and full screen, once done click 'Next'.

11. Now you should be at 'Destination', now you have to choose where you put your Keylogger Engine, where it says 'Keylogger egine path:', click 'browse' and choose where you want to put your Keylogger Engine.

12. Now un-tick 'Open the folder containing the keylogger engine' (this should stop you from logging yourself) and then choose the Icon you want for the keylogger engine, choose one and then click 'Next' then 'Finish'.

III. Binding the Keylogger Engine with another file:

13. Download Easy Binder 2.0

Download:

RapidShare: 1-CLICK Web hosting - Easy Filehosting

RapidShare: 1-CLICK Web hosting - Easy Filehosting

PLEASE NOTE THAT YOU WILL NEED THE .NET FRAMEWORK v2.0 IN ORDER TO RUN THE BINDER GET IT HERE:
x64:

http://www.Mcft.com/downloads/details.as...laylang=en

x86:

http://www.Mcft.com/downloads/details.as...laylang=en

14. Open it and then click the little green '+' image in the bottom left corner, then it should browse your files, go to wherever you put the Keylogger Engine and then click the file called 'Install'.

15. Do the same again but don't add the Keylogger Engine (Install), add a picture or something.

16. You need to get a .ico image, this is easy, just go to FavIcon from Pics -- how to create a favicon.ico for your website and upload the Image you want to be converted to .ico, once its done, click 'download'.

17. On the Binder, click 'Settings' and then where it says 'Select An Icon', click the '...' image and then browse your files, where it says 'Files of type', scroll down and select 'All Files [*.*]', then select your .ico image which you just made like so:

18. Now on the Easy Binder, where it says 'Set Output File', click the '...' button and then put it where you want your binded files to be saved, put the name you want on the file and then click 'Save'.

19. Go to 'File's' on the Binder and then click 'Bind File's'. Now this new file you've just made is the keylogger and a image in one, if your doing this with Ardamax 2.8 then when your victim opens the file, a harmless image comes up and they're PC also gets infected with Ardamax Keylogger.

Now spred and enjoy your logs!

Well have fun with it.

http://www.Serials.ws

Key: TVOGVGCPMUFCORA OR Name: Ziggy - SnD Team Serial: POFLCUHWBWAVYKL OR e37843hr73h74rhu OR UCCCBXOPYOMXACN OR TUQTNNQUOUPPQUQ

There are three main modes in which Snort can be configured: sniffer, packet logger, and network intrusion detection system.

Sniffer mode simply reads the packets off of the network and displays them for you in a continuous stream on the console.
Packet logger mode logs the packets to the disk.
Network intrusion detection mode is the most complex and configurable configuration, allowing Snort to analyze network traffic for matches against a user defined rule set

The main distribution site for Snort is http://www.snort.org. Snort is distributed under the GNU GPL license by the author Martin Roesch. Snort is a lightweight network IDS, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching.

Snort logs packets in either tcpdump binary format or in Snort's decoded ASCII format to logging directories that are named based on the IP address of the foreign host. In our lab, we start using Snort as a packet sniffer and a packet analyzer. Apart from running in a promiscuous mode, we will also see how it will help us log interesting IPs. Using Snort as a packet sniffer and packet analyzer is an easy process. The man pages are very helpful.

From the command line prompt we set Snort to a verbose display of the packets sniffed and analyzed. e.g. - The command given below captures all the packets belonging to the class C internal IP's of the type 192.168.20.*.

C:\>snort -v -d -e -i etho -h 192.168.20.0/24 ^-1 log

The '-v' switch brings forth a verbose response.

The '-d' switch helps in dumping the decoded application layer data

While '-e' shows the decoded Ethernet headers.

The '-i' switch specifies the interface to be monitored for packet analysis.

The '-h' switch specifies which class of network packets has to be captured.

The -l option tells snort to dump the packets in the log file.

The packets are captured in hex format by default (this can be changed to binary -b) and sorted by IP address to facilitate easy mapping and decoding of data.

06/22-16:36:44.959860 0:C1:26:E:AF:10 -> 0:A0:C5:4B:52:FC type:0x800 len:0x4D

192.168.2.96:1629 -> 203.124.250.69:53 UDP TTL:128 TOS:oxo ID:38429 IpLen:20 DgmLen:63

Len: 43

00 02 0100 00 00 01 00 00 00 00 00 00 03 77 77 77 .............www

09 61 69 72 6C 69 6E 65 72 73 03 6E 65 74 00 00 .airliners.net..

01 00 01 ...

Tool: Windump

WinDump is the porting to the Windows platform of tcpdump, the most used network sniffer/analyzer for UNIX.

WinDump is the porting to the Windows platform of tcpdump, the most prolific network sniffer/analyzer for UNIX. Porting is currently based on version 3.5.2. WinDump is fully compatible with tcpdump and can be used to watch and diagnose network traffic according to various complex rules.

WinDump is simple to use and works at the command prompt level. The syntax that we have used as seen in our screenshot here, is Windump -n -S -vv. The -n option tells Windump to display IP addresses instead of the computers' names. The -S option indicates that the actual TCP/IP sequence numbers should be shown. If this option is omitted, relative numbers will be shown. The -vv options make the output more verbose, adding fields such as time to live and IP ID number to the sniffed information.

Let's take a closer look at how WinDump records various types of packets. Here's a TCP example, which shows a data packet with the PUSH and ACK flags set. First, we have the WinDump log entry for the packet. Immediately after it is the same entry, but with an explanation added for each field:

20:50:00.037087 IP (tos 0x0, ttl 128, id 2572, len 46) 192.168.2.24.1036 > 64.12.24.42.5190: P [tcp sum ok] 157351:157357(6) ack 2475757024 win 8767 (DF)

The above entry can be deciphered as 20:50:00.037087 [timestamp] IP [protocol header follows] (tos 0x0, ttl 128, id 2572, len 46) 192.168.2.24.1036 [source IP:port] > 64.12.24.42.5190: [destination IP:port] P [push flag] [tcp sum ok] 157351:157357 [sequence numbers] (6) [bytes of data] ack 2475757024 [acknowledgement and sequence number] win 8767 [window size] (DF) [don't fragment set]

The next example is UDP.

20:50:11.190427 [timestamp] IP [protocol header follows] (tos 0x0, ttl 128, id 6071, len 160) 192.168.2.28.3010 [source IP:port] > 192.168.2.1.1900: [destination IP:port] udp [protocol] 132

ICMP log entry looks as given below.

20:50:11.968384 [timestamp] IP [protocol header follows] (tos 0x0, ttl 128, id 8964, len 60) 192.168.2.132 [source IP] > 192.168.2.1: [destination IP] icmp [protocol type] 40: [Time to live] echo request seq 43783 [sequence number]

Finally, WinDump will also capture ARP requests and replies.

20:50:37.333222 [timestamp] arp [protocol] who-has 192.168.2.1 [destination IP] tell 192.168.2.118 [source IP]

20:50:37.333997 [timestamp] arp [protocol] reply 192.168.2.1 [destination IP] is-at 0:a0:c5:4b:52: fc [MAC address]

There are three main modes in which Snort can be configured: sniffer, packet logger, and network intrusion detection system.

Sniffer mode simply reads the packets off of the network and displays them for you in a continuous stream on the console.
Packet logger mode logs the packets to the disk.
Network intrusion detection mode is the most complex and configurable configuration, allowing Snort to analyze network traffic for matches against a user defined rule set

The main distribution site for Snort is http://www.snort.org. Snort is distributed under the GNU GPL license by the author Martin Roesch. Snort is a lightweight network IDS, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching.

Snort logs packets in either tcpdump binary format or in Snort's decoded ASCII format to logging directories that are named based on the IP address of the foreign host. In our lab, we start using Snort as a packet sniffer and a packet analyzer. Apart from running in a promiscuous mode, we will also see how it will help us log interesting IPs. Using Snort as a packet sniffer and packet analyzer is an easy process. The man pages are very helpful.

From the command line prompt we set Snort to a verbose display of the packets sniffed and analyzed. e.g. - The command given below captures all the packets belonging to the class C internal IP's of the type 192.168.20.*.

C:\>snort -v -d -e -i etho -h 192.168.20.0/24 ^-1 log

The '-v' switch brings forth a verbose response.

The '-d' switch helps in dumping the decoded application layer data

While '-e' shows the decoded Ethernet headers.

The '-i' switch specifies the interface to be monitored for packet analysis.

The '-h' switch specifies which class of network packets has to be captured.

The -l option tells snort to dump the packets in the log file.

The packets are captured in hex format by default (this can be changed to binary -b) and sorted by IP address to facilitate easy mapping and decoding of data.

06/22-16:36:44.959860 0:C1:26:E:AF:10 -> 0:A0:C5:4B:52:FC type:0x800 len:0x4D

192.168.2.96:1629 -> 203.124.250.69:53 UDP TTL:128 TOS:oxo ID:38429 IpLen:20 DgmLen:63

Len: 43

00 02 0100 00 00 01 00 00 00 00 00 00 03 77 77 77 .............www

09 61 69 72 6C 69 6E 65 72 73 03 6E 65 74 00 00 .airliners.net..

01 00 01 ...

Tool: Windump

WinDump is the porting to the Windows platform of tcpdump, the most used network sniffer/analyzer for UNIX.

WinDump is the porting to the Windows platform of tcpdump, the most prolific network sniffer/analyzer for UNIX. Porting is currently based on version 3.5.2. WinDump is fully compatible with tcpdump and can be used to watch and diagnose network traffic according to various complex rules.

WinDump is simple to use and works at the command prompt level. The syntax that we have used as seen in our screenshot here, is Windump -n -S -vv. The -n option tells Windump to display IP addresses instead of the computers' names. The -S option indicates that the actual TCP/IP sequence numbers should be shown. If this option is omitted, relative numbers will be shown. The -vv options make the output more verbose, adding fields such as time to live and IP ID number to the sniffed information.

Let's take a closer look at how WinDump records various types of packets. Here's a TCP example, which shows a data packet with the PUSH and ACK flags set. First, we have the WinDump log entry for the packet. Immediately after it is the same entry, but with an explanation added for each field:

20:50:00.037087 IP (tos 0x0, ttl 128, id 2572, len 46) 192.168.2.24.1036 > 64.12.24.42.5190: P [tcp sum ok] 157351:157357(6) ack 2475757024 win 8767 (DF)

The above entry can be deciphered as 20:50:00.037087 [timestamp] IP [protocol header follows] (tos 0x0, ttl 128, id 2572, len 46) 192.168.2.24.1036 [source IP:port] > 64.12.24.42.5190: [destination IP:port] P [push flag] [tcp sum ok] 157351:157357 [sequence numbers] (6) [bytes of data] ack 2475757024 [acknowledgement and sequence number] win 8767 [window size] (DF) [don't fragment set]

The next example is UDP.

20:50:11.190427 [timestamp] IP [protocol header follows] (tos 0x0, ttl 128, id 6071, len 160) 192.168.2.28.3010 [source IP:port] > 192.168.2.1.1900: [destination IP:port] udp [protocol] 132

ICMP log entry looks as given below.

20:50:11.968384 [timestamp] IP [protocol header follows] (tos 0x0, ttl 128, id 8964, len 60) 192.168.2.132 [source IP] > 192.168.2.1: [destination IP] icmp [protocol type] 40: [Time to live] echo request seq 43783 [sequence number]

Finally, WinDump will also capture ARP requests and replies.

20:50:37.333222 [timestamp] arp [protocol] who-has 192.168.2.1 [destination IP] tell 192.168.2.118 [source IP]

20:50:37.333997 [timestamp] arp [protocol] reply 192.168.2.1 [destination IP] is-at 0:a0:c5:4b:52: fc [MAC address]

Ethereal is a free network protocol analyzer for UNIX and Windows. It allows the user to examine data from a live network or from a capture file on disk. Interactive browsing of the captured data, viewing summary and detailed information for each packet are part of the basic functionality of the sniffer. Ethereal has several powerful features, including a display filter language and the ability to view the reconstructed stream of a TCP session.

Recent versions of Ethereal have included many enhancements to the interface. Live data can be read from Ethernet, FDDI, PPP, Token-Ring, IEEE 802.11, Classical IP over ATM, and loopback interfaces (at least on some platforms; not all of those types are supported on all platforms). Let us take a closer look. We run Ethereal over the LAN (which is not switched) and take a look at the captured data. We sort by the protocol and notice a POP session.

Ethereal lets us follow the entire conversation as shown in the screenshot below.

We are able to reconstruct the client-server conversation as displayed by two different colors. We are able to make out the email service provider, the user name and password from the reconstruction of the sniffed packets. That is not all. We were also able to pick a chat thread from the thousands of packets that passed by in the two minutes.

Ethereal is a free network protocol analyzer for UNIX and Windows. It allows the user to examine data from a live network or from a capture file on disk. Interactive browsing of the captured data, viewing summary and detailed information for each packet are part of the basic functionality of the sniffer. Ethereal has several powerful features, including a display filter language and the ability to view the reconstructed stream of a TCP session.

Recent versions of Ethereal have included many enhancements to the interface. Live data can be read from Ethernet, FDDI, PPP, Token-Ring, IEEE 802.11, Classical IP over ATM, and loopback interfaces (at least on some platforms; not all of those types are supported on all platforms). Let us take a closer look. We run Ethereal over the LAN (which is not switched) and take a look at the captured data. We sort by the protocol and notice a POP session.

Ethereal lets us follow the entire conversation as shown in the screenshot below.

We are able to reconstruct the client-server conversation as displayed by two different colors. We are able to make out the email service provider, the user name and password from the reconstruction of the sniffed packets. That is not all. We were also able to pick a chat thread from the thousands of packets that passed by in the two minutes.

Yeah you heard it right! The famous editor-in-chief of Wikileaks is a Hacker. Hacker in truer sense, he is one of the first hacker to implement ethical hacking.

Assange is a self-taught at libraries and learned to program on early PCs.
Programming quickly became hacking once Assange got an Internet connection, and soon he was accessing government networks and bank mainframes. He was arrested in 1991 and charged with more than 30 criminal counts related to his hacking. Facing as many as 10 years in prison, Assange struck a plea deal.
During sentencing, the judge ruled that Assange only had to pay a fine. Assange's hacks were not malicious; they were the harmless result of “inquisitive intelligence,” said the judge.

Introduction to Packet Sniffing

From Tony Bradley, CISSP, MCSE2k, MCSA, A+

Its a cruel irony in information security that many of the features that make using computers easier or more efficient and the tools used to protect and secure the network can also be used to exploit and compromise the same computers and networks. This is the case with packet sniffing.

A packet sniffer, sometimes referred to as a network monitor or network analyzer, can be used legitimately by a network or system administrator to monitor and troubleshoot network traffic. Using the information captured by the packet sniffer an administrator can identify erroneous packets and use the data to pinpoint bottlenecks and help maintain efficient network data transmission.

In its simple form a packet sniffer simply captures all of the packets of data that pass through a given network interface.

Typically, the packet sniffer would only capture packets that were intended for the machine in question. However, if placed into promiscuous mode, the packet sniffer is also capable of capturing ALL packets traversing the network regardless of destination.

By placing a packet sniffer on a network in promiscuous mode, a malicious intruder can capture and analyze all of the network traffic. Within a given network, username and password information is generally transmitted in clear text which means that the information would be viewable by analyzing the packets being transmitted.

A packet sniffer can only capture packet information within a given subnet. So, its not possible for a malicious attacker to place a packet sniffer on their home ISP network and capture network traffic from inside your corporate network (although there are ways that exist to more or less "hijack" services running on your internal network to effectively perform packet sniffing from a remote location). In order to do so, the packet sniffer needs to be running on a computer that is inside the corporate network as well. However, if one machine on the internal network becomes compromised through a Trojan or other security breach, the intruder could run a packet sniffer from that machine and use the captured username and password information to compromise other machines on the network.

Detecting rogue packet sniffers on your network is not an easy task. By its very nature the packet sniffer is passive. It simply captures the packets that are traveling to the network interface it is monitoring. That means there is generally no signature or erroneous traffic to look for that would identify a machine running a packet sniffer. There are ways to identify network interfaces on your network that are running in promiscuous mode though and this might be used as a means for locating rogue packet sniffers.

If you are one of the good guys and you need to maintain and monitor a network, I recommend you become familiar with network monitors or packet sniffers such as Ethereal. Learn what types of information can be discerned from the captured data and how you can put it to use to keep your network running smoothly. But, also be aware that users on your network may be running rogue packet sniffers, either experimenting out of curiosity or with malicious intent, and that you should do what you can to make sure this does not happen.

Yeah you heard it right! The famous editor-in-chief of Wikileaks is a Hacker. Hacker in truer sense, he is one of the first hacker to implement ethical hacking.

Assange is a self-taught at libraries and learned to program on early PCs.
Programming quickly became hacking once Assange got an Internet connection, and soon he was accessing government networks and bank mainframes. He was arrested in 1991 and charged with more than 30 criminal counts related to his hacking. Facing as many as 10 years in prison, Assange struck a plea deal.
During sentencing, the judge ruled that Assange only had to pay a fine. Assange's hacks were not malicious; they were the harmless result of “inquisitive intelligence,” said the judge.