Skip to content

Instantly share code, notes, and snippets.

@AysadKozanoglu

AysadKozanoglu/capture Passwords tcpdump.md

Created February 12, 2019 13:33
Show Gist options
  • Star 6 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save AysadKozanoglu/b98ac4d121775e510ebac6ff6e67e13d to your computer and use it in GitHub Desktop.
Save AysadKozanoglu/b98ac4d121775e510ebac6ff6e67e13d to your computer and use it in GitHub Desktop.
Download ZIP
get plain passwords with tcpdump
Raw
capture Passwords tcpdump.md

Capture SMTP Email

tcpdump -nn -l port 25 | grep -i 'MAIL FROM\|RCPT TO'

Extract HTTP Passwords in POST Requests

tcpdump -s 0 -A -n -l | egrep -i "POST /|pwd=|passwd=|password=|Host:"

Capture FTP Credentials and Commands

tcpdump -nn -v port ftp or ftp-data

Capture all plaintext passwords

tcpdump port http or port ftp or port smtp or port imap or port pop3 or port telnet -l -A | egrep -i -B5 'pass=|pwd=|log=|login=|user=|username=|pw=|passw=|passwd=|password=|pass:|user:|username:|password:|login:|pass |user '
@masterujjval
Copy link

I have used the command but it doesn't not show any information, when i cancel the operation it only shows packet captured and froped ny kernel that's it. Any idea how it can the information also

@MirMax13
Copy link

MirMax13 commented Mar 16, 2024
edited

I have used the command but it doesn't not show any information, when i cancel the operation it only shows packet captured and froped ny kernel that's it. Any idea how it can the information also

I used last command but with some upgrade. I added on which traffic interception should be performed. Something like:

tcpdump -i eth0 port http or port ftp or port smtp or port imap or port pop3 or port telnet -l -A | egrep -i -B5 'pass=|pwd=|log=|login=|user=|username=|pw=|passw=|passwd=|password=|pass:|user:|username:|password:|login:|pass |user '

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment