Comments: Maybe you will ask -- isn't Cain used for sniffing? How can I restore the encrypted password? That's right! Today, I accidentally discovered that Cain also had a good usage skill in the Penetration Process. It was used to restore the ciphertext in flashfxp that you obtained from the Administrator's computer, we all know that all the login information submitted to any place must be submitted in plain text. Otherwise, the Service may ask-isn't Cain used for sniffing? How can I restore the encrypted password?
That's right! Today, I accidentally discovered that Cain also had a good usage skill in the Penetration Process. It was used to restore the ciphertext in flashfxp that you obtained from the Administrator's computer, we all know that the login information submitted to any place must be submitted in plain text. Otherwise, the server or website cannot be identified. This is equivalent to the network horse decryption we mentioned earlier, to run the Web horse on your machine, you must restore it when you enter your machine, and restore your ever-changing encryption to the most basic Web Page code, in this way, your IE can recognize and run it, as does Flashfxp.
Let's take a look at the encrypted ciphertext of flashfxp. The connection records of flashfxp are stored in the Stats. dat file.
Let's open my local Stats. dat.
500) this. width = 500 "title =" Click here to browse images in a new window "/>
As you can see
IP: 60.169.2.160
User = sXXXXdio
Pass = .... A bunch of ciphertext
Maybe everyone will say-now that the configuration file is connected directly to ftp to get webshell. Why is it a waste of time to get this password? This is certainly the case for people without penetration experience. Change your mind. What if the administrator's FTP password is the server password? Or is the password used for domain name management? In many cases, the website password is consistent. It is also regular and even stored in plain text on a server or administrator's computer, or a high-level management computer on the OA network.
If a plaintext password can be obtained during the Penetration Process, it is helpful to master the Administrator's password naming habits! Not much nonsense. It is not practical and useful-who knows how to use it! Now open our dear penetration tool-Cain.
First select the NIC and click that setting.
500) this. width = 500 "title =" Click here to browse images in a new window "/>
500) this. width = 500 "title =" Click here to browse images in a new window "/>
Click the Snifer to start sniffing and right-click to scan the local area network.
500) this. width = 500 "title =" Click here to browse images in a new window "/>
Then press the yellow ARP icon in the lower left corner.
500) this. width = 500 "title =" Click here to browse images in a new window "/>
Click the blue plus sign to add the machine for sniffing.
500) this. width = 500 "title =" Click here to browse images in a new window "/>
Select your router address on the left. Select all on the right. Or select your own IP address. Here I select all. Click the yellow radiation icon to start sniffing.
500) this. width = 500 "title =" Click here to browse images in a new window "/>
Enter the password subpage, which is the password page that is sniffed out. The START is empty. In this case, flashfxp is enabled on the local machine for connection. Then, view the Cain sniffing result after the connection:
500) this. width = 500 "title =" Click here to browse images in a new window "/>
Here we can see that our password was restored to plain text when flashfxp logged on to ftp. How to use it after obtaining the plain text depends on everyone's capabilities. The idea should be flexible! This password may not only be the administrator's QQ or email password, but also the server password, domain name management password, or even the website database connection password...