From owner-freebsd-isp@FreeBSD.ORG Tue Apr 13 11:34:36 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 46C5916A4CE for ; Tue, 13 Apr 2004 11:34:36 -0700 (PDT) Received: from mail1.icnspot.net (icnspot.net [62.68.63.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3C2D543D60 for ; Tue, 13 Apr 2004 11:34:30 -0700 (PDT) (envelope-from putinas.piliponis@icnspot.net) Received: from freebsd.icnspot.net (localhost [127.0.0.1]) by kavanti.icnspot.net (Postfix) with SMTP id D3B7415358; Tue, 13 Apr 2004 20:34:23 +0200 (EET) Received: from pilkisnote (pilkisnote.spo-tripoli.local [192.168.100.4]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by mail1.icnspot.net (Postfix) with ESMTP id B1586152F5; Tue, 13 Apr 2004 20:34:23 +0200 (EET) Message-ID: <000d01c42185$f15c9500$0464a8c0@spotripoli.local> From: "Putinas Piliponis" To: "John Fox" , References: <20040413180323.GA13554@mind.net> Date: Tue, 13 Apr 2004 20:34:23 +0200 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="windows-1251"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2096 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2096 Subject: Re: tcpdump for sniffing POP3 -- methods ? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Apr 2004 18:34:36 -0000 ----- Original Message ----- From: "John Fox" To: Sent: Tuesday, April 13, 2004 20:03 Subject: tcpdump for sniffing POP3 -- methods ? > We've got a Windows machine running IMail and authenticating > POP3 from an NT Primary Domain Controller. > > Our plan is to move these users over to our UNIX system, but we > don't have a record of their passwords. This means we need to > either > > 1) Grab them out of the files on the PDC. (I think this is > not possible.) > It's very possible and very easy actually. Use the program pwdump3 on the pdc and you will get dump suitable for john the ripper password cracker. after a while you will have all the passwords. ( or as well cain, Lopht cracker or any other ) and your method two probably is more complex, because if its using authentification mechanism on domain - they are not plain passwords as well > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > >