Re: Snarf files from a sniff dump

From: Neil (neil@voidfx.net)
Date: Sat Feb 25 2006 - 12:35:36 EST

• Next message: 4secure@web.de: "RE: Snarf files from a sniff dump"
• Previous message: Neil: "Re: Windows Administrator access"
• In reply to: Shenk, Jerry A: "RE: Snarf files from a sniff dump"
• Next in thread: freed0m [hacktimes.com]: "Re: Snarf files from a sniff dump"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Shenk, Jerry A wrote:
> Ethereal will do that. If you right-click on a packet, you can "follow
> TCP stream". Depending what your goal is, that may be enough. If it is
> a text document, you'll clearly see the text.
>
> If it's not a text document, you will probably need to work a little
> harder. I've never done what you're talking about for a printer file
> but I'm guessing that you're gonna see pretty much a raw printer data
> stream that can simply be sent back to the printer to get a printed
> output.
>
>
> -----Original Message-----
> From: 4secure@web.de [mailto:4secure@web.de]
> Sent: Friday, February 24, 2006 8:19 AM
> To: pen-test@securityfocus.com
> Subject: Snarf files from a sniff dump
>
> Hi List Members!
>
>
> I am looking for a tool to snarf files (e.g. Word documents etc.) from a
> sniff dump (e.g. ethereal or tcpdump) in an M$ Windows LAN (SMB) or
> between a client and a printer (PS, PCL etc.). Does someone know such
> tools (I know Dsniff, but it is not exactly what I am looking for)?
>
> Thanks!
>
> Istvan

You might try what was suggested above. A lot will depend on how the
client talks to the printer. I know with HPs, you can just telnet right
into port 9100, type whatever you want, and when you close the
connection, everything you typed will just spew out printed. If the
connection is something like that, then plaintext snarfing plus some
editting might get you the document.

-Neil

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: 4secure@web.de: "RE: Snarf files from a sniff dump"
• Previous message: Neil: "Re: Windows Administrator access"
• In reply to: Shenk, Jerry A: "RE: Snarf files from a sniff dump"
• Next in thread: freed0m [hacktimes.com]: "Re: Snarf files from a sniff dump"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:34 EDT