Sniffing the Unsniffable on Windows

est16y ago· 1 in thread

alternatively if you want SYSTEM privileged cmd.exe on Windows XP (not on Vista, sorry) and you don't have SysInternal's psexec, you can try this:

    C:\> time /t
     9:42
    C:\> at 9:43 /interactive cmd

then at 9:43 a cmd.exe shell pops up.

And HTTPAnalyzer could sniff HTTPS traffic easily. It's DLL injection and it can un-gzip data.

markgamacheOP16y ago

AT no longer allows running as local system.

HTTPAnalyzer is great for HTTPS, but not pure SSL, such as LDAPS, in the example.

rawr16y ago· 1 in thread

I am very pleased to see a legitimate post about hacking on Hacker News. Well played, sir.

I have similar feelings about Detours. Microsoft Research is in their own little world sometimes.

daeken16y ago

On the subject of Detours, I suggest checking out EasyHook: http://www.codeplex.com/easyhook

It's under a free license, lets you write hooks not only from C/C++, but also from any .NET language (architecture-independent). It makes any sort of API hooking a breeze.

Edit: Forgot to mention, it automatically sets up a remoting channel for you. That way, you can do IPC between your hooking application and the hookee trivially.

joshu16y ago

"sniffing the unsniffable" sounds way more racy than it ought to.

FahnRobier16y ago

stunnel is also a nice way to debug ssl connections when you only control one side of the connection: http://www.stunnel.org/examples/

As a client, you would stunnel local:389 to remote:636. As a server you would stunnel local:636 to local:389.

Then you can sniff on the unencrypted port with wireshark,etc.

Thanks for the pointer to detours.

Sniffing the Unsniffable on Windows (opens in new tab)

Sniffing the Unsniffable on Windows (opens in new tab)

6 comments

6 comments