Finding Plaintext Credentials

Overview

When computers connect to other computers using insecure protocols (FTP, HTTP, SNMP, etc), important information may be sent across the wire in plaintext.

Teleseer allows you to view this information within the Inspector panel.

📘

New Feature: Credentials Tab

Follow the steps below or check out the new Credentials tab!

Example

For this example, we'll be using the MACCDC 2012 demo project.

1. Load the MACCDC 2012 f0016 Demo Project

2. When the project loads, enter 192.168.202.102 within the search text field

3. Left-click on the result to zoom to it in the topology

4. Left-click on the asset within the topology to select it
   [block:image]
   {
   "images": [
   {
   "image": [
   "https://files.readme.io/e952608-image.png",
   null,
   null
   ],
   "align": "center",
   "border": true,
   "caption": "Asset selection"
   }
   ]
   }
   [/block]

5. Expand the Events value within the Timeline protocol listing
   [block:image]
   {
   "images": [
   {
   "image": [
   "https://files.readme.io/0463503-image.png",
   null,
   null
   ],
   "align": "center",
   "border": true,
   "caption": "Authentication events"
   }
   ]
   }
   [/block]

6. Left-click on the desired event

7. Within the Inspector panel, scroll down to the bottom

8. Hover the desired event to see more information
   [block:image]
   {
   "images": [
   {
   "image": [
   "https://files.readme.io/4230867-image.png",
   null,
   null
   ],
   "align": "center",
   "border": true,
   "caption": "Authentication event credentials"
   }
   ]
   }
   [/block]