Finding Plaintext Credentials

Using Teleseer to find plaintext credentials

Overview

When computers connect to other computers using insecure protocols (FTP, HTTP, SNMP, etc), important information may be sent across the wire in plaintext.

Teleseer allows you to view this information within the Inspector panel.

Example

For this example, we'll be using the MACCDC 2012 demo project.

  1. Load the MACCDC 2012 f0016 Demo Project
  2. When the project loads, enter 192.168.202.102 within the search text field
Searching for IP address

Searching for IP address

  1. Left-click on the result to zoom to it in the topology
  2. Left-click on the asset within the topology to select it
Selecting an asset

Selecting an asset

  1. Expand the Events value within the Timeline protocol listing
Authentication Events

Authentication Events

  1. Left-click on the desired event
  2. Within the Inspector panel, scroll down to the bottom
  3. Hover the desired event to see more information
Authentication event credentials

Authentication event credentials