{"id":805,"date":"2015-09-02T10:51:47","date_gmt":"2015-09-02T07:51:47","guid":{"rendered":"https:\/\/furkansandal.com\/pcap-dosyalari-uzerinden-smtp-trafik-analizi\/"},"modified":"2015-09-02T10:51:47","modified_gmt":"2015-09-02T07:51:47","slug":"pcap-dosyalari-uzerinden-smtp-trafik-analizi","status":"publish","type":"post","link":"https:\/\/furkansandal.com\/pcap-dosyalari-uzerinden-smtp-trafik-analizi\/","title":{"rendered":"PCAP Dosyalar\u0131 \u00dczerinden SMTP Trafik Analizi"},"content":{"rendered":"
sansforensics@siftworkstation:\/opt\/smtpdump$ sudo .\/findsmtpinfo.py -p evidence02.pcap\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014-Report: 192.168.001.159.01036-064.012.102.142.00587<\/p>\n

\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014-<\/p>\n

\u00a0<\/p>\n

Found SMTP Session data<\/p>\n

SMTP AUTH Login: [email\u00a0protected]<\/p>\n

SMTP AUTH Password: 558r00lz<\/p>\n

SMTP MAIL FROM: <[email\u00a0protected]><\/p>\n

SMTP RCPT TO: <[email\u00a0protected]><\/p>\n

Found email Messages<\/p>\n

\u2013 Writing to file: .\/report\/messages\/1\/192.168.001.159.01036-064.012.102.142.00587.msg<\/p>\n

\u2013 MD5 of msg: e295a3990b3987a8864383832fea6df9<\/p>\n

\u2013 Found Attachment<\/p>\n

\u2013 Writing to filename: .\/report\/messages\/1\/part-001.ksh<\/p>\n

\u2013 Type of Attachement: text\/plain<\/p>\n

\u2013 MDS of Attachement: 541812ed71a51b9c1ae07741ed5ae63c<\/p>\n

\u2013 Found Attachment<\/p>\n

\u2013 Writing to filename: .\/report\/messages\/1\/part-001.html<\/p>\n

\u2013 Type of Attachement: text\/html<\/p>\n

\u2013 MDS of Attachement: 18d3f88dbc6b152aba923e8c083033f9<\/p>\n

\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014-<\/p>\n

Report: 064.012.102.142.00587-192.168.001.159.01038<\/p>\n

\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014-<\/p>\n

\u00a0<\/p>\n

Found SMTP Session data<\/p>\n

\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014-<\/p>\n

Report: 064.012.102.142.00587-192.168.001.159.01036<\/p>\n

\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014-<\/p>\n

\u00a0<\/p>\n

Found SMTP Session data<\/p>\n

\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014-<\/p>\n

Report: 192.168.001.159.01038-064.012.102.142.00587<\/p>\n

\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014-<\/p>\n

\u00a0<\/p>\n

Found SMTP Session data<\/p>\n

SMTP AUTH Login: [email\u00a0protected]<\/p>\n

SMTP AUTH Password: 558r00lz<\/p>\n

SMTP MAIL FROM: <[email\u00a0protected]><\/p>\n

SMTP RCPT TO: <[email\u00a0protected]><\/p>\n

Found email Messages<\/p>\n

\u2013 Writing to file: .\/report\/messages\/2\/192.168.001.159.01038-064.012.102.142.00587.msg<\/p>\n

\u2013 MD5 of msg: 844661d8332eb00e537a8b15deedf269<\/p>\n

\u2013 Found Attachment<\/p>\n

\u2013 Writing to filename: .\/report\/messages\/2\/part-001.ksh<\/p>\n

\u2013 Type of Attachement: text\/plain<\/p>\n

\u2013 MDS of Attachement: ba2c98f65f3f678b6a71570adcf362f4<\/p>\n

\u2013 Found Attachment<\/p>\n

\u2013 Writing to filename: .\/report\/messages\/2\/part-001.html<\/p>\n

\u2013 Type of Attachement: text\/html<\/p>\n

\u2013 MDS of Attachement: d07c3b721fed36a725c01e4827c1a563<\/p>\n

\u2013 Found Attachment<\/p>\n

\u2013 Writing to filename: .\/report\/messages\/2\/secretrendezvous.docx<\/p>\n

\u2013 Type of Attachement: application\/octet-stream<\/p>\n

\u2013 MDS of Attachement: 9e423e11db88f01bbff81172839e1923<\/p>\n

\u2013 ZIP Archive attachment extracting<\/p>\n

\u2013 Found file<\/p>\n

\u2013 Writing to filename: .\/report\/messages\/2\/secretrendezvous.docx.unzipped\/[Content_Types].xml<\/p>\n

\u2013 Type of file: application\/xml<\/p>\n

\u2013 MDS of File: f7a7f13f9d124fcc3527e57f342a0979<\/p>\n

\u2013 Found file<\/p>\n

\u2013 Writing to filename: .\/report\/messages\/2\/secretrendezvous.docx.unzipped\/_rels\/.rels<\/p>\n

\u2013 Type of file: None<\/p>\n

\u2013 MDS of File: 77bf61733a633ea617a4db76ef769a4d<\/p>\n

\u2013 Found file<\/p>\n

\u2013 Writing to filename: .\/report\/messages\/2\/secretrendezvous.docx.unzipped\/word\/_rels\/document.xml.rels<\/p>\n

\u2013 Type of file: None<\/p>\n

\u2013 MDS of File: c9c49c2d0f5b9a5ce63d1e0d86bb5e25<\/p>\n

\u2013 Found file<\/p>\n

\u2013 Writing to filename: .\/report\/messages\/2\/secretrendezvous.docx.unzipped\/word\/document.xml<\/p>\n

\u2013 Type of file: application\/xml<\/p>\n

\u2013 MDS of File: 5b1a947f30db83f4170b009dedd38fab<\/p>\n

\u2013 Found file<\/p>\n

\u2013 Writing to filename: .\/report\/messages\/2\/secretrendezvous.docx.unzipped\/word\/media\/image1.png<\/p>\n

\u2013 Type of file: image\/png<\/p>\n

\u2013 MDS of File: aadeace50997b1ba24b09ac2ef1940b7<\/p>\n

\u2013 Found file<\/p>\n

\u2013 Writing to filename: .\/report\/messages\/2\/secretrendezvous.docx.unzipped\/word\/theme\/theme1.xml<\/p>\n

\u2013 Type of file: application\/xml<\/p>\n

\u2013 MDS of File: 9d84374caf9c73ec77677afd23cb7b22<\/p>\n

\u2013 Found file<\/p>\n

\u2013 Writing to filename: .\/report\/messages\/2\/secretrendezvous.docx.unzipped\/word\/settings.xml<\/p>\n

\u2013 Type of file: application\/xml<\/p>\n

\u2013 MDS of File: 4788c0aa840fb18d7e5bd74936317dcc<\/p>\n

\u2013 Found file<\/p>\n

\u2013 Writing to filename: .\/report\/messages\/2\/secretrendezvous.docx.unzipped\/word\/webSettings.xml<\/p>\n

\u2013 Type of file: application\/xml<\/p>\n

\u2013 MDS of File: 15065d2de3eddbb09d84337a09fd7985<\/p>\n

\u2013 Found file<\/p>\n

\u2013 Writing to filename: .\/report\/messages\/2\/secretrendezvous.docx.unzipped\/word\/styles.xml<\/p>\n

\u2013 Type of file: application\/xml<\/p>\n

\u2013 MDS of File: d0c2c9bec6e9c2597b174ababf1b2191<\/p>\n

\u2013 Found file<\/p>\n

\u2013 Writing to filename: .\/report\/messages\/2\/secretrendezvous.docx.unzipped\/docProps\/core.xml<\/p>\n

\u2013 Type of file: application\/xml<\/p>\n

\u2013 MDS of File: 32ecd3799f69751a53ce10825372fd36<\/p>\n

\u2013 Found file<\/p>\n

\u2013 Writing to filename: .\/report\/messages\/2\/secretrendezvous.docx.unzipped\/word\/numbering.xml<\/p>\n

\u2013 Type of file: application\/xml<\/p>\n

\u2013 MDS of File: 5583fc19ed6bdf4ee5402f32ef42c492<\/p>\n

\u2013 Found file<\/p>\n

\u2013 Writing to filename: .\/report\/messages\/2\/secretrendezvous.docx.unzipped\/word\/fontTable.xml<\/p>\n

\u2013 Type of file: application\/xml<\/p>\n

\u2013 MDS of File: de2ae9c06e07370391b996f069f1dfba<\/p>\n

\u2013 Found file<\/p>\n

\u2013 Writing to filename: .\/report\/messages\/2\/secretrendezvous.docx.unzipped\/docProps\/app.xml<\/p>\n

\u2013 Type of file: application\/xml<\/p>\n

\u2013 MDS of File: b3923a08674ac7c56babca89c3409107<\/p>\n

\u00a0<\/p>\n

\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014-<\/p>\n

Writing complete report to: .\/report\/output-report.txt<\/p>\n

MD5 Hash of report: c438ddd8d1e70f0c46a76ea2001273d9<\/p>\n

Finished<\/p>\n

sansforensics@siftworkstation:\/opt\/smtpdump$<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

sansforensics@siftworkstation:\/opt\/smtpdump$ sudo .\/findsmtpinfo.py -p evidence02.pcap\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014-Report: 192.168.001.159.01036-064.012.102.142.00587 \u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014- \u00a0 Found SMTP Session data SMTP AUTH Login: [email\u00a0protected] SMTP AUTH Password: 558r00lz…<\/p>\n","protected":false},"author":1,"featured_media":467,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","footnotes":""},"categories":[6,1,9,10,3,7,4],"tags":[78,76,88,89,26,83,81,79,82,77,80,84,85,87,86],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2015\/08\/avatar242556_315-150x150.jpg?fit=150%2C150&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6BM7I-cZ","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts\/805"}],"collection":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/comments?post=805"}],"version-history":[{"count":0,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts\/805\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/media\/467"}],"wp:attachment":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/media?parent=805"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/categories?post=805"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/tags?post=805"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}