C:Program FilesCommon FilesMicrosoft Sharedweb server extensions12TEMPLATELAYOUTS
Determine when Windows was installed
systeminfo | find /i “install date”
MS Network Monitor: Address listing
Its much easier to sniff using Microsoft Network Monitor when you import the addresses you care about in .adr format. Just create a text file, and add each address on a single line, like this:
1,172.27.9.40=USATL01MT235,
1,172.27.66.58=Jeff’s Desktop,
Then start NetMon and import the addresses.
Sniffing a browser authentication
A 401 response message is used by an web server to challenge the authorization of a user agent connecting anonymously. After receiving a 401 response, a browser will include an Authorization header field with the next request. The Authorization field contains credentials with the authentication information of the user agent for the resource being requested.
I used Wireshark to sniff this request-response stream on an Apache web server (asking for a virtual host called “/manual” protected by Basic authentication), and it looks like this:
| Client | Server |
| SYN | |
| SYN,ACK | |
| ACK | |
| HTTP Request(GET /manual) | |
| ACK | |
| HTTP 401 Authorization Required response to browser including WWW-Authenticate: Basic header | |
| FIN,ACK | |
| ACK | |
| FIN,ACK | |
| ACK |
(Repeat TCP sequence again, but browser sends proper credentials this time, and gets a 304 Not Modified response)