Sniffing

Course
Time
1 hour 12 minutes
Difficulty
Beginner
CEU/CPE
2

Video Transcription

00:01
everyone. Welcome back to the course of the last video. We went ahead and, uh,
00:05
we make sure our virtual machines were on. We went ahead and launch party. We attempted of initial connection against P lab D. C. 01 We found that that would not connect until net potentially because maybe it's not listening on the port for that particular server. We then tried again with P Lab D M 01 which was the one in itude of 168.0 dot two i p address
00:25
and we were successful. Or at least you should have been successful
00:28
in establishing and telling that connection. It would have been asked you for the use of him password again that was gonna be administrated with a capital A And then the password was password with a capital P and a zero instead of ah, instead of an Oh, excuse me.
00:41
And so that took us to question number two. Were you able to gain access? In my case, the answer was yes. And actually, in your case, hopefully the answer was yes, as well
00:50
are. So now what we're gonna do, we're gonna click back on Pete lab d M 01 So we're hearing step 22 of our step by step guide. Now we're gonna stop the wire shop packed capture. Let's go and do that now. So you click back on P lab D M 01 and then just click this little red square icon at the top of wire shark here on the top left to stop our capture.
01:10
Let's go back to our lab document.
01:12
So now in the applied display filter box, we'll risk it is gonna be applying Telnet as our filter.
01:19
I want you to keep in mind, though, just kind of fire. And that's why notated to hear Sometimes this life is a little slow and flying the filter so it might take a few seconds or so to respond to the command that you've typed in. So just kind of f y I on that.
01:32
And then what we're gonna do is we're just gonna basically right click and follow. The TCP streams s so similar to what we had done in the previous lab. We're gonna follow the TCP stream now slightly different, because is a different version of wire shark. We're gonna be selecting follow and then tasty piece dream after we right click It's not just gonna be followed TCP Street, So just kind of f y I and you'll see what I'm talking about
01:52
in just a moment. So first things first,
01:53
let's go ahead and filter this So we're just gonna
01:56
type. And they were telling that here in this filter box of the top, and then just click this little arrow right here to go ahead and apply that filter.
02:02
You'll see once we do that to protocol, just changes to say only Telnet. And we're good to go there.
02:08
Now what we're gonna do again is just right. Click now
02:13
and select Follow.
02:15
It's about halfway down there 3/4 of the way down and then TCP streams.
02:20
And so what you're looking for is you want to look for the user name and password. Now you want to look for the user name and password we typed in some instances with this particular environment, sometimes it saves if you kind of fat fingered a previous user name and password or anything, or just kind of entered one falsely on purpose,
02:37
Sometimes it will save it for some strange reason and And when you go to do this, like lab again,
02:42
um, it will just basically save that in there. So when you look at the package capture So I'm saying all that to say that this is why you're seeing that the log in name, at least on my end, is showing this, So that's likely the cause. Now, after seeing that on your end, definitely let me know, because that means there's an issue with the lab itself. But I know for a fact I've type this in
03:01
on purpose before,
03:02
um, and that's what I can and consistently seeing. So it's either an heir with the lab or it's just me typing that in, and it's saving the information. So either way, not really applicable to much to what we're doing in this particular lap.
03:16
So we do see that there is a user name or password there. So question number three, for me at least, was a yes. Now, if you don't see a user name or password there than make sure you just continue repeating the step of right clicking, opening the packet, you know the TCP stream and taking little taking a look to see if the use of him prosper is in there
03:36
again. Our goal here is to take a look and see if
03:38
we can find a user name and password.
03:42
So we see here that, yes, I did. Having using the press were there potentially. That's something valuable in this case, it's not, You know, it's just a test environment, but in some cases it might be valuable information that we can then use to compromise. Ah, system. Or we can use it to change somebody's password than you know, escalate privilege privileges
03:59
depending on the type of user they are etcetera, etcetera. So many things we could potentially do with that
04:02
again. Just another tool in the arsenal that we can use a CZ wire shark.
04:08
So this love we just touched on some more use of wire shark on the next video, we're gonna go over actually applying some different filters and in addition to the tell that we just didn't know. Why should we apply some filters to TCP dump is Wallace wire shirt

Up Next

Sniffing

This course covers basic sniffing as part of a penetration test. Attackers and penetration testers use sniffing to analyze network packets for information.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor