ladies and gentlemen, Hello and welcome to part one of post exploitation hacking
the basics of networking.
I will again be your host Juice Perry. I am the residents. Me on this particular subject as well is all around fun guy.
All right. Our goals in this are going to be ensuring that everyone understands certain basic networking subjects were gonna go quickly through the Osan model. We're gonna discuss TCP I t v i p u t p i c m p et cetera, et cetera.
We're going to make sure everyone kind of has a level playing field with regards to networking subjects. Ah, low level specifically.
And we're going to examine packet breakdown to familiarise ourselves with what we're going to be seeing in the gathering information section.
That's going to be a very hefty portion of what you do in post exploitation, and you need to be able to actually understand what the packets are telling you.
People wanna learn about networking should be here. People who are unfamiliar with what a pack it looks like on the inside should be here, and people who like videos about computer stuff go ahead and be here too,
who should not be here.
People who have already done low level networking you worked with Ross Sockets. If you've done any sort of packet sniffers yourself, you'll be good to go.
People who have spent time examining wire short captures wire shark is essentially what we're gonna be looking at will be looking at a break out of a similar type of packet sniffer so that we can understand what packets look like on the inside and what they can tell us
and people who don't like videos about computer stuff. Although, to be fair, if you don't like to use a computer stuff, I know this isn't really a site for you, but hey,
teach their own. So we're gonna go ahead and dig right into this, starting out with the OS I model.
Now the first layer of the O. S I model is the physical layer. Visual layer is the copper, the fiber of the wireless, whatever it's the actual transmission medium.
Uh, whatever it travels over is our physical layer.
It's in no way software, so you may often hear that this is the bits and bytes layer that's actually not correct. That's the data. Linklater Physical Layer is the actual physical object that you're using.
It's what carries the bits and bytes.
We won't really deal with that very much at this point. That's not really of great importance to the post explain hacker.
It's really something that's going to be useful to us, a sad man. It's a layer that we just don't really bother with
next layer. However, the data link later, we bother with a whole bunch. Mac addresses are very important to us. Mac addresses what exists in this layer. It's how in interface is I d'd. We'll discuss the specifics of Mac address in just a moment. But essentially the data link layer is the bits of the bites, the people on your side of a router.
Everyone who's on the same network as you, usually the same sub net as you.
Next layer up is gonna be your network layer Network Layer is what we commonly think of as the Internet. It's where I P addresses happen. It's how you communicate with people on the other side of a Robert.
Everything that goes from one writer to the next exists at a network layer
and has a network layer in the packet. And it works better. And I p header, so to speak, or an I P header, for example, something similar to that
nicely up his transport layer. That's where TCP and UDP exists. That's reports get get a sign. That's where service is actually No, to communicate all sorts of fun stuff like that. Above that is the session layer, where applications will actually communicate with one another where data is kind of sent across and read from the network stack presentation.
This is the layer between the network in the user. This is where
decryption happens, where bite orders flipped and swapped and all the things were done to make the data looked pretty,
which leads, of course, to the application layer, which is what your application sees. It's what actually will get spit out to the screen so normally, when you're surfing the Internet, you know 100% of the things most people will ever see on the Internet are the application layer, which is, you can tell is just the tiny, tiny, tiny tip of the iceberg. All right, so that's the less I model we're gonna go ahead and begin to the second layer
again. We're not going to bother with the physical layer because that doesn't affect us. So second, layer the data link layer. This is where, as I said, Mac addressing happens
Now Mac addresses associated with a specific network interface,
and it's made up of six bites.
The 1st 3 bites are manufacturer specific bites we're going to see, particularly through the course of this class. We're going to be seeing the BM wear manufacturer specific bites because most of what we're gonna be doing is in Vienna.
The 2nd 3 bites are theoretically unique,
I say theoretically, because they're actually not. We ran a I P V four addresses a very long time ago, and I assure you, we're gonna We ran out of ah out of these three bites worth of addressing space much, much earlier than that, however, their unique enough. And that's an important thing to understand. Mac addresses only matter on your side of a writer,
they're only for you to actually communicate across that physical medium
that we discussed a moment ago
so long as you're Mac address doesn't also exist on the same network is your current machine. You're not gonna have a collision. You're not gonna have a problem. But it is important to understand that it's not actually perfectly unique and that can theoretically pose an issue and has, in the past, posting issue
for companies that got two devices that happened to have the same Mac. But next layer up
next layer is the network layer. And that's as I said, where I pee addressing happens. There are two primary I p addressing protocols HPV for the one that everybody knows and loves and is used to.
And of course, I p v six the one that very few people really understand and even fewer people actually use.
We're gonna kind of dig into both first things first I pee before
I mean before is a four bite addressing scheme that looks like this right here.
Now these four bites can tell us quite a bit.
They can tell us what network exists on they can, even once we start digging into an actual configuration of it, tell us how many other machines might exist on that same network. But all they really tell us right now, is the unique address. And again, like with Max, I pee before addresses aren't exactly unique, but everything that exists on the same network will have a different I p.
And anything that can see something else on that network
needs to have a different I p I p addresses or not like Max Max are actually burned into a device I p addresses can be assigned at any time.
So the I P address may well be unique, but it may also change with no real warning. That's something you're gonna want to keep in mind as you're going.
An important thing to know about Ivy before is that it is ancient. It is old as dirt I pee before is more than 30 years old, which in computer terms is about as old as you can really get.
It was created by R C 791 in the year 1981.
It was originally designed as sort of the testing address for the Internet. It was never meant to be something that was used for any real length of time. It was just something that was used to kind of make sure the Internet worked like they thought it would work. But as any good developer will tell you, that temporary testing measure we put in is usually the one that makes it to production.
Now, on the other hand, we're looking at I P B six at P. V six is a 16 bite addressing scheme.
It's got much, much, much, much, much more room. And obviously it looks like this down here, which is somewhat harder to write and certainly harder to read. Although they did put in certain measures, which make it a little bit easier to do that, we won't be discussing those here. That's more for an actual networking class on. What is important to note
is that it's much newer, is about 15 years younger than I pee before, although to be fair, it's still more than it's still nearly 20 years old, which is very, very old in computer terms,
however, what is very handy about IBV six pretty Leader From the perspective of a security professional,
suddenly about 4% of people use it. What that means for us is that while I B B six exists on almost all the devices that you're ever going to find, very, very tiny fraction of people actually make use of it. Which means that a roughly equivalent fraction of people actually do anything to protect against it or to protect it.
So your I p addressing schemes of I P B six are often going to be able to sneak by a firewall that hasn't been properly configured to watch for them.
So where it might only accept certain I'd be four addresses or my block, sir. And I'd be before addresses very often. If you go through with a BB six, it will never know you were there.