Follow by Email

Search This Blog

Youtube Videos

Featured post

SocialFish V3 - The Ultimate Phishing Tool

SocialFish V3 - The Ultimate Phishing Tool Educational Phishing Tool & Information Collector Setting Up SocialFish Prerequis...

Recent PostAll the recent news you need to know

Wireshark Filters

Wireshark Filters
Wireshark is the world's most advanced network protocol analyzer. It allows you to see at the microscopic level what is happening in your network.
Wireshark Filters

Table of contents

    Wireshark Starter Filters

    In Wireshark just a huge number of various filters. And there is a lot of documentation on these filters, which is not so easy to understand. I collected the most interesting and most frequently used Wireshark filters for me. For novice users, this can be a bit of a Wireshark filter reference, a starting point for exploring. Also here in the comments I suggest you share the running filters that you often use, as well as interesting finds - I will add them to this list.

    Remember that Wireshark has display filters and capture filters. Here I consider the display filters that are entered in the main window of the program in the top field immediately below the menu and icons of the main functions.

    Metasploit with Docker and Kubernetes

    Running Metasploit with Docker and Kubernetes
    Metasploit with Docker and Kubernetes

    About this article
    This article is intended to make it easy to build a penetration test environment without complicated settings if Docker and Kubernetes are introduced.

    [If you implement the contents of this article to a server or network that you do not manage yourself, please be aware that it may violate the unauthorized access prohibition law]
    Environment used in this article
    $ cat /etc/lsb-release 
    DISTRIB_ID=Ubuntu
    DISTRIB_RELEASE=16.04
    DISTRIB_CODENAME=xenial
    DISTRIB_DESCRIPTION="Ubuntu 16.04.5 LTS"
    $ docker --version
    Docker version 18.09.0, build 4d60db4
    $ minikube version
    minikube version: v0.29.0
    Things necessary
    All things to use this time are in GitHub and Docker Hub . Since GitHub also has a Dockerfile of Metasploit images etc., please remodel it so that it is easy to use. Let's get the things we need by executing the commands below in order.
    $ git clone https://github.com/SauravBrahma/MetasploitImage.git
    $ docker pull sauravbrahma/metasploit_image
    $ docker pull tleemcjr/metasploitable2
    Now that you have got what you need, let's move it.

    Intercept Passwords With Wireshark

    Interception of passwords with Wireshark
    Many users do not even realize that by filling in the login and password when registering or authorizing on a closed Internet resource and pressing ENTER, this data can easily be intercepted. Very often they are transmitted over the network in a non-secure manner. Therefore, if the site on which you are trying to log in uses the HTTP protocol, it is very easy to capture this traffic, analyze it using Wireshark and then use special filters and programs to find and decode the password.

    The best place to intercept passwords is the core of the network, where all users' traffic goes to closed resources (for example, mail) or in front of the router to access the Internet when registering with external resources. Adjust the mirror and we are ready to feel like a hacker.

      Step 1. Install and run Wireshark to capture traffic

      .
      capture traffic
      Sometimes for this purpose it is enough to select only the interface through which we plan to capture traffic, and click the Start button. In our case, do capture over the wireless network.
      Wireshark
      Traffic capture has begun.

      Step 2. Filtering captured POST traffic


      We open the browser and try to log in to any resource using the login and password. Upon completion of the authorization process and the opening of the site, we stop capturing traffic in Wireshark. Next, open the protocol analyzer and see a large number of packets. It is at this stage that most IT professionals give up, because they do not know what to do next. But we know and we are interested in specific packages that contain POST data that is generated on our local machine when the form is filled on the screen and sent to the remote server when you click the "Login" or "Authorization" button in the browser.

      Enter in the window a special filter to display captured packets: http. request. method == “ POST”
      And we see instead of a thousand packages, only one with the data we are looking for.

      Step 3. Find the username and password


      Quick-click the right mouse button and select the Follow TCP Steam item from the menu.
      After that, a new window will display the text, which in the code restores the contents of the page. Find the fields “password” and “user”, which correspond to the password and user name. In some cases, both fields will be easily readable and not even encrypted, but if we try to capture traffic when accessing very well-known resources like Mail.ru, Facebook, Vkontakte, etc., then the password will be encoded:
      HTTP / 1.1 302 Found
      Date: Mon, 10 Nov 2014 23:52:21 GMT
      Server: Apache / 2.2.15 (CentOS)
      X-Powered-By: PHP / 5.3.3
      P3P: CP = "NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
      
      Set-Cookie: non = non; expires = Thu, 07-Nov-2024 23:52:21 GMT; path = /
      
      Set-Cookie: password = e4b7c855be6e3d4307b8d6ba4cd4ab91 ; expires = Thu, 07-Nov-2024 23:52:21 GMT; path = /
      
      Set-Cookie: scifuser = networkguru; expires = Thu, 07-Nov-2024 23:52:21 GMT; path = /
      Location: loggedin.php
      Content-Length: 0
      Connection: close
      Content-Type: text / html; charset = UTF-8
      Thus, in our case:
      Username: networkguru
      Password: e4b7c855be6e3d4307b8d6ba4cd4ab91

      Step 4. Determining the type of encoding for decrypting the password


      We go, for example, to the site http://www.onlinehashcrack.com/hash-identification.php#res and enter our password into the window for identification. I was given a list of coding protocols in order of priority:
      • MD5
      • NTLM
      • MD4
      • LM

      Step 5. Deciphering user password

      At this stage, we can use the hashcat utility:
      ~ # hashcat -m 0 -a 0 /root/wireshark-hash.lf /root/rockyou.txt
      At the output we got the decrypted password: simplepassword

      Thus, using Wireshark, we can not only solve problems in the operation of applications and services, but also try ourselves as a hacker, intercepting passwords that users enter in web forms. You can also learn passwords to user mailboxes using simple filters to display:
      • The POP protocol and filter looks like this: pop.request.command == "USER" || pop.request.command == "PASS"
      • IMAP protocol and filter will be: imap.request contains "login"
      • SMTP protocol and you will need to enter the following filter: smtp.req.command == "AUTH"
      and more serious utilities to decrypt the encoding protocol.

      Step 6. What if the traffic is encrypted and using HTTPS?

      There are several options for answering this question.
      Option 1: Connect to the disconnection between the user and the server and capture traffic at the time the connection is established (SSL Handshake). At the time of the connection, you can intercept the session key.

      Option 2: You can decrypt HTTPS traffic using the session key log file written by Firefox or Chrome. To do this, the browser must be configured to write these encryption keys to a log file ( example based on FireFox), and you must receive this log file. In essence, it is necessary to steal a file with a session key from another user's hard drive (which is illegal). Well, then grab traffic and use the received key to decrypt it.

      Refinement. We're talking about the web browser of the person who is trying to steal the password. If we mean decoding our own HTTPS traffic and want to practice, then this strategy will work. If you are trying to decrypt HTTPS traffic of other users without access to their computers, this will not work - for that it will encrypt and private space.

      After receiving the keys for option 1 or 2, you must register them in WireShark:
      • Go to the menu Edit - Preferences - Protocols - SSL.
      • Set the flag “Reassemble SSL records spanning multiple TCP segments”.
      • "RSA keys list" and click Edit.
      • Enter data in all fields and set the path in the file with the key
      WireShark can decrypt packets that are encrypted using the RSA algorithm. If the algorithms used are DHE / ECDHE, FS, ECC, the sniffer is not our helper.

      Option 3. Get access to the web-server, which the user uses, and get the key. But it is even more challenging. In corporate networks for the purpose of debugging applications or content filtering, this option is implemented on a legal basis, but not in order to intercept user passwords.

      How to decrypt WiFi traffic in Wireshark

      Decrypt WPA traffic in Wireshark
      Let's start with the theory to understand why the process of decrypting Wi-Fi traffic in Wireshark requires some effort and why one cannot simply decrypt any captured Wi-Fi traffic even if there is a password from the Access Point.

      Decrypt WPA traffic in Wireshark

      When transmitting over Wi-Fi, the traffic is encrypted using PTK (the Pairwise transient key can be translated as a Pair of Transition Key). At the same time, PTK is dynamic, that is, it is created anew for each new connection. Thus, it turns out that Wi-Fi traffic for each connection in the same Access Point is encrypted with different PTK, and even for one Client after reconnection, PTK changes. To calculate PTK, you need data from a four-stage handshake, as well as a password from a Wi-Fi network (in fact, you also need other information, such as the network name (SSID), but obtaining this data is not a problem).

      How to increase WiFi TXPower

      How to increase Wifi power (TX Power) Kali Linux
      Different countries have different laws and technical regulations, including on Wi-Fi. In some countries, it is not allowed to use the frequencies of some Wi-Fi channels (for example, in the USA, channels 12, 13 and 14 cannot be used). In most countries, the limit on the power of Wi-Fi signal is 20.0 dBm. But there are countries in which there is a limit of 30.0 dBm. You can use this loophole (make Wi-Fi card think that it is in a country where 30.0 dBm is allowed) and increase its power (TX Power) to 30.0 dBm.
      How to increase WiFi TXPower

      For Wi-Fi devices, there is such a thing as a controlling domain (regulatory domain or "regdomain") - it is in this parameter that the country in which this device is supposed to work is indicated. There is also a companion database in which the permitted frequencies and the power allowed for them are recorded for each country.

      How to bypass MAC address filtering

      Bypass MAC filtering on wireless networks
      Bypass MAC filtering on wireless networks

      Filtering by MAC address (along with creating a “ hidden WiFi network ”) Wi-Fi access point is another unsuitable method of protection that costs about one or two times. And for all its worthlessness, it can cause trouble to legitimate Wi-Fi users. For example, you set up your wireless router, turned on filtering by MAC address and everything works fine. A couple of months later a friend came to you and asked to connect to your Wi-Fi - if you have not forgotten that you have MAC address filtering, then you, on behalf of the administrator, need to go into the settings of the router and enter another MAC address. Or a year later (by this time you will forget about your settings), you bought yourself a new phone or laptop and spent the evening to figure out why the Internet does not work on it ...

      what is Handshake and how to capture it in Kali Linux

      What is a handshake
      Handshake in Kali Linux

      From a technical point of view, a handshake in wireless networks is the exchange of information between the access point and the client at the time the client connects to it. This information contains a variety of keys, the exchange takes place in several stages. The process of connecting to a wireless access point is well documented and you can find a lot of information about it.
      From a practical point of view, it’s enough for us to know only two very simple things:
      • a handshake can be captured while connecting a client who knows a valid password to a wireless access point
      • the handshake contains enough information to decrypt the password.
      All wireless access points do it.
      Decrypting the password from the handshake is done by brute force (brute force, brute-force). That is why the decryption of the password in the captured handshake has a probabilistic character. Those. does not always end well.

      How to find out the name of the hidden WiFi network


      What is hidden Wi-Fi networks
      The owners of some wireless access points configure them so that they do not broadcast their name (ESSID). This is considered, in their opinion, additional protection (along with the password) .
      hidden WiFi network

      Simply put, the hidden Wi-Fi network (hidden) is a network that is not visible in the list of available networks. To connect to it, you must enter its name manually.

      In fact, this method of protection is untenable, if only because at certain moments the name of the wireless network (ESSID) is still broadcast in an open form.

      WiFite Automated Wi-Fi hacking tool

      WiFite2 Automated Wi-Fi hacking tool
      WiFite2 Automated Wi-Fi hacking tool

      There are many ways to attack a Wi-Fi network. The type of encryption, default settings of the manufacturer and the number of connected clients can determine how easy it will attack the target and which method of hacking will work best. Wifite2 is a powerful tool that automates Wi-Fi hacking, allowing you to select targets within your adapter's coverage area, and then selects the best hacking strategy for each network.
      As a rule, programs are sharpened to perform one specific function:
      • customer deauthentication
      • handshake
      • brute force
      • brute force WPS
      • etc., there are a lot of separate stages, methods.
      Features:
      • sorts targets by signal (in dB); hacking the closest access points first
      • automatically deauthenticates hidden network clients to reveal their SSID
      • a set of filters to accurately indicate what to attack (wep / wpa / both, above a certain signal strength, channels, etc.)
      • flexible settings (timeouts, packets per second, other)
      • “anonymity” functions: changing the MAC to a random address before an attack, then a reverse change when the attack is completed
      • all captured WPA handshakes are copied to the current wifite.py directory
      • WPA smart deauthentication; cycles between deauthenticating all clients and broadcast
      • stop any hacking with Ctrl + C with options to continue, go to the next target, skip hacking or exit
      • display of general information on the session upon exit; show all cracked keys
      • all passwords are saved in cracked.txt
      Homepage:  https://github.com/derv82/wifite2
      When a wireless network tester gets to work, it moves from one program to another to perform different stages of penetration, to use different methods.

      How to reset Kali Linux Password

      How to reset a forgotten password in Linux
      reset Kali Linux Password

      If you are unable to log in to the Kali Linux due to the fact that you have forgotten the password of the user account, or even if it's the right password but still wont let you login then all is not lost! Although this password cannot be recognized (using simple methods), but it can be reset and replaced with a new one, this instruction will tell you what to do if you forgot your Linux user password .

      How to change password for Linux user
      Any users from the group of administrators (whose account belongs to the wheel group ) can change the password for any other user - both for unprivileged accounts and for other administrators, including root. Those. if you have forgotten the root password, but remember the password of a user who has the right to execute commands with sudo , you can restore the password with the passwd command . To change the root password, do:
      sudo passwd
      To change the password of any user run:
      sudo passwd username
      Where instead of username you need to substitute the name of a Linux user account.
      What to do if you forget your Linux login password
      If you do not have other administrative accounts and, having forgotten the password of your Linux account, you cannot log in to the operating system, then you need a single user mode to reset the password .

      In single-user mode, no credentials (login, password) are asked for entry, while the logged in user has superuser rights. In this mode, using the familiar command passwd , it is possible to set a new password.

      The algorithm in all Linux distributions is similar:
      • Aborting the GRUB bootloader
      • Adding a boot option that includes single user mode
      • Resume boot
      • Password change with the passwd command
      • Reboot in normal mode
      Please note that the changes made in the second step (changing the boot options) are temporary - they affect only one subsequent load. Therefore, when you restart at the fifth step, you do not need to do anything - the system will turn on as usual.

      To move to the end of the line and to the beginning of the line (in the second step), use the keyboard shortcuts Ctrl + a and Ctrl + e .

      Although the algorithm for resetting the root password is similar, but there may be some nuances in different distributions, consider them in more detail.
      reset Kali Linux Password and Linux Mint, Ubuntu, Debian,  (should also work for other Debian derivatives)
      To interrupt the GRUB boot (first step) while starting the computer, press and hold the SHIFT key - it always works, even on Linux Mint, where the GRUB menu is turned off by default.
      Press the " e " key and you will proceed to edit the boot settings:

      The screen does not have the line we need, scroll with the cursor keys down and find the line starting with linux :

      First change "ro" to "rw" and then add at then end of the line the following command:
       "init =/bin/bash"
      It should look like this :
      When everything is ready, press Ctrl + x or F10 to continue.

      You will see a shell prompt, also note that we are logged in as root , i.e. we have elevated privileges, including the use of the passwd command :
      Using the passwd command, we can change the password :
      after you type the passwd command enter the new password you want
      As you can see, after this password change was successful
      Now reboot with a physical button and don't use reboot command now !
      What is the wheel group in Linux
      For computers, the term wheel refers to user accounts with the wheel bit, a system parameter that provides additional special system privileges that allow the user to execute commands for official use that other users cannot access. The term is derived from the big wheel slang phrase (literally “big wheel”), referring to a person with great power or influence. It was first used in this context with respect to the TENEX operating system, later distributed under the name TOPS-20 in the 1960s and early 1970s.

      This term was adopted by Unix users in the 1980s due to the movement of operating system developers and users from TENEX / TOPS-20 to Unix.

      Modern Unix systems typically use user groups as a security protocol for managing access rights. The wheel group is a special group of users used on some Unix systems to control access to the sudo command , which allows the user to disguise as another user (usually the superuser).

      What is single-user mode in unix
      Single-user mode is a mode in which a multi-user computer operating system is loaded into a single super-user. This mode is mainly used to serve multi-user environments such as network servers. Some tasks may require exclusive access to shared resources, for example, running fsck on a network share. This mode can also be used for security purposes — network services do not start, which eliminates the possibility of external interference. In some systems, the lost superuser password can be changed by switching to single user mode. Since at the entrance to this we decide that no password is requested, this can be considered as a security vulnerability.

      Unix-like operating systems provide a single-user mode of operation, either through the execution level in System V style, or with BSD-style loaders, or with other boot parameters.

      The run level is usually changed using the init command , the run level 1 or S will be loaded into single user mode.

      Bootloader parameters can be changed during startup before executing the kernel. On FreeBSD and DragonFly BSD, it can be changed before rebooting the system using the nextboot -o "-s" -k kernel command , and its bootloader will offer the option of booting into single-user mode.

      How to update Kali Linux

      Checking / restoring / cleaning repositories (application sources) Kali Linux Rolling 2019
      Original sources of applications (repositories) are the main key to the health of your Kali Linux.
      The warning that changing / adding new repositories, as a rule, kills the system is on the official website.
      Numerous experiences indicate that a huge number of problems are caused by errors in the sources of applications. If the standard Kali Linux instructions that work for most other users do not work for you, then 99% are due to modified kali repositories.

      The most important thing in kali linux sources list  is this  line:
      deb https://http.kali.org/kali kali-rolling main non-free contrib
      and there were no third-party application sources.
       In Kali Linux, application sources are listed in the /etc/apt/sources.list file . The normal, default content for kali sources list is as follows:
      root@Kalitut:~# cat /etc/apt/sources.list
       
      deb https://http.kali.org/kali kali-rolling main non-free contrib
      # deb-src https://http.kali.org/kali kali-rolling main non-free contrib
      if your file doesn't look like this then type this command in your terminal:
      echo -e "deb https://http.kali.org/kali kali-rolling main non-free contrib" > /etc/apt/sources.list
      This command will completely wipe the /etc/apt/sources.list file and add one line to it (you can do it manually following those commands :
      leafpad /etc/apt/sources.list
      Delete all the lines in your Repository file and add just add this one:
      deb https://http.kali.org/kali kali-rolling main non-free contrib
      Now you can update and upgrade to do so follow those commands:
      apt-get clean && apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y
      and you can follow this video showing the same steps:
       

      Installing Kali Linux in VirtualBox

      Installing Kali Linux
      This section will detail the installation process of Kali Linux in a VirtualBox virtual machine . The installation process on a real computer is very similar to the described here.

      Where to download the latest version of Kali Linux
      Kali Linux is used for penetration testing and forensic examinations. As a professional penetration tester or forensic expert, you must be absolutely sure about the integrity of your tools. If your tools are not credible, then the results of your research are also not credible.

      Even if your standards are not so high, it is still highly recommended to adhere to the actions described here, since non-genuine versions of the software can intentionally or unintentionally cause serious harm.

      Download Kali Linux (as well as any other programs) only from official sites. For Kali Linux, the official sites are https://www.kali.org/downloads and https://www.offensive-security.com/kali-linux-vmware-arm-image-download/
      These sites cannot be accessed without using SSL, which makes it difficult for a man-in-the-middle attack, which reduces the danger of getting something that you don’t download.

      What file to download?
      If you are going to install Kali Linux in a virtual machine, then pay attention to the finished images: https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/

      However, there may be fairly outdated versions, so I prefer to download the usual ISO.
      ISO images can be used as Live-systems, as well as install from them. These images can be downloaded at: https://www.kali.org/downloads/

      Kali Linux Weekly Images
      These images are available at: http://cdimage.kali.org/kali-images/kali-weekly/
      And a list of checksums for them at: https://archive.kali.org/kali-images/kali-weekly/SHA1SUMS

      64-bit, 32-bit, light-images, images for ARM architectures, images with various desktop environments are distinguished from the weekly and “regular” ISO images.

      If you have a 32-bit computer or VirtualBox only supports 32-bit virtualization, then select “ Kali Linux 32 bit ” for download .

      If you have a 64-bit system, you can choose from several that differ in the desktop environment. If you have no preferences in choosing the desktop environment, then just select “ Kali Linux 64 bit ”.

      The ISO file can be downloaded either through a direct link or through a torrent. It is recommended to choose torrent downloads.

      Create a virtual machine
      You should already have VirtualBox installed .
      In VirtualBox, click New/Create :

      Enter the name of the new machine (you can choose it arbitrarily). Select the type and bit depth of the installed system:
      Installing Kali Linux in VirtualBox

      I do not recommend allocating less than 2 gigabytes of RAM for Kali Linux. If possible, install from 2 to 4 gigabytes :
      RAM for Kali Linux
      Leave unchanged to create a new virtual hard disk:
      virtual hard disk
      Without changes:
      This is where the choice is yours. A dynamic virtual hard disk takes up exactly as much space as is actually occupied in a virtual machine. A fixed hard drive will immediately occupy the entire size allocated for it, although it is mentioned in the certificate that it is better in performance. I always choose a dynamic disk for myself:
      The disk size should not be less than 20 gigabytes, otherwise, almost immediately after installation, you will receive messages that there is not enough space. I choose 100 gigabytes for myself, but this does not mean that it will be that much that is occupied on a real hard disk, since I also choose a dynamic virtual disk, i.e. it "stretches" only as needed. If you install a too small hard disk and the virtual machine runs out of space, then you have a big problem. Also select the location of the virtual disk - place it on a partition with enough space:
      The machine is created, but before starting, I prefer to make a few more settings. In the settings, I go to the tab “System” -> “Processor” and add another core, and also tick the “ Enable PAE / NX ”:
      Next, go to the network settings and " Connection Type " change to " Network Bridge ", also in the " Advanced ", where " indiscriminate mode " select " Allow all ".
      start the virtual machine:
      We need to select the ISO file that we previously downloaded:
      Click " Start ":
      Kali Linux Graphical Install
      If you just want to install the system, then select " Graphical Install ". Choose your preferred language:
      choose the computer name:
      Domain name can be omitted:

      Think up, remember and enter the superuser password:
      Choose what suits you best:
      If you are in a virtual machine, do not change anything. If you are installing on a real computer, be very careful here - I cannot give more selective recommendations on a real computer, because all have different configurations:
      Click "Continue":
      Click "Continue":
      Click "Continue":
      Change "No" to "Yes":
      We are waiting for the completion of the process:
      Click "Continue": ( To save time i chose no )
      Yes and click Continue
      Select an available device:
      All is ready:
      Reboot.
      In theory, the installation disk should be removed automatically. If this does not happen, the installation disk is removed in the VirtualBox menu: Devices -> Optical disks -> Remove disk from the drive . The ISO file