Table of Contents Scan for vulnerability Create a HTTP request file Scan the target Explore the vulnerable target’s databases and system Dictionary attack against password hashes and dump full credentials OS Shell Access Behind the scene Speedup the process and specify custom injection payloads Capture and decode the payload with Ngrep with Wireshark Decode the payload Scan for vulnerability Create a HTTP request file Use -r option instead of passing long parameters of --url, --user-agent, etc.
Table of Contents Quick drill into errors and connection issues Identify the protocols with high traffic Get the connection speed to a site Get the time spent in waiting for a response Identify the bad packets (TCP errors) ratio Generate the statistic:- runs wireshark and starts capturing the network packets until the statistic builds.
Quick drill into errors and connection issues Navigates to 'Analyze' → 'Expert Info' , a high number of errors and warnings indicates problems.
Table of Contents Introduction Wireshark HTTP objects and files Binary files Tcpflow & Foremost Introduction The process is mostly the same in network packets data-carving, which comprises of:
Gain access and collect the raw bytes Strip the protocol information Extract and write the data to file The differences of these tools are their capabilities i.e., the supported protocols and file formats.
Background The following setup is intended to streamline the column display for effective analysis when looking at HTTP and HTTPS traffic. The default columns are: ‘No (Packet number)’, ‘Time’, ‘Source’, ‘Destination’, ‘Protocol’, ‘Length’, and ‘Info’.
Table of Contents Background Changing the column display Changing the Time Display Format Adding HTTP Server Names Adding HTTPS Server Names Changing the column display To change the default column display, navigate to ‘Preferences’:
Table of Contents Dnstop Tcpdump Wireshark / Tshark Dnstop is a console libpcap application that displays various tables of DNS traffic on a network including:
Source IP addresses Destination IP addresses Query types Top level domains Second level domains # dnstop enp0s3 -l 3 Use ctrl-r to reset the counter/refresh the history to get the latest queries.
Tcpdump Capture packets from port 53 (DNS):
Table of Contents MacOS’s Airport Wireshark MacOS’s Airport is a built-in wireless utility comes preinstalled in MacOS.
$ ll /usr/local/bin/airport lrwxr-xr-x 1 root wheel 89 Jun 22 2016 /usr/local/bin/airport@ -> /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport Perform a wireless broadcast scan to get the list of access points in the neighborhood:
Sniff 802.11 frames on channel 1, the output is in pcap format and can be opened with tcpdump/wireshark:
$ airport en0 sniff 1 Capturing 802.