Category: Security

Wireshark Capturing methods

Posted on by admin

There are different ways you can capture Network traffic using Wireshark.
1) Locally on host interface
2) Wire Tapping
3) Port Mirroring or SPAN

1) Simplest way of capturing traffic from local traffic (your own computer).
Just select the interface that you want to monitor and hit RUN. Nothing is simpler.

2) Wire Tapping
Another sneaky way of capturing the traffic is to tap the wire.
Instead of Network devices connected directly to each other, simply put a device in between.
Devices like below will do the job. Connect to this device with your wireshark computer and start capturing.


3) Port Mirroring
Switchport analyzer or SPAN is feature on Cisco switches where you can forward the captured packets from one interface to another for monitoring and analyzing.
Its simple to set up, on the device you want to set up span, configure as per below. in below config, fa0/1 will be the interface we want to capture and the packets will be forwarded to fa0/24. A Wireshark PC will be connected to fa0/24.

#config t
#monitor session 1 source int fa0/1 both
#monitor session 1 destination int fa0/24
#do show monitor

If you want to read more about SPAN, below is a link from Cisco on it.
https://www.cisco.com/assets/sol/sb/Switches_Emulators_v2_3_5_xx/help/250/index.html#page/tesla_250_olh/span_overview.html

The SPAN feature, which is sometimes called port mirroring or port monitoring, selects network traffic for analysis by a network analyzer. The network analyzer can be a Cisco SwitchProbe device or other Remote Monitoring (RMON) probes. Port mirroring is used on a network device to send a copy of network packets, seen on a single device port, multiple device ports, or an entire VLAN, to a network monitoring connection on another port on the device. This is commonly used when monitoring of network traffic, such as for an intrusion-detection system, is required. A network analyzer, connected to the monitoring port, processes the data packets. The device can mirror up to four interfaces per session.A packet, which is received on a network port and assigned to a VLAN that is subject to mirroring, is mirrored to the analyzer port even if the packet was eventually trapped or discarded. Packets sent by the device are mirrored when Transmit (Tx) mirroring is activated.Mirroring does not guarantee that all traffic from the source port(s) is received on the analyzer (destination) port. If more data is sent to the analyzer port than it can support, some data might be lost.

wifi card with monitor mode and packet injections

Posted on by admin

When you do Wireless pen-testings, you want to use these tools.
airmon-ng
airodump-ng
aireplay-ng

Basically what that means is you want your wireless cards to be able to perform these tasks.
Change monitor mode
Packet capturing
Packet Injection.

If you want to go fancier, you might also want to have a look at TX gain, band etc but nevermind that for now.

Not all wireless cards support above functions.

And its hard to tell if you get the right wireless adapter, because there are many different wifi adapters brands out there, but you need to find one with the right chipset.

Here is a link for you to consult with. See if you wireless card has the right chipset.
https://www.kali.org/docs/nethunter/wireless-cards/
It will help you to find the right wireless cards, but sometimes you can get lucky even if your card is not on that list.

For me, I have a built in Relatek chipset, which is not listed in the link above, but does all the required tasks to perform the wifi testing.
I also happened to buy a TP-Link TL-WN722N which happens to be version 2/3 (only version 1 has the right chipset) but I heard there is a way to get it working with different driver.

So, the best way to get the right wireless card, you need to find the right chipset . Do a bit of research on the card that you have or you are buying.
You wont know what chipset it uses, so you have to dig a bit into that as well.

use lspci to find out what chipset installed for your wireless
use lsusb to find out which chipset your wifi adapter uses.

Start off by changing to monitor mode and see if monitor mode is supported. Then carry on with other tools.
iwconfig wlan0 mode monitor

man info for the tools I mentioned earlier –

airmon-ng This script can be used to enable monitor mode on wireless interfaces. It may also be used to go back from monitor mode to managed mode. Entering the airmon-ng command without parameters will show the interfaces status. It can also list/kill programs that can interfere with the wireless card operation.

airodump-ng is used for packet capturing of raw 802.11 frames for the intent of using them with aircrack-ng. If you have a GPS receiver connected to the computer, airodump-ng is capable of logging the coordinates of the found access points. Additionally, airodump-ng writes out a text file containing the details of all access points and clients seen.

aireplay-ng is used to inject/replay frames. The primary function is to generate traffic for the later use in aircrack-ng for cracking the WEP and WPA-PSK keys. There are different attacks which can cause deauthentications for the purpose of capturing WPA handshake data, fake authentications, Interactive packet replay, hand-crafted ARP request injection and ARP-request reinjection. With the packetforge-ng tool it’s possible to create arbitrary frames.


Cheers

Teza

Zenmap Installation in Debian using ALIEN package converter

Posted on by admin

If you are familiar with Security tools or Penetration testing, you definitely must have heard of Nmap.

Zenmap is a GUI of Nmap.

However it is no longer included in later version of Security testing OSs.
Below is an instruction on how to install it on Debian machines.

1) Download the latest RPM package at https://nmap.org/download.html
Optional Zenmap GUI (all platforms): zenmap-7.91-1.noarch.rpm

2) Note it is RPM package, so you will need to convert it to install on Debian. For that, you will need a package converter called ALIEN.

man alien >> alien is a program that converts between Red Hat rpm, Debian deb, Stampede slp, Slackware tgz, and Solaris pkg file formats. If you want to use a package from another linux distribution than the one you have installed on your system, you can use alien to convert it to your preferred package format and install it.

3) Latest version of alien (alien_8.95) seems to have a glitch when installing so, if you happened to have installed that, you will need to uninstall and downgrade to alien_8.90.

Download link below.
http://archive.ubuntu.com/ubuntu/pool/main/a/alien/alien_8.90_all.deb

4) Install using your package manager or command line below.
dpkg -i alien_8.90_all.deb

5) Convert your Zenmap RPM package that you downloaded to .deb
sudo alien zenmap-7.91-1.noarch.rpm

6) Now you will get the .deb package. Install it.
sudo dpkg -i zenmapconvertedfile.deb

7) Thats it. Now you can run your Zenmap on your Debian. 





























	


		



			
				


	

		
Different ways to run Linux for non – linux users
		

			Posted on   by admin		

			


		

		

For many users out there, Linux may not be their main OS.
This may be because of a few reasons –





Most computers you buy come with Windows Pre installed.
Your Job offeres you a laptop with Windows OS pre installed.
The worst of all – Intimidation (probably seen codes and command lines and dont know what they are all about)
Linux is not very hard indeed. These days, there are different Linux distributions that looks alot like Windows interfaces.

And the best of all, unlike Windows, Linux is highly customizable.





These are the few ways you can run Linux 





  1. Fresh install on Standalone computer
  2. Dual Boot alongside another OS
  3. Virtual Machines such as Virtual Box or VMWare or Windows Hyper-V 
  4. Windows Subsystem for Linux
  5. Cloud instances 
  6. Live images






1. Fresh install may not be an option for beginners. There may be issues with drivers and pre configs, backups etc – depending on the Linux distro you want to use. 
There are some hardware that come with Linux pre installed. Like System 76. Its got PopOS and I hear good things about those devices. 

2. Dual boot although dual boot is my preferred choice of installing, you may need to consider hard ware limitation, legacy support, bootloader etc. This may be for more advanced users. 

3. With Virtual Machines, you are sharing resources with host machine. There are different Virtualization engines out there. You can simply install one, download the Linux image and run on it. It may be one of the easiest way when you start to migrate to Linux.  





4. WSL provides a Linux-compatible kernel interface developed by Microsoft and allows a user to chose a Linux distribution to install from the Microsoft Store. Since it can be easily downloaded from Microsoft Store, within a few clicks, you can try a taste of linux. 
If you try to locate the path, C:\Users\AppData\Local\Packages\YourLinux, you will get a better idea of what its doing. You will also not find wireless interfaces in WSL. So you will need an external wifi adapter for doing some wifi tests. 





5. Cloud VMs. If you are already using some cloud services, which in these days many offices are, you may be able to try installing cloud instances and try linux there. 

6. Most modern Linux distros these days come with Live images. you can install it on any USB device, and plug it into your laptop and try your flavor of linux before you are actually installing it. It may be the easiest way to try out different flavors of Linux. 






Regards
Teza






	


		



			
				


	

		
Using Proxy Chains to tunnel traffic over network
		

			Posted on   by admin		

			


		

		

First, install proxychains. 

sudo apt-get update -y





$ sudo apt-get install -y proxychains

$ locate proxychains





Then change the config files. The config files are in the code below.





 
$ nano proxychains4.conf 

If you wish, you can add more proxy address. 
At the bottom of the conf file, add your proxy addresses. 





Format should be 
proxy type     IP address   Port  Username password





Example  socks5 101.2.3.123 12356





There are many websites which you can find proxy addresses. just search for socks proxy. 






Use dynamic chain and link it with Tor
All you need to do is just unhash the lines that you want to enable. 

$ service tor status





$ service tor stop /start   





$ proxychains4 curl ipinfo.io/city   #this will tell you where your current location is. Check this first to make sure you are hidden. 





Now you can browse securely. 





$ proxychain firefox google.com





You can also use proxychain with other services. You just need to run the proxychain command first. 





Example proxychain nmap 213.12.123.12 




 Continue reading “Using Proxy Chains to tunnel traffic over network”