I’ve browsed the server again through IE and File Explorer, then switched back to the rogue. Interestingly the Rogues MAC and the Servers MAC are exactly the same. Moving back to the client, I’ve pinged the server and looked at the arp cache again. I’ve gone back to Wireshark and started capturing again, wiping the previously collected information. I’ve clicked on the mitm and selected ARP poisoning, then started sniffing. Then I’ve selected the host lists and added the server to target 1 and the client to target 2. Then, I’ve scanned for hosts, producing two results. Next, I’ve opened Ettercap, selected Unified Sniffing and the available interface. The entries for the Server and Client have gone from dynamic to static. I’ve then called up the arp cache again to see what’s changed. Next, I’ve typed netsh interface ipv4 add neighbors Ethernet 10.1.0.1 00-50-56-85-09-20 into the command prompt, followed by netsh interface ipv4 add neighbors Ethernet 10.1.0.130 00-50-56-85-53-a3. Then I’ve called up the arp cache again, checking that the server MAC is the same, which it was and noting down the client MAC which is 00-50-56-85-53-a3. Then I pinged the client, whose IP address is 10.1.0.130. Then I’ve switched to the rogue VM and opened command prompt and pinged the server. Jumping into the cmd again, I viewed the arp cache – the servers MAC is 00-50-56-85-09-20. Then I’ve gone to Run and accessed the server from Internet Explorer. Then I have switched to the client VM, and opened command prompt, and pinged 10.1.0.1 I’ve started by logging into the server and navigating to the C:\GTSLABS folder and copying the ftproot and wwwroot folders into C:\inetpub. I finished the task by stopping Wireshark’s capturing. It is used by network devices to send error messages. ICMP = Internet Control Message Protocol is one of the main protocols in internet protocol suite. In all versions of windows from Vista to 10. LLMNR = Link-Local Multicast Nae Resolution protocol, is a protocol based on the DNS packet format and it allows IPv4 and IPv6 hosts to perform name resolution for hosts of the same local link. This is a legacy protocol used for forward compatibility of older applications (Internet Explorer □ ). Used as part of NetBIOS over TCP protocol. NBNS = NetBIOS Name Service sometimes called WINS. I couldn’t find what the browser protocol was, but: Wireshark was capturing a mixture of packets using the Browser, NBNS, LLMNR and ICMP protocols. Then I shut down both file explorer and command prompt and returned to the rogue and to Wireshark. On the client I browsed the servers resources through file explorer, accessed the server through Internet Explorer and then I pinged the rogue too. I set Wireshark to start capturing IP packets, click start and then switch to the client. I started by opening Wireshark, then opening Wireshark’s Capture Options. Each one can be selected and show you the status of that service type. This could very easily highlight to a potential attacker key entry points into a vulnerable system.įinally, I looked at the services tab, which instead of showing us the host computers, Zenmap displays a list of services. Leading on from before, when we then look at the ports and hosts tab, we can see what ports are open on the individual hosts. I thought an interesting component was that Zenmap provide a few visual cues, such as on the one host, there is a picture of a bomb, indicating lots of open ports, while by contrast the other hosts had pictures of safes. Here, Zenmap tried to provide the most accurate information it can about each detected machine. With the scan completed, I could view the topology tab, showing what Zenmap had detected.įrom there I looked at the host details tab. While I didn’t see this, I believe this to be the end of the scan. The tutorial indicated that at the end of the scan, one would see a Nmap done message. Below Zenmap is in the middle of the scan. I’ve entered 10.1.0.0/24 into the target box and clicked scan. I booted the server, followed by the client and rogue, then I have gone into the rogue and opened Zenmap. With the gold snapshots still in place, I have started the labs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |