Learn Cyber Security

Sniffing and Recovering Network Information Using Wireshark Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Wireshark is cross-platform, using the GTK+ widget toolkit to implement its user interface, and using pcap to capture packets, it runs on various Unix-like operating systems including Linux, OS X, BSD, and Solaris, and on Microsoft Windows. You can download Wireshark for Windows or Mac OS X from the official website (http://www.wireshark. org/download.html). Most Linux systems have pre installed Wireshark tool. In the case that Wireshark is not installed you can just follow the bellow documentaiton and run the proper command for each operation system: Building and Installing Wireshark (http://www.wireshark.org/docs/wsug_html_chunked/ ChapterBuildInstall.html). Wireshark needs to be run as the root user in your system. After Wireshark run, will give you a mes

Getting Started with Wireshark As a pentester,  always get involved in different projects from different clients and no matter what the objective is, having the knowledge and the proper tool to perform the task will save a lot of time, and avoid some headaches. This article will try to aid for those scenarios where a network analysis should be performed. We will focus in one of the most important tools for a pentester: Wireshark. For most of the engagements a pen tester could perform, there is always a network component, and being able to see, analyze and store all the network transactions is essential to understand network behaviors and evidence all the performed tasks. For such objectives, Wireshark is what was promised, and more. Looking for a formal definition of Wireshark, as stated in the official website (http://www.wireshark.org/faq.htm), it is a free open-source network protocol analyzer. What does this mean? It means that Wireshark will capture all the traffic it can hea

Wireshark Tips and Tricks If you were tasked to put together a forensic toolkit with 25 tools or less, chances are Wireshark would be one of those tools--especially if you planned on dealing with packet captures. Because it is free, open source, and cross-platform, Wireshark makes a great packet capture and analysis tool for just about any forensic toolkit. Never the less, this staple tool has been around for so long (think back to the days of Ethereal) that we sometimes take it for granted. In this article we will explore a few tips and tricks that highlight why we like this  tool so much. Obtaining the software This seems easy enough, right? Many Linux distributions come with Wireshark installed as a default package and Windows has an easy point and click install package. But did you know there is a PortableApps release of Wireshark? How about a U3 release as well? The PortableApps and U3 downloads allow you to run Wireshark from a USB stick without the needing

Post-Exploitation What is Post-Exploitation? Post Exploitation is an important process in any penetration test scenario as it allows the attacker to extract information from the exploited system. Metasploit provides modules for Post Exploitation activities for a variety of systems. In this section, we will examine how we can use Metasploit to perform Post Exploitation. For instance here, suppose that we want to extract all Firefox passwords from the exploited system, Metasploit offers an – easy to use – module for that purpose: “post/multi/gather/firefox_creds” is the right one for this specific task, so let’s use it: For all Post Exploitation modules, you have to specify the SESSION id when you are trying to switch the module on, you can get a list of all current sessions with the following command as we mentioned earlier:     sessions -l This demonstrated a simple Post Exploitation which is performed with MSF modules, it also offers a huge nu