Kamis, 27 Maret 2014

Kali Linux and Wireshark

In doing hacking process, the most important thing to do is prepare the tool and understand how to configure the tools correctly. Most of the time when the tools not working properly, it is caused by misconfiguration of the tools. In this class, i’m using Kali Linux as the main tools for hacking. Kali Linux not only have hacking and penetration testing tools but also has a built in forensic tools. Forensic is focus on evidence while penetration testing focus on testing the vulnerability of the target. 

Most of the tools in kali linux runs on Terminal or Command Prompt and most of the script uses python script. So another important thing to do in this class is to LEARN PYTHON. There are a lot of online tutorial about how to learn python. And python is usually used as prototype to test the hacking tools so it is very important to minimize the mistake while doing the actual hacking.

These are example of tools in Kali Linux



















This week i’ll try to explore one of the tools. One of the most useful tool in Kali Linux is wireshark. Wireshark is  a networks sniffer used to read the packet received and sent from and to the host computer. This is the network capture of the wireshark while listening to ethernet connection.





























In this capture, you can see the source, destination, protocol, length, etc. 

Time, determines when the packet is received/sent from when the wireshark is started.

Source, the source IP of the packet.

Destination, the destination of the packet.

Protocol, the protocol used by the packet.

Length, the length of the packet being sent/received.

Info, additional info of the packet.

If you want to follow the pacific packet, you can right click on the packet and follow the packet stream.



The image above is the content of the packet, and wireshark will now only display the packet sent/received by those specific source of the packet.

There are a lot of features of wireshark to be explored, but this is the basic of wireshark. Once again, wireshark is a very important tools mainly used in forensic to analyse the malicious packet, etc.





Kamis, 20 Maret 2014

First Week in Ethical Hacking and Penetration Testing Class

     In the first week, the most important thing to do is to install the VMWare in your preferred machine. I'm using a MacBookPro as my host machine. I'm currently using VMWare Fusion. The plus features of VMWare Fusion is that it can enable a seamless connection from the Emulated OS or VM with the host machine (My Mac). With seamless connection, everything in the mac will be synced to the VM so you can install application on the mac and use it in the VM.

     VMWare Fusion also has isolated install feature. With isolated install, you can install a perfectly isolated VM so anything in that VM will not affect the host OS and vice versa. This is the screenshot of the main interface of VMWare Fusion.


     I installed 2 Windows XP Service Pack 3 so i can try the network adapter of the virtual machine.
Network Adapter determines how the VM connect with other VM or the host. The first Adapter i tried is the NAT (Network Address Translation). NAT networks employ NAT to connect virtual machines to a physical network. This is achieved by using the host's IP address. NAT is responsible for tracking and delivering data between VMs and the physical LAN. 
This is screenshot of a VM pinging another VM using NAT connection.


     The second one I used Host Only Connection to try pinyin each VMs. With host only connection entire virtual networks can be created that run in a "sandboxed" environment. These networks are considered sandboxed because the virtual network doesn't contact existing physical networks. The virtual network isn't mapped to a physical interface and is called host-only networking. This is the screen shot of a VM pinging another VM using Host Only connection.


     Thats it for the first week in the class. Next week we will try using Kali Linux to do the hacking. But the first thing we need to prepare is the proper and right tools and VMWare is the perfect tool for testing this kind of thing because using VM you can create "SandBoxed" Environment.