Meterpreter allow you to run packet sniffer with extension, and something very important is that the sniffer is never saved in the target hard drive. I will explaint hwo to enable packet sniffer with Metasploit with Meterpreter:
Lets consider you are already connect with any exploit and meterpreter enable, then you type the following:
###user sniffer extension
meterpreter > use sniffer
Loading extension sniffer...success.
meterpreter > ?
sniffer_dump Retrieve captured packet data to PCAP file
sniffer_interfaces Enumerate all sniffable network interfaces
sniffer_release Free captured packets on a specific interface instead of downloading them
sniffer_start Start packet capture on a specific interface
sniffer_stats View statistics of an active capture
sniffer_stop Stop packet capture on a specific interface
A lot of people want to be ethical hacker or penetration testing, it is very rewarded job and also require a lot of effort, I will describe in this article what knowledge you need if you want to be ethical hacker. I will not touch the soft skills only the technical ones.
First this is not an easy path, it will require perseverance and a lot of self study including think completely different than any other tech (outside the box).
Yes, you need to have basic knowledge and it has to be very solid, you do not have the luxury to have holes in your basic knowledge.
Knowledge of Windows/Linux OS, you have to be strong in one of them and very proficient in the second, I am not saying you can create a cluster with those servers, I am saying the same knowledge you should have if you are a System Admin or System Engineer working for an IT company (yes, it is very different working for one company than working for one).
Network knowledge, yes, you have to have knowledge how routing works, tcp/udp, packets, routers, switches, arp, firewalls, etc. How will you bypass a firewall if you do not know how it works or sniff traffic if you do not know switches?
Programming knowledge, you have to have one language where you are strong and if you are going to web ethical hacker you have have more that one language. A lot of hacker use perl and python.
This depend in what you want to be good, you cannot be strong in all the specialty with some exceptions. These are some example
Specialty Attacking Network: For this you need to have a good knowledge of protocols, routers, switches firewalls, wifi,packets, etc.
Specialty Attacking Systems: This include a lot of the networks because you use packets, etc. Plus good knowledge in Windows/Linux and how to escalate on it to be an administrator on the server or domain.
Attacking Web Applications: In this you have to have knowledge of different web programming language like ASP, PHP, Java, etc. Also you need to have good databases knowledge, yes, How will you try to do SQL injection when you do not know anything about SQL queries?
A lot of ethical hackers have a mix of skills, They normally are strong in one specialty and a little weak in the other specialty, In the beginning do not worry what skills you will have, Begin to build your skills and later you will find what of those fields you want to be and go for, Enjoy all the process.
You got a phone call for a Security Analyst position in your area, you are excited, you've been applying for that kind of position, now you got their attention and have a first phone interview what will you do?
You will need to follow the same steps that a hacker does when attack a company, let's check:
Phase 1 - Reconnaissance
Yes, you will need to gather information about the company and the person or people who will do the first interview on the phone. Sure the recruiter will tell you the name (s) of them and the time.
With the name (s) and company name you begin to research, the first thing is the company website, you need to know what the company does and what it means. Inside/out, including what position are available, the requirements, etc.
Now with the interviewer name find everything that is possible, check LinkedIn, Google+, Facebook, etc. Yes, sometime you can get in Internet where he/she lives and what kind of sport he/she plays, the better you know about that person(s) the better you will have a chance to connect.
Phase 2- Scanning
During the phone interview you have the chance to send a few packets, you have the chance to ask questions about the position, requirements, environment, ask interesting question, and those question had to be prepared before the phone interview. Do not make uncomfortable questions, you do not want to crash your target.
Phase 3 - Gaining Access
This is the face to face interview, here you will be able to send your exploits, show then who you are, your technical and not technical skills like good communication skills. show them the ideal person for the Security Analyst position is YOU.
Remember in this phase you still are discovering, now you need to scan more and a little more, ask more questions and remember do not crash the server, you do not want denial of services DOS.
Phase 4 - Maintaining Access
In this phase after the phone and face to face interview send an email saying what you got of the interview, showing you are interested in that position and leave the door open for more questions from them, maintain your access.
Phase 5 - Covering Tracks
If you got the position, CONGRATULATION and if not you got a lot of experience in this pentest, you will drill the next one, remember the Pentesters have to be the masters. Also in this situation, where you did not get the position send an email with a thank you for the interview, who knows they keep you in their mind and they could change their decision.
If you look your job search like a penetration testing process, then first you will enjoy it and second you will increase your confidence in yourself and success.
Keep going and enjoy the process.
Please tell me what do you think in the forum at http://www.learn-security.net/
Sometimes we have everything in front of us and we begin to look for in a different place, it was something simple.
Virtual box has a tool that does the job for us and very quickly:
I have a virtual machine in Virtual box I want to move it to Hypver-V so I did the following:
Hard drive name CEH-XP.vdi
1. First we go where virtual box is installed: cd C:\Program Files\Oracle\VirtualBox>
2. Now I use the tool vboxmanage with the switch clonehd:
C:\Program Files\Oracle\VirtualBox>vboxmanage clonehd "E:\Images\Virtual machines\CEH\CEH-XP.vdi" z:\ceh-xp.vhd --format vhd
Clone hard disk created in format 'vhd'. UUID: 801c7ac4-b396-42cb-bf9a-939d78ad0
If you noticed my hard drive was in the E drive and my destination drive was in the Z drive, your case is going to be different.
3. Now we create a virtual machine in Hyper-V without hard drive and attach the result hard drive to the virtual machine in my case was ceh-xp.vhd
This was quicker than my export to OVF and later to other format.
Twice a year the Security Analyst needs to do firewall review for PCI or other compliance, Yes, we need to have something that can automate to grab the latest firewall configuration to analyze it. I will describe in this blog one simple script in python to grab the configuration with explanations.
I am suing in this script two modules pexpect and sys, the first one allow us to connect simulating if we are doing it from the console itself. This scrip will ask you for the firewall's IP address.
The script begin (copy from bellow):
asa_ip = raw_input ('Please Enter ASA IP: ')
user = "your-username-on-the-device"
password = "P@ssw0rd"
password_enable = "P@ssw0rd"
#This establish the SSH connection
child = pexpect.spawn ('ssh %s@%s' % (user,asa_ip))
#This log the result
fout = file('firewall.%s.txt' % asa_ip,'w')
#Expect the device to ask the password
#Script send the password
#Expect the '>" and type enable
#Expect asking enable password and send the password
#Send 'terminal pager 0' to avoid keep pressing Enter, if you do not do this you will have time out
child.sendline('terminal pager 0')
# Send the sh running-config command
#Max file size
#Put it in the log file
child.logfile_read = fout
#Expect : end to finish the configuration
# Clean the file, removing Cisco commands
with open('firewall.%s.txt' % asa_ip,'r') as fin:
data = fin.read().splitlines(True)
with open('firewall.%s.txt' % asa_ip,'w') as fout:
Page 2 of 5
- Are Vulnerability scanners broken?
- Basic Powershell scrip to block IP address during Dictionary Attack to Remote Desktop
- Certified Ethical Hacker CEH what can I get from it?
- Certified Incident Handling Engineer Mile2 review
- Certified Penetration Testing Engineer (CPTE) Training Series Mile2 review
- Good backup make the day
- How to Accomplish your Certification Goals when become boring ?
- How to become a Security Analyst ?
- How to Convert from Virtualbox hard drive VDI to VHD for your Pentest lab
- How to Study for Certifications?
- I want to be Ethical Hacker
- Introduction to Ethical Hacking
- NMAP switch to avoid IPS or IDS detection
- Packet Sniffing Metasploit with Meterpreter
- Pentest or hack to your new Security Analyst job
- Script Cisco Firewall Configuration for Firewall Review PCI
- Security Models CISSP
- Small Business Protection Again Ransomware
- Thanks CISSP you help me in this job
- Type of Access control (CISSP)
- Welcome to Learn-Security.net
- What certification takes first OSCP or eCPPT?
- Where are the different password lists in Kali Linux 2.0 ?
- Where to start on Certifications?