Aktionen

Hacks: Unterschied zwischen den Versionen

Aus exmediawiki

(Die Seite wurde neu angelegt: „=networkscans= ''ping target.com'' list ip + macadresses in network ''arp -a'' for ping 256 last ip in your network ''nmap -sP 192.168.1.0/24'' ''nma…“)
 
 
(Eine dazwischenliegende Version desselben Benutzers wird nicht angezeigt)
Zeile 1: Zeile 1:
 
=networkscans=
 
=networkscans=
  
  ''ping target.com''
+
  ''$ ping target.com''
  
list ip + macadresses in network
 
''arp -a''
 
  
  for ping 256 last ip in your network
+
'''list ip + macadresses in network'''
 +
  ''$ arp -a''
 +
 
 +
 
 +
'''for ping 256 last ip in your network'''
 
  ''nmap -sP 192.168.1.0/24''  
 
  ''nmap -sP 192.168.1.0/24''  
 
  ''nmap -T4 -F 192.168.2.0/24''
 
  ''nmap -T4 -F 192.168.2.0/24''
  
list ip-adresses
 
''netstat -r''
 
  
hostname / computername ?
+
'''list ip-adresses'''
''nslookup 192.168.2.119''
+
  ''$ netstat -r''
  ''dig -x 192.168.2.119''
 
  
  mein computername
+
 
  ''host `uname -n`''
+
'''hostname / computername ?'''
 +
  ''$ nslookup 192.168.2.119''
 +
''$ dig -x 192.168.2.119''
 +
 
 +
 
 +
'''mein computername'''
 +
  ''$ host `uname -n`''
  
  
Zeile 25: Zeile 30:
 
==wireshark==
 
==wireshark==
  
passwordsniff
+
'''passwordsniff'''
 
  ''http.request.method == "POST"''
 
  ''http.request.method == "POST"''
  
Um zu ermitteln, ob ein User im Netz unverschlüsselte E-Mail-Kommunikation betreibt, reicht ein einfacher Capture-Filter:
+
 
 +
'''Um zu ermitteln, ob ein User im Netz unverschlüsselte E-Mail-Kommunikation betreibt, reicht ein einfacher Capture-Filter:'''
 
  ''tcp port 110 or tcp port 25 or tcp port 143''
 
  ''tcp port 110 or tcp port 25 or tcp port 143''
  
http://www.thegeekstuff.com/2012/07/wireshark-filter/
+
see also: http://www.thegeekstuff.com/2012/07/wireshark-filter/
 +
 
  
displays all TCP resets
+
'''displays all TCP resets'''
 
  ''tcp.flags.reset==1''  
 
  ''tcp.flags.reset==1''  
  
displays all HTTP GET requests
+
 
 +
'''displays all HTTP GET requests'''
 
  ''http.request''  
 
  ''http.request''  
  
displays all TCP packets that contain the word ‘traffic’. Excellent when searching on a specific string or user ID
+
 
 +
'''displays all TCP packets that contain the word ‘traffic’. Excellent when searching on a specific string or user ID'''
 
  ''tcp contains traffic''  
 
  ''tcp contains traffic''  
  
Sets a filter for any packet with 10.0.0.1, as either the source or dest
+
 
 +
'''Sets a filter for any packet with 10.0.0.1, as either the source or dest'''
 
  ''ip.addr == 10.0.0.1''  
 
  ''ip.addr == 10.0.0.1''  
  
sets a conversation filter between the two defined IP addresses
+
 
 +
'''sets a conversation filter between the two defined IP addresses'''
 
  ''ip.addr==10.0.0.1  && ip.addr==10.0.0.2''  
 
  ''ip.addr==10.0.0.1  && ip.addr==10.0.0.2''  
  
 
  Match destination: ''ip.dst == x.x.x.x''
 
  Match destination: ''ip.dst == x.x.x.x''
 
  Match source: ''ip.src == x.x.x.x''
 
  Match source: ''ip.src == x.x.x.x''
  Match either: ''ip.addr == x.x.x.x
+
  Match either: ''ip.addr == x.x.x.x''
''
+
 
 
----
 
----
  
  ''ping target.com''
+
  ''$ ping target.com''
  ''arp -a''
+
  ''$ arp -a''
In the list returned by the arp command, search for the IP address you found with the ping command. Once you have the MAC address – say, "AA:BB:CC:DD:EE:FF" – type in the filter box:
+
 
 +
'''In the list returned by the arp command, search for the IP address you found with the ping command. Once you have the MAC address – say, "AA:BB:CC:DD:EE:FF" – type in the filter box:'''
 
  ''eth.addr == AA:BB:CC:DD:EE:FF''
 
  ''eth.addr == AA:BB:CC:DD:EE:FF''
  
Now suppose you want to capture all traffic using specific protocols generated by a host, such as pop3, ftp, http, or messenger. In the filter box, enter:
+
 
 +
'''Now suppose you want to capture all traffic using specific protocols generated by a host, such as pop3, ftp, http, or messenger. In the filter box, enter:'''
 
  ip.addr == 192.168.0.1 and (http or ftp or messenger or pop)
 
  ip.addr == 192.168.0.1 and (http or ftp or messenger or pop)
This says show all the traffic generated or directed to the IP address 192.168.0.1 and display only http or ftp or pop or messenger packets.
+
 
You can capture all such traffic that runs over your network with a specific address or from multiple clients:
+
'''This says show all the traffic generated or directed to the IP address 192.168.0.1 and display only http or ftp or pop or messenger packets.'''
 +
 
 +
 
 +
'''You can capture all such traffic that runs over your network with a specific address or from multiple clients:'''
 
  ip.addr == 192.168.0 and (http or ftp or messenger or pop)
 
  ip.addr == 192.168.0 and (http or ftp or messenger or pop)
  
Zeile 79: Zeile 95:
 
  ''dns'' --- Show only the traffic for the dns protocol
 
  ''dns'' --- Show only the traffic for the dns protocol
  
Show all http traffic where the url contains the word "string."
+
 
 +
'''Show all http traffic where the url contains the word "string."'''
 
  ''http.request.uri contains string''
 
  ''http.request.uri contains string''
  
 
[[Category:Hacking]]
 
[[Category:Hacking]]

Aktuelle Version vom 18. Oktober 2020, 15:02 Uhr

networkscans

$ ping target.com


list ip + macadresses in network

$ arp -a


for ping 256 last ip in your network

nmap -sP 192.168.1.0/24 
nmap -T4 -F 192.168.2.0/24


list ip-adresses

$ netstat -r


hostname / computername ?

$ nslookup 192.168.2.119
$ dig -x 192.168.2.119


mein computername
$ host `uname -n`



wireshark

passwordsniff

http.request.method == "POST"


Um zu ermitteln, ob ein User im Netz unverschlüsselte E-Mail-Kommunikation betreibt, reicht ein einfacher Capture-Filter:

tcp port 110 or tcp port 25 or tcp port 143

see also: http://www.thegeekstuff.com/2012/07/wireshark-filter/


displays all TCP resets

tcp.flags.reset==1 


displays all HTTP GET requests

http.request 


displays all TCP packets that contain the word ‘traffic’. Excellent when searching on a specific string or user ID

tcp contains traffic 


Sets a filter for any packet with 10.0.0.1, as either the source or dest

ip.addr == 10.0.0.1 


sets a conversation filter between the two defined IP addresses

ip.addr==10.0.0.1  && ip.addr==10.0.0.2 
Match destination: ip.dst == x.x.x.x
Match source: ip.src == x.x.x.x
Match either: ip.addr == x.x.x.x

$ ping target.com
$ arp -a

In the list returned by the arp command, search for the IP address you found with the ping command. Once you have the MAC address – say, "AA:BB:CC:DD:EE:FF" – type in the filter box:

eth.addr == AA:BB:CC:DD:EE:FF


Now suppose you want to capture all traffic using specific protocols generated by a host, such as pop3, ftp, http, or messenger. In the filter box, enter:

ip.addr == 192.168.0.1 and (http or ftp or messenger or pop)

This says show all the traffic generated or directed to the IP address 192.168.0.1 and display only http or ftp or pop or messenger packets.


You can capture all such traffic that runs over your network with a specific address or from multiple clients:

ip.addr == 192.168.0 and (http or ftp or messenger or pop)

ip.addr==192.168.0.1 --- Show all traffic from and to 192.168.0.1
tcp.port==80 --- Show all the traffic with 80 as a source or destination port
ip.src==192.168.0.1 and ip.dst==10.100.1.1 --- Show all the traffic that starts from 192.168.0.1 and has as target 10.100.1.1
ftp --- Show only the traffic for the ftp protocol
http --- Show only the traffic for the http protocol
dns --- Show only the traffic for the dns protocol


Show all http traffic where the url contains the word "string."

http.request.uri contains string