Photo: Floor of Caesar's Palace on Palatine Hill, Rome, Italy, May 2018.
Introduction to Network Visualization & Vulnerability Detection:
Performing a Trade-Study:
Virtualized Test Lab Architecture:
Security Toolkit:
Surveillance and Reconnaissance Processes:
Perform a Dictionary Attack Against a Host’s SSH Service:
Launch an Exploit Payload Against a Vulnerable Web Service:
Identify the Ports Listening on a Host:
Eavesdrop on Communications Between Two Hosts:
Identify the SSID of an Active Wireless Network:
Lessons Learned and Final Thoughts:
Introduction to Network Visualization & Vulnerability Detection:
Network visualization and vulnerability detection is the conceptual construction of how to think about securing networks, basic architectural designs of networks, and various components. It also includes different components of network security, to include but not limited to, network visualization, network analysis, perimeter defense strategies, network monitoring, vulnerability detection, and security in mobile and wireless environments. (USD, 2018)
The implementation and execution are an essential part of cyber security in order to know where vulnerabilities within the network are located, and how to execute the risk mitigation plan. A cyber security professional must have the ability to visualize the entire network and identify the vulnerability points within that network. The cyber security professional shall then brief the C-suite on the networks vulnerabilities and make a recommendation on how to mitigate these vulnerabilities. It behooves the cyber security professional to have a cost-benefit plan prepared showing the short-term and long-term costs on the recommendations.
The implementation and execution are an essential part of cyber security in order to know where vulnerabilities within the network are located, and how to execute the risk mitigation plan. A cyber security professional must have the ability to visualize the entire network and identify the vulnerability points within that network. The cyber security professional shall then brief the C-suite on the networks vulnerabilities and make a recommendation on how to mitigate these vulnerabilities. It behooves the cyber security professional to have a cost-benefit plan prepared showing the short-term and long-term costs on the recommendations.
Performing a Trade-Study:
Step 1: The criterion that I have selected for a network visualization tool for the lab includes:
Step 2: Cytoscape: This is an open source platform that was designed for visualizing molecular interaction networks and biological pathways and integrating these networks with annotations, gene expression profiles and other state data. Yet this platform can be used for many other purposes that require analysis and visualization of complex networks. Cytoscape is able to meet many of the criterions that I have listed, and it is free to all users making it cost effective. The ability to share network diagrams across peer groups is limited to only peer groups that are also Cytoscape users. (Cytoscape, 2018)
Maltego: This is an open source platform that operates on Kali Linux to analyze relationships and foot printing internet infrastructure as well as gathering information about the people and organizations that own it. Maltego is a platform that is capable of meeting all of my listed criterions. This platform is also free to all users, making it cost effective, and already loaded and configured to Kali Linux. (Maltego CE, 2018)
Step 3 & Step 4: Maltego: Due to the easy access and cost effectiveness of Maltego, I have selected Maltego as the network visualization tool from the two. Maltego is already an App within the Kali Linux platform that required only registration. It is also configured to the Kali Linux VM to communicate with the rest of the test lab environment. (Maltego CE, 2018)
Step 5 & Step 6: The installation process for Maltego entailed logging into Kali Linux and selecting the Maltego App. Once opened, Maltego asks for registration before being able to login. I then Googled Maltego and opened the Paterva website: https://www.paterva.com/web7/buy/maltego-clients/maltego-ce.php. I selected the button for registration for Maltego. I entered my information and a confirmation e-mail was sent to my sandiego.edu mail account. I then confirmed the registration in my e-mail. I then went back into my VM and logged into Maltego. As I logged in for the first time Maltego finished the installation process as well as configuration process automatically. To capture the log data from the Metasploitable VM I selected ‘Machines’ from the menu bar. I selected the first button ‘Run Machine’ then selected the most basic option which required a domain name. I entered the domain name and selected the ‘Finish’ button. After a minute or two the log data was produced as well as a New Graph that had the single entity titled “Metasploitable.”
- the ability to visualize a complete IT infrastructure (ManageEngine, 2018)
- the ability to refer to the most up-to-date network maps with periodic network scanning (ManageEngine, 2018)
- construction of an easy-to-view network topology map that lets me choose the network’s seed device and preferred network layout type (ManageEngine, 2018)
- the ability to share network diagrams across peer groups (ManageEngine, 2018)
- the ability to perform link analysis (Maltego CE, 2018)
- the capability to return up to 12 entities per transform that is run (Maltego CE, 2018)
- the ability to automatically group entities together with common features (Maltego CE, 2018)
- graph export options should have both GraphML and Entity lists (Maltego CE, 2018)
- graph import options should have Tabular formats and copy-paste capable (Maltego CE, 2018)
Step 2: Cytoscape: This is an open source platform that was designed for visualizing molecular interaction networks and biological pathways and integrating these networks with annotations, gene expression profiles and other state data. Yet this platform can be used for many other purposes that require analysis and visualization of complex networks. Cytoscape is able to meet many of the criterions that I have listed, and it is free to all users making it cost effective. The ability to share network diagrams across peer groups is limited to only peer groups that are also Cytoscape users. (Cytoscape, 2018)
Maltego: This is an open source platform that operates on Kali Linux to analyze relationships and foot printing internet infrastructure as well as gathering information about the people and organizations that own it. Maltego is a platform that is capable of meeting all of my listed criterions. This platform is also free to all users, making it cost effective, and already loaded and configured to Kali Linux. (Maltego CE, 2018)
Step 3 & Step 4: Maltego: Due to the easy access and cost effectiveness of Maltego, I have selected Maltego as the network visualization tool from the two. Maltego is already an App within the Kali Linux platform that required only registration. It is also configured to the Kali Linux VM to communicate with the rest of the test lab environment. (Maltego CE, 2018)
Step 5 & Step 6: The installation process for Maltego entailed logging into Kali Linux and selecting the Maltego App. Once opened, Maltego asks for registration before being able to login. I then Googled Maltego and opened the Paterva website: https://www.paterva.com/web7/buy/maltego-clients/maltego-ce.php. I selected the button for registration for Maltego. I entered my information and a confirmation e-mail was sent to my sandiego.edu mail account. I then confirmed the registration in my e-mail. I then went back into my VM and logged into Maltego. As I logged in for the first time Maltego finished the installation process as well as configuration process automatically. To capture the log data from the Metasploitable VM I selected ‘Machines’ from the menu bar. I selected the first button ‘Run Machine’ then selected the most basic option which required a domain name. I entered the domain name and selected the ‘Finish’ button. After a minute or two the log data was produced as well as a New Graph that had the single entity titled “Metasploitable.”
Virtualized Test Lab Architecture:
I have two Virtual Machines within my virtualized test lab architecture: Kali Linux and Metasploitable. Kali Linux is a linux Operating System use for analyzing and exploiting vulnerabilities. It has dozens of applications that conduct a variety of tasks including:
Metasploitable has been set up as its own Vitural Machine within the virtual test lab. Kali Linux VM also has the Metasploitable application loaded along with several other exploitation tools. The Metasploitable VM is used as an exploitation tool to attempt to penetrate and exploit vulnerabilities found in the different applications of the Kali Linux VM, as well as the wireless network that my Virtual Machines operate on.
- Information Gathering
- Vulnerability Analysis
- Web Application Analysis
- Database Assessment
- Password Attacks
- Wireless Attacks
- Reverse Engineering
- Exploitation Tools
- Sniffing & Spoofing
- Post Exploitation
- Forensics
- Reporting Tools
- Social Engineering Tools
- System Services
Metasploitable has been set up as its own Vitural Machine within the virtual test lab. Kali Linux VM also has the Metasploitable application loaded along with several other exploitation tools. The Metasploitable VM is used as an exploitation tool to attempt to penetrate and exploit vulnerabilities found in the different applications of the Kali Linux VM, as well as the wireless network that my Virtual Machines operate on.
Security Toolkit:
Tool Name |
Tool Category |
Summary of Tool Functionality |
Example Use Cases |
wireshark |
Sniffing & Spoofing |
Wireshark is the world’s foremost network protocol analyzer. It lets you see what’s happening on your network at a microscopic level. It is the de facto (and often de jure) standard across many industries and educational institutions. Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998. Wireshark has a rich feature set which includes the following:
|
|
maltegoce |
Social Engineering Tools |
|
root@kali:~# cat /opt/Teeth/README.txt NB NB: This runs on Kali Linux =-=-=-=-=-=-=-=-=-=-=-=-=-=-=- #Make directory /opt/Teeth/ #Copy tgz to /opt/Teeth/ #Untar Load the config file called /opt/Teeth/etc/Maltego_config.mtz file into Maltego. This is painless:
|
dnmap-client |
information gathering |
dnmap is a framework to distribute nmap scans among several clients. It reads an already created file with nmap commands and send those commands to each client connected to it. The framework use a client/server architecture. The server knows what to do and the clients do it. All the logic and statistics are managed in the server. Nmap output is stored on both server and client. Usually you would want this if you have to scan a large group of hosts and you have several different internet connections (or friends that want to help you). |
Connect to the server at 192.168.1.15 (-s) using the alias dnmap-client1 (-a): root@kali:~# dnmap_client -s 192.168.1.15 -a dnmap-client1
|
dnmap-server |
information gathering |
dnmap is a framework to distribute nmap scans among several clients. It reads an already created file with nmap commands and send those commands to each client connected to it. The framework use a client/server architecture. The server knows what to do and the clients do it. All the logic and statistics are managed in the server. Nmap output is stored on both server and client. Usually you would want this if you have to scan a large group of hosts and you have several different internet connections (or friends that want to help you). |
Create a text file containing the nmap commands that the clients will run. Pass the file dnmap.txt (-f) to start the server:
|
kismet |
Wireless Attacks |
Kismet is an 802.11 layer-2 wireless network detector, sniffer, and intrusion detection system. It will work with any wireless card that supports raw monitoring (rfmon) mode, and can sniff 802.11a/b/g/n traffic. It can use other programs to play audio alarms for network events, read out network summaries, or provide GPS coordinates. This is the main package containing the core, client, and server. |
Start the Kismet server, using the wireless interface as the capture source (-c wlan0) and use the external GPSD option (–use-gpsd-gps):
|
Surveillance and Reconnaissance Processes:
Scan a network to determine the operating systems installed on hosts
Using nmap, I entered the command: nmap –v –A scanme.nmap.ord.
Using nmap, I entered the command: nmap –v –A scanme.nmap.ord.
List of the ports, their state, service and version
The list of the aggressive OS guesses: Oracle Virtualboc (94%)
Perform a Dictionary Attack Against a Host’s SSH Service:
I was not successful in exploiting vulnerabilities in Metasploitable. I began by running the “ifconfig” in Metasploitable to get the “inet address.” I then opened up nmap and ran a scan of 65536 ports of the Metasploitable inet address and found all of the ports to be closed. This was the first road block that I came across. I also found that SSH protocol is no longer supported when I checked the root login. Each backdoor and unintentional backdoor that I probed resulted in a failed connection to the Metasploitable inet address.
By typing in “msfconsole” into the nmap command line I was able to bring up Metasploitable within the nmap program. However, I was never able to infiltrate the Metasploitable vulnerabilities of the Metasploitable program on my Kali Linux VM or my separate Metasploitable VM.
Some other methods that I might use to exploit Metasploitable would include password crackers. I would begin with a plain brute force attack by using some commonly used username and passwords:
Usernames Passwords
msfadmin msfadmin
user user
postgres postgres
sys batman
klog 123456789
service service
(Rapid7, 2018)
Some of the programs that I would use to attempt to crack the passwords for Metasploitable include RainbowCrack, medusa, pyrit, and hashcat. There are several other good password attack programs to use after starting with these first.
By typing in “msfconsole” into the nmap command line I was able to bring up Metasploitable within the nmap program. However, I was never able to infiltrate the Metasploitable vulnerabilities of the Metasploitable program on my Kali Linux VM or my separate Metasploitable VM.
Some other methods that I might use to exploit Metasploitable would include password crackers. I would begin with a plain brute force attack by using some commonly used username and passwords:
Usernames Passwords
msfadmin msfadmin
user user
postgres postgres
sys batman
klog 123456789
service service
(Rapid7, 2018)
Some of the programs that I would use to attempt to crack the passwords for Metasploitable include RainbowCrack, medusa, pyrit, and hashcat. There are several other good password attack programs to use after starting with these first.
Getting Started:
Services:
Unix Basics:
Backdoors:
Unintentional Backdoors:
History Command:
Launch an Exploit Payload Against a Vulnerable Web Service:
Step 1: The criteria that I have selected to be used in evaluating the selection of a vulnerability scanning tool to operate within my lab environment is whether or not the vulnerability scanning tool fulfills these steps for assessing the vulnerability security of a network:
Step 2: NESSUS: It is a branded and patented vulnerability scanner created by Tenable Network Security. It prevents the networks from the penetrations made by hackers by assessing the vulnerabilities at the earliest. It can scan the vulnerabilities which permit remote hacking of sensitive data from a system. It supports an extensive range of OS, Dbs, applications and several other devices among cloud infrastructure, virtual and physical networks. It has been installed and used by millions of users all over the world for vulnerability assessment, configuration issues etc. (Admin, 2018)
Nessus provides vulnerability coverage for software flaws, Malware & botnets, Configuration, and Physical, virtual and Cloud Coverage. According to Tenable, Inc. the advantages of Nessus include ease of use, it’s comprehensive in supporting more technologies and identifies more vulnerabilities, it claims to have a low cost ($2,190.00 per year), it’s fast and accurate, it provides timely protection, and it is scalable as an organizations vulnerability management needs increase. (Nessus, 2018)
Wireshark: It is extensively used network protocol analyzer considered to be the most powerful tool in the security practitioner’s toolkit. It is used across different streams like government agencies, enterprises, educational institutions etc., to look into the networks at a microscopic level. It captures the issues online and executes the analysis offline. It runs on different platforms like Linus, masOS, Windows, Solaris etc. (Admin, 2018)
Some of the features that are in Wireshark include deep inspection of hundreds of protocols, live capture and offline analysis, standard three-pane packet browser, captured network data can be browsed in a GUI, or via the TTY-mode TShark utility, the most powerful display filters in the industry among other features. (Wireshark, 2018) Wireshark is also free of cost, and already installed and configured on Kali Linux.
- Identify and realize the approach of your company or industry like how it is structured and managed. (Admin, 2018)
- Trace the data, systems, and applications that are exercised throughout the practice of the business. (Admin, 2018)
- Examine the unobserved data sources capable of allowing simple entry to the protected information. (Admin, 2018)
- Classify both the virtual and physical servers that run the essential business applications. (Admin, 2018)
- Track all the existing security measures which are already implemented. (Admin, 2018)
- Inspect the network for any vulnerability. (Admin, 2018)
- Must be cost effective, possibly free of cost
- Compatible with the CVE program
- Compatible with Kali Linux
Step 2: NESSUS: It is a branded and patented vulnerability scanner created by Tenable Network Security. It prevents the networks from the penetrations made by hackers by assessing the vulnerabilities at the earliest. It can scan the vulnerabilities which permit remote hacking of sensitive data from a system. It supports an extensive range of OS, Dbs, applications and several other devices among cloud infrastructure, virtual and physical networks. It has been installed and used by millions of users all over the world for vulnerability assessment, configuration issues etc. (Admin, 2018)
Nessus provides vulnerability coverage for software flaws, Malware & botnets, Configuration, and Physical, virtual and Cloud Coverage. According to Tenable, Inc. the advantages of Nessus include ease of use, it’s comprehensive in supporting more technologies and identifies more vulnerabilities, it claims to have a low cost ($2,190.00 per year), it’s fast and accurate, it provides timely protection, and it is scalable as an organizations vulnerability management needs increase. (Nessus, 2018)
Wireshark: It is extensively used network protocol analyzer considered to be the most powerful tool in the security practitioner’s toolkit. It is used across different streams like government agencies, enterprises, educational institutions etc., to look into the networks at a microscopic level. It captures the issues online and executes the analysis offline. It runs on different platforms like Linus, masOS, Windows, Solaris etc. (Admin, 2018)
Some of the features that are in Wireshark include deep inspection of hundreds of protocols, live capture and offline analysis, standard three-pane packet browser, captured network data can be browsed in a GUI, or via the TTY-mode TShark utility, the most powerful display filters in the industry among other features. (Wireshark, 2018) Wireshark is also free of cost, and already installed and configured on Kali Linux.
Step 3 & 4: Wireshark – Wireshark is already installed and configured to my Kali Linux VM.
Step 5: The IP address range of your test network is:
Wireshark performing a scan of the IP address range of my test network.
Identify the Ports Listening on a Host:
Part 1:
Part 2:
Nmap scan report for 10.0.2.2
Host is up (0.040s latency)
Not shown: 995 filtered ports
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
445/tcp open Microsoft-ds?
902/tcp open ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
912/tcp open vmware-auth VMware Authentication Daemon 1.0 (Uses VNC, SOAP)
3001/tcp open nessus?
Nmap scan report for 10.0.2.3
Host is up (0.030s latency)
Not shown: 995 filtered ports
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
445/tcp open microsoft-ds?
902/tcp open ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
912/tcp open vmware-auth VMware Authentication Daemon 1.0 (Uses VNC, SOAP)
3001/tcp open nessus?
Nmap scan report for 10.0.2.4
Host is up (0.032s latency)
Not shown: 995 filtered ports
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
445/tcp open microsoft-ds?
902/tcp open ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
912/tcp open vmware-auth VMware Authentication Daemon 1.0 (Uses VNC, SOAP)
3001/tcp open nessus?
Nmap scan report for 10.0.2.15
Host is up (0.000034s latency)
All 1000 scanned ports on 10.0.2.15 are closed
- I started by updating my VirtualBox by selecting file then check for updates.
- The VirtualBox 5.2.14 platform package was updated and I restarted my PC.
- I then downloaded the Kali Linux 64 bit from https://www.kali.org/downloads/
- Once Kali Linux was downloaded I installed it onto the VirtualBox.
- I named my Kali Linux 64 bit package “Kali”
- I highlighted Kali VM then clicked the green start arrow to lauch.
- As Kali installed I selected all the recommended procedures for first time users.
- I selected “root” as my username and “toor” as my password, and continued with the installation.
- Once logged in to Kali I opened the drop menu for Applications and selected Nmap.
- I downloaded the Metasploitable VM from https://sourceforge.net/projects/metasploitable/
- Once Metasploitable VM was downloaded I installed it onto the VirtualBox.
- I highlighted the Metasploitable VM then clicked the green start arrow to launch.
- My login to get started was “msfadmin/msfadmin”
- On the Command line I typed in “ip addr show” to obtain the IP address for my Metasploitable VM
- Within my Kali Linux I opened Nmap and began to scan for open ports using the Metsploitable VM IP address.
- Using Nmap I entered the command: nmap -sV <ip address of metasploitable vm>
- The following scan reports were given.
Part 2:
Nmap scan report for 10.0.2.2
Host is up (0.040s latency)
Not shown: 995 filtered ports
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
445/tcp open Microsoft-ds?
902/tcp open ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
912/tcp open vmware-auth VMware Authentication Daemon 1.0 (Uses VNC, SOAP)
3001/tcp open nessus?
Nmap scan report for 10.0.2.3
Host is up (0.030s latency)
Not shown: 995 filtered ports
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
445/tcp open microsoft-ds?
902/tcp open ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
912/tcp open vmware-auth VMware Authentication Daemon 1.0 (Uses VNC, SOAP)
3001/tcp open nessus?
Nmap scan report for 10.0.2.4
Host is up (0.032s latency)
Not shown: 995 filtered ports
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
445/tcp open microsoft-ds?
902/tcp open ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
912/tcp open vmware-auth VMware Authentication Daemon 1.0 (Uses VNC, SOAP)
3001/tcp open nessus?
Nmap scan report for 10.0.2.15
Host is up (0.000034s latency)
All 1000 scanned ports on 10.0.2.15 are closed
Eavesdrop on Communications Between Two Hosts:
Step 1 & Step2: I launched the Kali VM within my lab environment. Once I was logged in I selected the Wireshark tool by selecting the “Applications” drop box at the upper left corner of the Kali VM. Once opened, I then selected the “09 – Sniffing & Spoofing” section, which then allowed me to double click the Wireshark icon to launch the Wireshark tool. The Wireshark tool then automatically configured.
Step 3: To capture interfaces I first selected Capture then Options from the Wireshark tool main menu. Once in the Wireshark tool I selected “eth0” as the appropriate interface for monitoring the network that the Kali VM was connected on.
Step 3: To capture interfaces I first selected Capture then Options from the Wireshark tool main menu. Once in the Wireshark tool I selected “eth0” as the appropriate interface for monitoring the network that the Kali VM was connected on.
Step 4: I launched the web browser within the Kali VM and began surfing to various web sites, including sites with SSL security applied.
Step 5: Screen captures of IP packets captured.
Screen captures of TCP segments captured.
Screen captures of encrypted messages captured.
Identify the SSID of an Active Wireless Network:
According to the Kismet Wireless website the purpose of Kismet is to perform as a “wireless network detector, sniffer, and intrusion detection system.” (Bau, 2018) Furthermore, Kismet is able to work with “WiFi cards, as well as Bluetooth devices for scanning discoverable BT and BTLE devices, the RTL-SDR radio for detecting wireless sensors, thermometers, and switches, and other capture hardware.” (Bau, 2018)
Using Kismet I was able to extract multiple pieces of information about the wireless environment. I was able to determine that the BSSID was 02:00:00:06:00:00. I was also able to determine the frequency at 2457 (10) – 9 packets, 50.00%. The signal was -50dBm (max -50dBm) and the Noise was at 0dBm (max -256dBm). I was also able to determine that 18 packets were detected for network #4. I could see the yellow and red bars were detecting both packets and data being transmitted on the wireless network. Kismet was also able to detect the name of the network (<any>), whether or not the information was encrypted, the channel being used, and the size of the data and packets in mbits.
Using Kismet I was able to extract multiple pieces of information about the wireless environment. I was able to determine that the BSSID was 02:00:00:06:00:00. I was also able to determine the frequency at 2457 (10) – 9 packets, 50.00%. The signal was -50dBm (max -50dBm) and the Noise was at 0dBm (max -256dBm). I was also able to determine that 18 packets were detected for network #4. I could see the yellow and red bars were detecting both packets and data being transmitted on the wireless network. Kismet was also able to detect the name of the network (<any>), whether or not the information was encrypted, the channel being used, and the size of the data and packets in mbits.
List of broadcasting SSIDs
Lessons Learned and Final Thoughts:
Throughout the course I have installed and configured two Virtual Machines, conducted Information Gathering, Vulnerability Analysis, password and wireless attacks, used exploitation tools, and reported my findings. The biggest lesson learned throughout all the lessons is to patiently work through each step, research different approaches to completing the task at hand, and call a friend to bounce ideas off of. Working as a team with my fellow classmates I was able to gain a greater understanding of each lesson module. I also learned that if you do not have great strength in one application, it is okay. There are several applications that can conduct the same task that you are trying to complete. Using a different application may give the user a different approach, and possibly the user may have an easier time with completing the task.
Although I did not have much success with exploiting the vulnerabilities on Metasploitable using nmap, I will continue attempting to exploit Metasploitable using other vulnerability analysis tools like nikto, lynis, and Sparta. If one of the vulnerability analysis programs does not work that does not mean that none of them will be successful in exploiting vulnerabilities. It is also possible to exploit the PHP information disclosure page at http://ip/phpinfo.php. This vulnerability provides internal system information and service version information that can be used to look up vulnerabilities. (Rapid7, 2018)
Wireshark is a great open source packet analyzer on the market. “Some of the intended purposes of Wireshark include network administrators using to troubleshoot network problems. Network security engineers use it to examine security problems. Quality Assurance/Quality Control engineers use it to verify network applications. Developers use it to debug protocol implementations. And everyday people use it to learn network protocol internals.” (Wireshark, 2018) The entire purpose of Wireshark is that it allows its users to capture packets and lets them examine their contents. It is also important to state what Wireshark is not capable of doing. It is not an intrusion detection system. Also, it will not manipulate things on the network, it will only “measure” things on the network. (Wireshark, 2018) One of the great things about Wireshark is that it is released under the GNU General Public License (GPL). As a result, it is very easy for people to add new protocols to Wireshark, either as plugins, or built into the source. (Wireshark, 2018)
When I ran the Kismet Wireless sniffer I first was taken aback at how much information is exposed over WiFi. The thing that stood out the most was that Kismet Wireless was able to determine if the information was encrypted. This is important information that an attacker can use to decide whether or not they want to attempt a man-in-the-middle attack. I also learned that one can determine how many packets are being transmitted, and whether or not the information being transferred is packets or data. The name of the network is also easily identifiable to the Kismet Wireless sniffer. This information allows the attacker to be able to attribute packets and data to specific persons on specific networks, which along with knowing whether or not the information is encrypted or not, painting a clear picture of the type of information and from who it is coming from. This may help the attacker to determine how valuable the information that is being transmitted.
In the future, I shall be using the applications on Kali Linux to determine the vulnerabilities on my own personal WiFi network. I shall also be using the applications to test my own vulnerabilities on my computers and my home network as a whole. I also have learned valuable techniques, tactics, and procedures to apply in my job as a cyber intelligence analyst for the United States Army. Although we have different applications that we use within the Department of the Army, the concepts are the same: find the vulnerabilities, analyze the weaknesses, and mitigate the risks. I will also be taking the lesson learned of working as a team to accomplish the task at hand to my team in the Army. At times it is needed that everyone takes there piece of the pie, completes it, and then brings it all together at the end for the final product. However, at times it is faster and easier to work as a team on each task so that no one gets left behind on the project. Furthermore, it is often the case that one needs to start with step one in order to understand and complete step 5 of a task. Learning the new applications on Kali Linux will be helpful for future tasks, but learning the processes and working as a team was the greatest lesson learned in this course.
Although I did not have much success with exploiting the vulnerabilities on Metasploitable using nmap, I will continue attempting to exploit Metasploitable using other vulnerability analysis tools like nikto, lynis, and Sparta. If one of the vulnerability analysis programs does not work that does not mean that none of them will be successful in exploiting vulnerabilities. It is also possible to exploit the PHP information disclosure page at http://ip/phpinfo.php. This vulnerability provides internal system information and service version information that can be used to look up vulnerabilities. (Rapid7, 2018)
Wireshark is a great open source packet analyzer on the market. “Some of the intended purposes of Wireshark include network administrators using to troubleshoot network problems. Network security engineers use it to examine security problems. Quality Assurance/Quality Control engineers use it to verify network applications. Developers use it to debug protocol implementations. And everyday people use it to learn network protocol internals.” (Wireshark, 2018) The entire purpose of Wireshark is that it allows its users to capture packets and lets them examine their contents. It is also important to state what Wireshark is not capable of doing. It is not an intrusion detection system. Also, it will not manipulate things on the network, it will only “measure” things on the network. (Wireshark, 2018) One of the great things about Wireshark is that it is released under the GNU General Public License (GPL). As a result, it is very easy for people to add new protocols to Wireshark, either as plugins, or built into the source. (Wireshark, 2018)
When I ran the Kismet Wireless sniffer I first was taken aback at how much information is exposed over WiFi. The thing that stood out the most was that Kismet Wireless was able to determine if the information was encrypted. This is important information that an attacker can use to decide whether or not they want to attempt a man-in-the-middle attack. I also learned that one can determine how many packets are being transmitted, and whether or not the information being transferred is packets or data. The name of the network is also easily identifiable to the Kismet Wireless sniffer. This information allows the attacker to be able to attribute packets and data to specific persons on specific networks, which along with knowing whether or not the information is encrypted or not, painting a clear picture of the type of information and from who it is coming from. This may help the attacker to determine how valuable the information that is being transmitted.
In the future, I shall be using the applications on Kali Linux to determine the vulnerabilities on my own personal WiFi network. I shall also be using the applications to test my own vulnerabilities on my computers and my home network as a whole. I also have learned valuable techniques, tactics, and procedures to apply in my job as a cyber intelligence analyst for the United States Army. Although we have different applications that we use within the Department of the Army, the concepts are the same: find the vulnerabilities, analyze the weaknesses, and mitigate the risks. I will also be taking the lesson learned of working as a team to accomplish the task at hand to my team in the Army. At times it is needed that everyone takes there piece of the pie, completes it, and then brings it all together at the end for the final product. However, at times it is faster and easier to work as a team on each task so that no one gets left behind on the project. Furthermore, it is often the case that one needs to start with step one in order to understand and complete step 5 of a task. Learning the new applications on Kali Linux will be helpful for future tasks, but learning the processes and working as a team was the greatest lesson learned in this course.