Wireshark and Recognizing Exploits, HakTip 138
HTML-код
- Опубликовано: 11 мар 2015
- Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
____________________________________________
This week on HakTip, Shannon pinpoints an exploitation using Wireshark.
Working on the shoulders of last week's episode, this week we'll discuss what exploits look like in Wireshark. The example I'm sharing is from Practical Packet Analysis, a book by Chris Sanders about Wireshark.
Our example packet shows what happens when a user visits a malicious site using a bad version of IE. This is called spear phishing. First, we have HTTP traffic on port 80. We notice there is a 302 moved response from the malicious site and the location is all sorts of weird. Then a bunch of data gets transferred from the new site to the user. Click Follow TCP Stream. If you scroll down, you see some weird gibberish that doesn't make sense and an iframe script. In this case, it's the exploit being sent to the user.
Scroll down to packet 21 and take a look at the .gif GET request. Lastly, Follow packet 25's TCP Stream. This shows us a windows command shell, and the attacker gaining admin priveledges to view our user's files. FREAKY. But now a network admin could use their intrusion detection system to set up a new alarm whenever an attack of this nature is seen.
If someone is trying to do a MITM attack on a user, it might look like our next example packet. 54 and 55 are just ARP packets being sent back and forth, but in packet 56 the attacker sends another ARP packet with a different MAC address for the router, thereby sending the user's data to the attacker then to the router. Compare 57 to 40, and you see the same IP address, but different macs for the destination. This is ARP cache Poisoning.
Let me know what you think. Send me a comment below or email us at tips@hak5.org. And be sure to check out our sister show, Hak5 for more great stuff just like this. I'll be there, reminding you to trust your technolust.
~-~~-~~~-~~-~
Please watch: "Bash Bunny Primer - Hak5 2225"
• Bash Bunny Primer - Ha...
~-~~-~~~-~~-~
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community - where all hackers belong. 
Наука
All these words are just hitting me in the Face. Ms. Snubs, you continue to motivate me to continue learning new things. Especially Networking, which I have tried to avoid for so long. Thank you and keep up the great work.
Great job folks. Love sharing your Wireshark videos with my subscribers
super nice video (as away) tks Shannon!
So much to learn still. Thanks!
My college appears to have come under some sort of attack not that long ago as all of the IP addresses on the network were reading as having the same MAC address, which is not the normal network behaviour
Shannon Morse what was that book you mentioned?
I recognized the shellcode immediately. Pays to be a pentester in training.
Please mention the link of the wireshark file you analysed
There is a good version of IE??
hi i am hacked into and have dos attacks daily, these poeple get my cameas down then break in my home, trhis past weekend at 3am this was done and i heard them in my home and found my cat dead lying on the floor 2nd cat in 1 month dead like this out of nowhere when cameras are down from hackers, i can see th routers logs from the attacks of course how can i track who this is for proof of who it is? thanks
I'm guessing the explanation is far too lengthy and complex for me to expect an answer but, isn't our router or browser or the firewall supposed to block these kind of things? Now I have to do MS's job and learn to recognize and block malicious packets?
what size green screen you use where can I get one
Green paint on a wall or Amazon
Thanks
thanks!
Hi wow, thanks, I think my computer is being hacked quite often id like to know if Wireshark captures the hackers information so I have the evidence?
If our router get this attack, how we protect ourself from this kind attack?
Port 80 is no longer normal.
Only DoS attacks that just turn me into a bot cause I'm too lazy too automate. And feel I shouldn't have to.
i start loving cats 😂😂
Unfortunatelly u can get even near any access with that windows shell :)
It is so entertaining to watch even tho i don't understand almost anything she says xD
"Using a bad version of Internet Explorer."
"every IE version ever" ~ Full Stack Sofware, App, Web Developer
@@nickvandenberg4244 European name, Programmer... Name checks out. My only qualifier is that I has Autism. It sucks here in America right now.... But, you are correct about IE. It could have been so much more.
@@blackneos940 we know, hope Biden will fix the dipshit system and polarisation in the US, should use trias politica and destroy cancel culture I also do qualify for DSM-IV
@@nickvandenberg4244 Well, now it seems like Biden's son had business deals with China or something. But, worse than that, it seems the Program used to calculate the votes had "glitches/a glitch". I kinda' like Trump, but it would be a whole lot better if there wasn't so much shadiness with the possible glitches/glitch purposefully put into the Code, and if there was no question of fraud. Now the U.S. Supreme Court is involved with the allegations. Lovely. Meanwhile, people are getting beaten senselessly for either being Trump supporters or for some other reason. Mostly it seems to be ANTIFA, who claim to be against fascism. America is probably going to die off, due to all this division over politics. Oh, you said you might have Autism, right? What traits do you have? Mine are repetitive behavior, intense interest in something like Programming or video games, and fidgeting.
i'd let u ddos my life support machine