Author Archives: 2201807993ikhsan

Week 2

Leave a reply

In this session, we learned about Source of Network-Based Evidence and Principles of Internetworking.

There are many different types of network-based evidence which are:

  1. On the wire
  2. In the air
  3. Switches
  4. Routers
  5. DHCP Server
  6. DNS Server
  7. Authentication Server
  8. NIDS/NIPS
  9. Firewalls
  10. Web Proxies
  11. Application Server
  12. Centralized Log Server
  13. Modem

On the wire refers to physical cabling that carries data over the network. There are 3 different tap types which are vampire tap, surreptitious fibre tap, and infrastructure tap.

In the air works as a wireless station to station signals where it checks radio frequency and infrared to obtain management and control frames, access point names, MAC addresses and traffic analysis.

Switches are physical connection between network segments where it can be used to capture and preserve network, and to mirror traffic from one port to another.

Week 1

Leave a reply

As this is the first week, we were introduced to what network forensics actually is. It can be defined as a section of digital forensics, where it’s objective mainly focuses on monitoring and analyzing network traffic with the purpose of information gathering, legal evidence, intrusion detection. Although often confused with computer forensics, network forensics is different with Computer Forensics. In network forensics, the data is changing in real time and the lack of persistent data storage where the evidence sometimes exist only in RAM makes it difficult to find traces of attacks that has occurred before.

Network forensics is used to help identify what data was taken and the systems that were affected, as well as to collect evidence against the attacker. There are 7 different evidence types which are:

  1. Real (physical)
  2. Best (produced in court)
  3. Direct (eye witness)
  4. Circumstantial (links with other evidence)
  5. hearsay (second hand)
  6. business records ( routinely generated documentation)
  7. digital (electronic)

Nikto

Leave a reply

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

Nikto is a vulnerability scanner that scan websites for outdated server, dangerous files, directories, etc. The vulnerabilities are found by the tool running large number of tests against the target.

To begin, type:

$  nikto -host target

Note: The target can be either a domain name or an IP address.

WPScan: Brute Force

Leave a reply

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

By using the information gathered from enumerating username, and through the generation of a password list using CUPP or CeWL (you are free to use any password list), we are able to attack a certain user by brute forcing their username alongside the password list.

To start the brute force type:

$ wpscan –url https://pentest.id/wp-login.php -P apietz.txt -U @apietz

Note: If an error occurs mentioning that the site does not seem to be running WordPress, add ” –force ” at the end of the command above.

SET: Cloning a Website

Leave a reply

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

SET is a Social Engineering Toolkit. This tool allows us to clone a popular website, applying the method of impersonation, which is one of the many methods of Social Engineering. Social Engineering itself is the act of exploiting human vulnerabilities in order to obtain sensitive information. Hence, through the act of impersonating a popular website, it is possible to extract sensitive information from people who are gullible.

To start, type: $ sudo setoolkit

Choose option 1, Social-Engineering Attacks

Choose option 2, Website Attack Vectors

Choose option 3, Credential Harvester Attack Method

Choose option 2, Site Cloner

Enter your IP and then the URL of the website you are cloning. In this example, we are cloning https://www.twitter.com.

If you go to the browser, and then enter the IP that we entered to the SET, the website will be cloned. Any information entered on the cloned website’s field will be displayed on the command line as shown below.

Zoom: Scanning Subdomains

Leave a reply

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

By using zoom. we can scan the WordPress for its subdomains.

Firstly, we need to clone the repository first from github by typing:

$ git clone https://github.com/Mebus/cupp.git

After the repository is cloned, change your current directory into the cloned repository by typing:

$ cd zoom

Then, we can finally run the tool by typing:

$ python zoom.py -u target_url –auto

BurpSuite

Leave a reply

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

BurpSuite is a tool that intercepts traffic outgoing from a computer, essentially acting like a proxy. When you open this tool, select “temporary project” and “use burp defaults”. After you’ve entered BurpSuite, go to the proxy tab and you will see that the intercept is on.

Now, head over to the Firefox, open Preferences, and search for the proxy settings, and enter the information as shown below

After clicking Ok, requests are now intercepted by BurpSuite as shown below.

Click “Forward” to load the website.

The Harvester

Leave a reply

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

The harvester is a tool that is used for information gathering. By using this tool we are able to find emails, names, subdomains, IPs, and URLs associated with a certain domain using search engines like google or bing.

$ theHarvester -d binus.ac.id -b google -l 500

-d is the domain to search

-b is the data source (e.g. google, bing)

-l is the limit to the number of results to work with

Censys

Leave a reply

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

There are various methods to find the real IP of a website behind Cloudflare. By using censys.io we are able to find the IP behind Cloudflare. All we have to do is just enter the domain name in censys.io

Nmap

Leave a reply

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

By using nmap, we are able to scan and discover hosts and services by sending packets to the target and analyzing the responses. Nmap is useful for discovering open port targets.

$ nmap pentest.id