Blackhat Carding Forum | Carding Forum - Credit Cards - Hacking Forum - Cracking Forum | Bhcforums.cc

Announcement :

For Purchasing Advertising Contact Us | Jabber : [email protected] | Telegram :- @bhcis





PLACE YOUR TEXT HERE FOR ADVERTISE
PLACE YOUR TEXT HERE FOR ADVERTISE
CC+CVV Private Base Wholesale & Retail | 200+ Countries | Rare BINs
Best CC Shop Daily Updates | 200+ Countries | High Quality | 24/7 Fast Support
BlackBet.cc Banks, Shops, Real Docs, SSN+DOB, PayPal, GVoice/Gmail, Lookups






BlackHat CARDING FORUM

Not a member yet? Why not Sign up today
Login to account Create an account  




>PLACE TEXT ADVERTISING HERE< &PLACE TEXT ADVERTISING HERE< >PLACE TEXT ADVERTISING HERE< >PLACE TEXT ADVERTISING HERE<





Announcement : Black Hat Forum is one of the Best Black Hat Carding Forum welcome you. We will share great stuff for our loved members, hope you enjoy your stay on our Black Hat Forum and you will return to us EVERYDAY. Stay Safe Enjoy Blackhat Carding Forum.

> > > >

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5


Thread tools
[Guide] Forensics Tools in Kali
Offline
Most Active Person
****
Posts: 161
Threads: 161
Joined: Apr 2020
Reputation: 0
Points: 2€


#1
05-14-2020, 06:44 AM
0
0
Kali Linux is often thought of in many instances, it’s one of the most popular tools available to security professionals. It contains a robust package of programs that can be used for conducting a host of security-based operations. One of the many parts in its division of tools is the forensics tab, this tab holds a collection of tools that are made with the explicit purpose of performing digital forensics.
Forensics is becoming increasingly important in today’s digital age where many crimes are committed using digital technology, having an understanding of forensics can greatly increase the chance of making certain that criminals don’t get away with a crime.
This article is aimed at giving you an overview of the forensic capabilities possessed by Kali Linux.
So, let’s start with the programs as they appear in the forensics menu:
Autopsy
A tool used by the military, law enforcement and other entities when it comes time to perform forensic operations. This package is probably one of the most robust ones available through open source, it combines the functionalities of many other smaller packages that are more focused in their approach into one neat application with a web browser based UI.
[Image: aut%2B2.PNG?w=687&ssl=1]
It is used to investigate disk images. When you click on Autopsy, it starts the service and its user interphase can be accessed on the web browser at

[To see content please register here]

. It gives the user a full range of options required to create a new case file: Case Name, Description, Investigators Name, Hostname, Host time zone, etc.
Its functionalities include – Timeline analysis, keyword search, web artifacts, hash filtering, data carving, multimedia and indicators of compromise. It accepts disk images in RAW or E01 formats and generates reports in HTML, XLS and body file depending on what is required for a particular case.
Its robustness is what makes it such a great tool, be it case management, analysis or reporting, this tool has you covered.
[Image: aut%2B1.PNG?w=687&ssl=1]
Binwalk
This tool is used while dealing with binary images, it has the capability of finding the embedded file and executable code by exploring the image file. It is a very powerful tool for those who know what they are doing, if used right, it can be used to find sensitive information hidden in firmware images that can be lead to uncovering a hack or used to find a loophole to exploit.
This tool is written in python and uses the libmagic library, making it perfect for usage with magic signatures created for Unix file utility. To make things easier for investigators, it contains a magic signature file which holds the most commonly found signatures in firmware’s, making it easier to spot anomalies.
[Image: binwalk.png?w=687&ssl=1]
Bulk Extractor
This is a very interesting tool when an investigator is looking to extract certain kind of data from the digital evidence file, this tool can carve out email addresses, URL’s, payment card numbers, etc. This is tool works on directories, files, and disk images. The data can be partially corrupted or it can be compressed, this tool will find its way into it.
The tool comes with features which help create a pattern in the data that is found repeatedly, such as URL’s, email ids and more and presents them in a histogram format. It has a feature by which it creates a word list from the data found, this can assist in cracking the passwords of encrypted files.
[Image: blk%2Bex.png?w=687&ssl=1]
Chkrootkit
This program is mostly used in a live boot setting. It is used to locally check the host for any installed rootkits. It comes in handy trying to harden an endpoint or making sure that a hacker has not compromised a system.
It has the capability to detect system binaries for rootkit modification, last log deletions, quick and dirty string replacements, and temp deletions. This is just a taste of what it can do, the package seems simple at first glance but to a forensic investigator, its capabilities are invaluable.
[Image: chroot.png?w=687&ssl=1]
Foremost
Deleted files which might help solve a digital incident? No problem, Foremost is an easy to use open source package that can carve data out of formatted disks. The filename itself might not be recovered but the data it holds can be carved out.
Foremost was written by US Air Force special agents. It can carve files by referencing a list of headers and footers even if the directory information is lost, this makes for fast and reliable recovery.
[Image: foremost.png?w=687&ssl=1]
Galleta
When following a trail of cookies, this tool will parse them into a format that can be exported into a spreadsheet program.
Understanding cookies can be a tough nut to crack, especially if the cookies might be evidence in a cyber-crime that was committed, this program can lend a hand by giving investigators the capability to structure the data in a better form and letting them run it through an analysis software, most of which usually require the data to be in some form of a spreadsheet.
[Image: galleta.png?w=687&ssl=1]
Hashdeep
This program is a must when dealing with hashes. Its defaults are focused on MD5 and SHA-256. It can be existing files that have moved in a set or new files placed in a set, missing files or matched files, Hashdeep can work with all these conditions and give reports that can be scrutinized, it is very helpful for performing audits.
One of its biggest strengths is performing recursive hash computations with multiple algorithms, which is integral when the time is of the essence.
[Image: hashdeep.png?w=687&ssl=1]
Volafox
This is a memory analysis tool that has been written in Python, it is focused towards memory forensics for MAC OS X. It works on the Intel x86 and IA-32e framework. If you’re trying to find malware or any other malicious program that was or is residing on the system memory, this is the way to go.
[Image: volafox.png?w=687&ssl=1]
Volatility
Probably one of the most popular frameworks when it comes to memory forensics. This is a python based tool that lets investigators extract digital data from volatile memory (RAM) samples. It is compatible to be used with the majority of the 64 and 32-bit variants of windows, selective flavors of Linux distros including android. It accepts memory dumps in various forms, be it raw format, crash dumps, hibernation files or VM snapshots, it can give a keen insight into the run-time state of the machine, this can be done independently of the host’s investigation.
Here’s something to consider, decrypted files and passwords are stored in the RAM, and if they are available, investigating files that might be encrypted in the hard disk can be a lot easier to get into and the overall time of the investigation can be considerably reduced.
[Image: volatility.png?w=687&ssl=1]
We will be following up this particular article with an in-depth review of the tools we have mentioned, with test cases.
Have fun and stay ethical.           

Today we are going to take another CTF challenge known as Basic Penetration. The credit for making this VM machine goes to “Josiah Pierce” and it is another boot2root challenge where we have to root the server to complete the challenge. You can download this VM

[To see content please register here]

.
Security Level: Beginner
Penetrating Methodology:
  1. Scanning
  • Netdiscover
  • NMAP
  1. Enumeration
  • Web Directory search
  • Credential harvesting
  1. Exploiting
  • Metasploit shell upload
  • sh
  1. Privilege Escalation
  • Exploit Sudo rights
Walkthrough:
Scanning:
Let’s start off by scanning the network and identifying the host IP address. We can identify our host IP as 192.168.1.100 by using Netdiscover.
netdiscover
1
netdiscover
[Image: 1.png?w=687&ssl=1]
Then we used Nmap for port enumeration. We find that port 21(ftp), 22(ssh) and 80 are open on the target.
nmap -A 192.168.1.100
1
nmap -A 192.168.1.100
[Image: 2.png?w=687&ssl=1]
Enumeration:
As we can see port 80 is open, so we tried to open the IP address in our browser but we didn’t find anything on the webpage.
[Image: 3.png?w=687&ssl=1]
So we used dirb for directory enumeration.
dirb

[To see content please register here]


1
dirb

[To see content please register here]


After bruteforcing with dirb we found a directory named /secret
[Image: 4.png?w=687&ssl=1]
Now we tried to open it in our browser. We came to know that the website is a WordPress site.
[Image: 5.png?w=687&ssl=1]
We tried to open the admin page 192.168.1.100/secret/wp-admin but it wouldn’t open and we got redirected to the URL which you can see in the screenshot
[Image: 6.png?w=687&ssl=1]
Then we added vtcsec to the hosts file.
[Image: 7.png?w=687&ssl=1]
Now we were able to access the admin page.
[Image: 8.1.png?w=687&ssl=1]
Exploiting:
We tried some basic credential combinations used in WordPress and found admin: admin was working for us.
Then we used Metasploit to upload admin shell into the target using the above credentials and wait for a meterpreter session.
use exploit/unix/webapp/wp_admin_shell_upload
set username admin
set password admin
set targeturi /secret/
set rhosts 192.168.1.100
run
1
2
3
4
5
6
use exploit/unix/webapp/wp_admin_shell_upload
set username admin
set password admin
set targeturi /secret/
set rhosts 192.168.1.100
run
We successfully got a meterpreter session.
[Image: 8.png?w=687&ssl=1]
We then uploaded LineEnum.sh script to check if password hashes are stored in /etc/passwd and also attempt to read restricted file i.e. /etc/shadow.
[Image: 9.png?w=687&ssl=1]
Here we can see the /etc/shadow has read-only permission.
[Image: 10.png?w=687&ssl=1]
After opening the /etc/shadow file we can see there is a user with the name marlinspike
[Image: 13.png?w=687&ssl=1]
We downloaded this shadow file into our local system and used John the Ripper to crack the password.
We found the password for the user marlinspike is marlinspike
[Image: 14.png?w=687&ssl=1]
Privilege Escalation
Now we log in as marlinspike.
We checked the sudoers list and found that we have all the access as root, so we did sudo as superuser.
Great! We have successfully completed our challenge as we able access the target as a root user.
su marlinspike
sudo –l
sudo su
id
1
2
3
4
su marlinspike
sudo –l
sudo su
id
[Image: 15.png?w=687&ssl=1]

In our previous article, we had discussed “

[To see content please register here]

” where we had seen how an ICMP protocol work at layer 3 according to the OSI model and study its result using Wireshark. Today we are going discuss to ICMP penetration testing by crafting ICMP packet to test our IDS “Snort” against all ICMP message Types using Cat Karat tool, you can download it from

[To see content please register here]

link.
For configuring Snort as IDS read our previous article “

[To see content please register here]

” it will automatically install snort in your system with a predefined set of rules that will help in packet capturing of your network.
Let’s start!!
Basically, we will perform this practical in three phases as described below:
Packet crafting: In this phase, we will craft each ICMP packet with a different type of ICMP message using Cat Karat. For more detail about Packet crafting process read our previous

[To see content please register here]

.
Packet Capturing: In this phase, we will capture the ICMP packet and receive an alert when it will enter into the target’s network using snort as IDS.
Packet Analysis: In this phase, we will investigate the captured packet using Wireshark.
Brief Introduction on ICMP Protocol
ICMP message contains two types of codes i.e. query and error.
Query: The query messages are the information we get from a router or another destination host.
For example, given below message types are some ICMP query codes:
  • Type 0 = Echo Reply
  • Type 8 = Echo Request
  • Type 9 = Router Advertisement
  • Type 10 = Router Solicitation
  • Type 13 = Timestamp Request
  • Type 14 = Timestamp Reply
Error: The error statement messages reports problem which a router or a destination host may generate.
For example: given below message types are some of the ICMP error codes:
  • Type 3 = Destination Unreachable
  • Type 4 = Source Quench
  • Type 5 = Redirect
  • Type 11 = Time Exceeded
  • Type 12 = Parameter Problems
Now when you will run the installed application “Cat KARAT” you will observe three important sections “Interfaces”, “Packet flow” and Packet view which in their default state as shown in given below image.
[Image: 1.png?w=687&ssl=1]
Message TYPE 0 ICMP Packet Crafting
So as we know in Packet Crafting Operation “Packet Assembly” is the 1st phase where we need to decide protocol for crafting any packet, which is quite easy to select with this tool. Only enable the radio button for selecting protocol and direction flow of packet. Here I had enabled radio buttons for “IPv4” and “ICMP” without disturbing remaining default packet flow as shown given below image.
Next, we need to select the “interface” which you can select from the Interfaces by double-Click on it.
[Image: 2.png?w=687&ssl=1]
Now next is “packet Editing” phase where you need to specify the source IP address such as 192.168.1.2 from which packet will be sent and Destination IP address such as 192.168.1.107 on which packet is received. Moreover, you can also make some changes in your packet such as Time to live (TTL), Data length and also can go with packet fragmentation.
From given below image you can observe I had added source and destination IP in the packet under the third section protocol view -> Ipv4
[Image: 4.png?w=687&ssl=1]
Under the 3rd section protocol view in catKarat explore ICMP tab and select “0-Echo Response” option which generates type 0 ICMP message. Once everything is edited then your packet is ready to send on the target network. Click on play button given in menu bar for sending the packet on target’s network which known as “packet playing” phase of packet Crafting operation. This ICMP message type also uses to test the strength of IDS and Firewall against ICMP smurf Dos Attack.
[Image: 5.png?w=687&ssl=1]
Capturing ICMP-Type0 packet through IDS
The advantage of install snort through apt respiratory is that it is quick and easy to install in your system as well as it contains a predefined set of rule files related to every type of network traffic either TCP/UDP or ICMP.
From given below image you can observe that inside the file “icmp-info rules” an alert rule is already implemented for capturing the traffic of ICMP echo Reply packet is found in the network. This rule also works against Smurf Dos attack in which ICMP echo reply/response traffic is received on the target’s network without sending genuine ICMP request packet from the target’s network to another network.
Now turn on IDS mode of snort by executing given below command in terminal:
sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0
1
sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0
[Image: 6.jpg?w=687&ssl=1]
So when IDS received any matching packets defined in a file of rules then generate an alert for the captured packet. From given below image you can observe that an alert is generated by snort for “ICMP Echo Reply” packets from source address 192.168.1.1.2 to destination 192.168.1.107.
[Image: 7.jpg?w=687&ssl=1]
Analysis ICMP-Type0 packet through Wireshark
Now the Last phase is Packet Analysis which is also the last mode of operation of packet crafting process where the received packet is analysis using packet analysis tool. Here we had to use Wireshark for capturing incoming traffic. From given below image you can observe that Wireshark has captured exactly same information which we had a bind in the packet during packet Assembly and packet Editing mode such as ICMP protocol, ICMP message type packet, and other information.
[Image: 8.png?w=687&ssl=1]
When the tester will click on Stop button given in the menu bar of Cat Karat tool he will receive the status of the sent packet either as successful or as failed.
From given below image you can perceive that our ICMP Type 0 is successfully sent on the target machine.
[Image: 9.png?w=687&ssl=1]
Message TYPE 1 ICMP Packet Crafting
So the Packet Assembly phase and Packet Editing phase for ICMP packet crafting are almost the same as above only the difference is made in change ICMP message through which connection will be established with the target network.
Since we want to send traffic through message type 1 packets for establishing a connection with target network therefore select Type -1 Reserved from the given list.
Once everything is edited then your packet is ready to send on the target network. Click on play button given in menu bar for sending the packet on target’s network which known as “packet playing” phase of packet Crafting operation.
[Image: 10.png?w=687&ssl=1]
Capturing ICMP-Type1 packet through IDS
From given below image you can observe that inside the file “icmp-info rules” an alert rule is already implemented for capturing the traffic of ICMP unassigned type 1 packet is found in the network.
Now turn on IDS mode of snort by executing given below command in terminal:
sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0
1
sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0
[Image: 11.png?w=687&ssl=1]
So when IDS received any matching packets defined in a file of rules then generate an alert for the captured packet. From given below image you can observe that an alert is generated by snort for “ICMP unassigned type 1” packets from source address 192.168.1.1.2 to destination 192.168.1.107.
[Image: 12.jpg?w=687&ssl=1]
Analysis ICMP-Type1 packet through Wireshark
From given below image you can observe that Wireshark has captured exactly same information which we had a bind in the packet during packet Assembly and packet Editing mode such as ICMP protocol, ICMP message type “Reserved”  packets and other information.
[Image: 13.png?w=687&ssl=1]
When the tester will click on the Stop button, he will receive the status of the sent packet either as successful or as failed.
From given below image you can perceive that our ICMP Type 1 is successfully sent on the target machine.
[Image: 14.png?w=687&ssl=1]
Message TYPE 2 ICMP Packet Crafting
Again the Packet Assembly phase and Packet Editing phase for ICMP packet crafting are almost the same as above only the difference is made in change ICMP message through which connection will be established with target network.
Since we want to send traffic through only message type 2 packets for establishing a connection with target network therefore select Type 2 Reserved from the given list.
Once everything is edited then your packet is ready to send on the target network. Click on play button for sending the packet on target’s network.
[Image: 15.png?w=687&ssl=1]
Capturing ICMP-Type2 packet through IDS
From given below image you can observe that inside the file “icmp-info rules” an alert rule is already implemented for capturing the traffic of ICMP unassigned type 2 packet is found in the network.
Now turn on IDS mode of snort by executing given below command in terminal:
sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0
1
sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0
[Image: 16.png?w=687&ssl=1]
So when again our IDS received any matching packets defined in its file of rules then generate an alert for the captured packet. From given below image you can observe that an alert is generated by snort for “ICMP unassigned type 2” packets from source address 192.168.1.1.2 to destination 192.168.1.107.
[Image: 17.jpg?w=687&ssl=1]
Analysis ICMP-Type2 packet through Wireshark
Here also the Wireshark has captured exactly same information as per our prediction and fetch same details which we had a bind in the packet during packet Assembly and packet Editing mode such as ICMP protocol, ICMP message “Reserved” packet and other information.
[Image: 18.png?w=687&ssl=1]
Again when the tester will click on the Stop button, he will receive the status of the sent packet either as successful or as failed.
From given below image you can perceive that our ICMP Type 2 is successfully sent on the target machine.
[Image: 19.png?w=687&ssl=1]
Message TYPE 3 ICMP Packet Crafting
Now we want to send traffic through message type 3 packets for establishing a connection with the target network, therefore, select Type 3 Destination Unreachable from the given list.
Once everything is edited then your packet is ready to send on the target network. Click on play button given in menu bar for sending the packet on target’s network.
[Image: 20.png?w=687&ssl=1]
Capturing ICMP-Type3 packet through IDS
From given below image you can observe that inside the file “icmp-info rules” an alert rule is already implemented for capturing the traffic of ICMP Destination Unreachable  Network Unreachable packet when found in the network.
Now turn on IDS mode of snort by executing given below command in terminal:
sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0
1
sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0
[Image: 21.png?w=687&ssl=1]
As said above so when IDS received any matching packets defined in a file of rules then generate an alert for the captured packet. From given below image you can observe that an alert is generated by snort for “ICMP Destination Unreachable Network Unreachable” packets from source address 192.168.1.1.2 to destination 192.168.1.107.
[Image: 22.jpg?w=687&ssl=1]
Analysis ICMP-Type3 packet through Wireshark
From given below image you can observe that Wireshark has captured exactly same information which we had a bind in the packet during packet Assembly and packet Editing mode such as ICMP protocol, ICMP message type “Destination Unreachable” (Network Unreachable) packet and other information.
[Image: 23.png?w=687&ssl=1]
Again when the tester will click on the Stop button, he will receive the status of the sent packet either as successful or as failed.
From given below image you can perceive that our ICMP Type 3 is successfully sent on the target machine.
[Image: 24.png?w=687&ssl=1]
Message TYPE 4 ICMP Packet Crafting
So the Packet Assembly phase and Packet Editing phase for ICMP packet crafting are almost the same as above only the difference is made in change ICMP message through which connection will be established with the target network.
Since we want to send traffic through message type 4 packets for establishing a connection with target network therefore select Type 4 Source Quench from the given list.
Once everything is edited then your packet is ready to send on the target network. Click on play button given in menu bar for sending the packet on target’s network which known as “packet playing” phase of packet Crafting operation.
[Image: 25.png?w=687&ssl=1]
Capturing ICMP-Type4 packet through IDS
From given below image you can observe that inside the file “icmp-info rules” an alert rule is already implemented for capturing the traffic of ICMP Source Quench packet when found in the network.
Now turn on IDS mode of snort by executing given below command in terminal:
sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0
1
sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0
[Image: 26.png?w=687&ssl=1]
So when IDS received any matching packets defined in a file of rules then generate an alert for the captured packet. From given below image you can observe that an alert is generated by snort for “ICMP Source Quench” packets from source address 192.168.1.1.2 to destination 192.168.1.107.
[Image: 27.jpg?w=687&ssl=1]
Analysis ICMP-Type4 packet through Wireshark
Here also the Wireshark has captured exactly same information as per our prediction and fetch same details which we had a bind in the packet during packet Assembly and packet Editing modes such as ICMP protocol, ICMP message type “Source quench” packet and other information.
[Image: 28.png?w=687&ssl=1]
Again when the tester will click on the Stop button, he will receive the status of the sent packet either as successful or as failed.
From given below image you can perceive that our ICMP Type 4 is successfully sent on the target machine.
[Image: 29.png?w=687&ssl=1]
Message TYPE 5 ICMP Packet Crafting
We want to send traffic through message type 5 packets for establishing a connection with the target network, therefore, select Type 5 Redirect from the given list.
Once everything is edited then your packet is ready to send on the target network. Click on play button given in menu bar for sending the packet on target’s network.
[Image: 30.png?w=687&ssl=1]
Capturing ICMP-Type5 packet through IDS
As given in below image you can observe that inside the file “icmp-info rules” an alert rule is already implemented for capturing the traffic of ICMP redirect net packet when found in the network.
Now turn on IDS mode of snort by executing given below command in terminal:
sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0
1
sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0
[Image: 31.png?w=687&ssl=1]
So when IDS received any matching packets defined in a file of rules then generate an alert for the captured packet. From given below image you can observe that an alert is generated by snort for “ICMP Redirect net” packets from source address 192.168.1.1.2 to destination 192.168.1.107.
[Image: 32.jpg?w=687&ssl=1]
Analysis ICMP-Type5 packet through Wireshark
Again as per our prediction, Wireshark has captured exactly same information which we had a bind in the packet during packet Assembly and packet Editing mode such as ICMP protocol, ICMP message type “redirect” packet and other information.
[Image: 33.png?w=687&ssl=1]
Again when the tester will click on the Stop button, he will receive the status of the sent packet either as successful or as failed.
From given below image you can perceive that our ICMP Type 5 is successfully sent on the target machine.
[Image: 34.png?w=687&ssl=1]
Message TYPE 6 ICMP Packet Crafting
So the Packet Assembly phase and Packet Editing phase for ICMP packet crafting are almost the same as above only the difference is made in change ICMP message through which connection will be established with the target network.
Here now next we want to send traffic through message type 6 packets for establishing a connection with target network, therefore, select Type 6 for Alternate Host Address from the given list.
Once everything is edited then your packet is ready to send on the target network. Click on play button given in menu bar for sending the packet on target’s network.
[Image: 35.png?w=687&ssl=1]
Capturing ICMP-Type6 packet through IDS
From given below image you can observe that inside the file “icmp-info rules” an alert rule is already implemented for capturing the traffic of ICMP Alternate Host Address packet is found in the network.
Now turn on IDS mode of snort by executing given below command in terminal:
sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0
1
sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0
[Image: 36.png?w=687&ssl=1]
So when IDS received any matching packets defined in a file of rules then generate an alert for the captured packet. From given below image you can observe that an alert is generated by snort for “ICMP Alternate Host Address” packets from source address 192.168.1.1.2 to destination 192.168.1.107.
[Image: 37.jpg?w=687&ssl=1]
Analysis ICMP-Type6 packet through Wireshark
From given below image you can observe that Wireshark has captured exactly same information which we had a bind in the packet during packet Assembly and packet Editing mode such as ICMP protocol, ICMP message type “Alternate Host Address” packet and other information.
[Image: 38.png?w=687&ssl=1]
Again when the tester will click on the Stop button, he will receive the status of the sent packet either as successful or as failed.
From given below image you can perceive that our ICMP Type 6 is successfully sent on the target machine.
[Image: 39.png?w=687&ssl=1]
Message TYPE 7 ICMP Packet Crafting
Again Repeat the same and send traffic through message type 7 packets for establishing a connection with the target network, therefore, select Type 7 for Unassigned from the given list.
Once everything is edited then your packet is ready to send on the target network. Click on play button given in menu bar for sending the packet on target’s network.
[Image: 40.png?w=687&ssl=1]
Capturing ICMP-Type7 packet through IDS
From given below image you can observe that inside the file “icmp-info rules” an alert rule is already implemented for capturing the traffic of ICMP Alternate Host Address packet is found in the network.
Now turn on IDS mode of snort by executing given below command in terminal:
sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0
1
sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0
[Image: 41.png?w=687&ssl=1]
Therefore when IDS received any matching packets described in the file of rules then it will generate an alert for the captured packet. From given below image you can observe that an alert is generated by snort for “ICMP unassigned type 7” packets from source address 192.168.1.1.2 to destination 192.168.1.107.
[Image: 42.jpg?w=687&ssl=1]
Analysis ICMP-Type7 packet through Wireshark
Wireshark has captured exactly the same information which we had a bind in the packet during packet Assembly and packet Editing mode such as ICMP protocol, ICMP unknown message type “obsolete or malformed” packet and other information.
[Image: 43.png?w=687&ssl=1]
Again when the tester will click on the Stop button, he will receive the status of the sent packet either as successful or as failed.
From given below image you can perceive that our ICMP Type 7 is successfully sent on the target machine.
[Image: 44.png?w=687&ssl=1]
Message TYPE 8 ICMP Packet Crafting
Since we want to send traffic through message type 8 packets for establishing a connection with the target network, therefore, select Type 8 for ICMP echo Request from the given list.
This step is very useful because it will craft a packet will send ICMP Request packet on the target’s network to test the strength of IDS and Firewall.
Infinite packet ICMP Request packet is considered as ICMP Flood or Ping of Death Attack when sent the only network, therefore, we can check our IDS and Firewall Strength against such DOS attack through this packet crafting. 
Once everything is edited then your packet is ready to send on the target network. Click on play button given in menu bar for sending the packet on target’s network.
[Image: 45.png?w=687&ssl=1]
Capturing ICMP-Type8 packet through IDS
From given below image you can observe that inside the file “icmp-info rules” an alert rule is already implemented for capturing the traffic of ICMP Ping packet is found in the network. As we know ICMP Echo Request packet is considered as Ping request packet which sends a request to a network IP for establishing a connection with it.
Now turn on IDS mode of snort by executing given below command in terminal:
sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0
1
sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0
[Image: 46.png?w=687&ssl=1]
So when IDS received any matching packets defined in a file of rules then generates an alert for the captured packet. From given below image you can observe that an alert is generated by snort for “ICMP Ping ” packets from source address 192.168.1.1.2 to destination 192.168.1.107.
[Image: 47.jpg?w=687&ssl=1]
Analysis ICMP-Type8 packet through Wireshark
From given below image you can observe that Wireshark has captured Ping packet for ICMP Echo request as described above, exactly same information which we had a bind in packets such as ICMP protocol, ICMP Ping request message packet, and other information.
[Image: 48.png?w=687&ssl=1]
Again when the tester will click on the Stop button, he will receive the status of the sent packet either as successful or as failed.
From given below image you can perceive that our ICMP Type 8 is successfully sent on the target machine.
[Image: 49.png?w=687&ssl=1]
Message TYPE 9 ICMP Packet Crafting
Now, at last, we want to send traffic through message type 9 packets for establishing a connection with the target network, therefore, select Type 9 for Router Advertisement from the given list.
Once everything is edited then your packet is ready to send on the target network. Click on play button given in menu bar for sending the packet on target’s network.
[Image: 50.png?w=687&ssl=1]
Capturing ICMP-Type9 packet through IDS
From given below image you can observe that inside the file “icmp-info rules” an alert rule is already implemented for capturing the traffic of ICMP Router Advertisement packet is found in the network.
Now turn on IDS mode of snort by executing given below command in terminal:
sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0
1
sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0
[Image: 51.png?w=687&ssl=1]
So when IDS received any matching packets defined in a file of rules then generate an alert for the captured packet. From given below image you can observe that an alert is generated by snort for “ICMP Router Advertisement” packets from source address 192.168.1.1.2 to destination 192.168.1.107.
[Image: 52.jpg?w=687&ssl=1]
Analysis ICMP-Type9 packet through Wireshark
From given below image you can observe that Wireshark has captured exactly same information which we had a bind in the packet during packet Assembly and packet Editing mode such as ICMP protocol, ICMP P ICMP Router Advertisement message packet and other information.
[Image: 53.png?w=687&ssl=1]
Again when the tester will click on the Stop button, he will receive the status of the sent packet either as successful or as failed.
From given below image you can perceive that our ICMP Type 9 is successfully sent on the target machine.
[Image: 54.png?w=687&ssl=1]

Hello friends ! in our

[To see content please register here]

article we had described packet crafting using colasoft packet builder. Again we are going to use a new tool “Cat KARAT” for packet crafting to test our network by crafting various kind of network packet.
Cat Karat Packet Builder is a is a handy, easy to use IP4, IP6, IP4/IP6 tunnels, PPPoE, TCP, UDP, ICMPv4, ICMPv6, VRRP, IGMP, ARP, DHCP , OAM, VLAN (Q in Q), MPLS, Spanning tree BPDU and LLDP packet generation tool that allows to build custom packets for firewall or target testing and has integrated scripting ability for automated testing.
This Packet Builder enables the user to specify the entire contents of the packet from the GUI. In addition to building packets. Packet Builder also supports saving packets to packet files and sending packets to the network. It can be used at all kinds of network areas like traffic generator, packet generator or protocol simulator.
This project also provides a packet capture tool. It is designed for use by anyone who wants to inject packets into a network and/or observe packets exiting a network. Usually, packet operation by following a protocol stack is limited to command line interface. With this tool, all user have to do is click the screen, which almost everybody can do
From:

[To see content please register here]


You can download it from given link above.
Let’s start!!
As we had discussed in our previous article that there is 4 mode of operation in packet crafting.
  1. Packet Assembly
  2. Packet Editing
  3. Packet Playing
  4. Packet Analysis
Let start from the first phase is “Packet Assembly” where you need to decide the type of packet and network you want to create among TCP, IP, ICMP, and UDP.
Now when you will run the installed application “Cat KARAT” you will observe three important sections “Interfaces”, “Packet flow” and Packet view which in their default state as shown in given below image.
[Image: 1.png?w=687&ssl=1]
TCP-SYN Packet Crafting
So as we know in Packet Assembly phase we need to decide protocol for crafting any packet, which is quite easy to select with this tool. Only enable the radio button for selecting protocol and direction flow of packet. Here I had enabled radio buttons for “IPv4” and “TCP” without disturbing remaining default packet flow as shown given below image.
[Image: 2.png?w=687&ssl=1]
Next, we need to select the interface which you can select from the second sections of Interfaces by double-Click on it.
[Image: 3.png?w=687&ssl=1]
Now next is packet Editing phase where you need to specify the source IP address such as 192.168.1.11 from which packet will be sent and Destination IP address such as 192.168.1.12 on which packet is received. Moreover, you can also make some changes in your packet such as Time to live (TTL), Data length and also can go with packet fragmentation.
From given below image you can observe I had added source and destination IP in the packet under the third section protocol view -> Ipv4
[Image: 4.png?w=687&ssl=1]
As we know TCP protocol uses TCP-flag for communication to established connection with Destination IP. Therefore we are crafting TCP-SYN packet under the third section protocol view -> TCP by enabling sync sequence option which flows from source port 80 to destination port 80.
Once everything is edited then your packet is ready to send on the target network.
[Image: 5.png?w=687&ssl=1]
Click on play button given in menu bar for sending the packet on target’s network.
As we know after finishing packet editing operation we need to send it on target network which is known as “Packet Playing” in this mode we actually test packet Assembly and packet Editing mode if show packet is sent successfully else again we send a packet in packet Editing mode for modification.
From given below image you can observe the result “Packet sent successfully”
[Image: 6.1.png?w=687&ssl=1]
The last phase is the Packet Analysis mode where the received packet is analysis using packet analysis tool. Here we had to use Wireshark for capturing incoming traffic. Hence from given below image, you can observe that Wireshark has captured exactly the same information which we had a bind in the packet during packet Assembly and packet Editing modes such as TCP protocol and TCP-SYN packet.
[Image: 7.png?w=687&ssl=1]
TCP-RST Packet Crafting
So the Packet Assembly phase and Packet Editing phase for TCP–RST packet crafting is almost the same as above only the difference is made in change TCP-Flag through which connection will be established with target network.
Since we want to send traffic through only reset packets for establishing a connection with the target network, therefore, enable the checkbox of Reset connect.
[Image: 9.png?w=687&ssl=1]
Click on play button given in menu bar for sending the packet on target’s network which is part of Packet playing mode.
From given below image you can observe the result “Packet sent successfully”
[Image: 10.1.png?w=687&ssl=1]
Hence from given below image, you can observe that Wireshark has captured exactly the same information which we had a bind in the packet during packet Assembly and packet Editing modes such as TCP protocol and TCP-RST packet.
[Image: 10.png?w=687&ssl=1]
TCP-PSH/ACK Packet Crafting
So the Packet Assembly phase and Packet Editing phase for TCP–PSH/ACK packet crafting is almost same as above only the difference is made in change TCP-Flag through which connection will be established with target network.
Since we want to send traffic through only Push with Acknowledgement packets for establishing a connection with the target network, therefore, enable the checkbox of PUSH Function and Acknowledgement.
[Image: 12.png?w=687&ssl=1]
Click on play button given in menu bar for sending the packet on target’s network which is part of Packet playing mode.
From given below image you can observe the result “Packet sent successfully”
[Image: 13.1.png?w=687&ssl=1]
Hence from given below image, you can observe that Wireshark has captured exactly the same information which we had a bind in the packet during packet Assembly and packet Editing mode such as TCP protocol and TCP-PSH/ACK packet.
[Image: 13.png?w=687&ssl=1]
UDP Packet Crafting
Similarly as above in Packet Assembly phase, we need to decide protocol for crafting UDP packet, enable the radio button for selecting protocol and direction flow of packet. Here I had enabled radio buttons for “IPv4” and “UDP” without disturbing remaining default packet flow as shown given below image.
[Image: 14.png?w=687&ssl=1]
Move into Protocol view section for Packet Editing and enter source and destination IP. I had added source and destination IP in the packet under the third section protocol view -> Ipv4 as done above.
[Image: 15.1.png?w=687&ssl=1]
Now explore the UDP tab for design UDP packets as per your requirement, from given below image you can observe default setting details.
Source port: 00000
Destination port: 00000
Now the UDP traffic will flow from source port 0 to destination port 0.
[Image: 15.png?w=687&ssl=1]
Click on play button given in menu bar for sending the packet on target’s network which is part of Packet playing mode.
From given below image you can observe the result “Packet sent successfully”
[Image: 16.1.png?w=687&ssl=1]
From given below image you can observe that Wireshark has captured exactly same information which we had a bind in the packet during packet Assembly and packet Editing mode such as UDP protocol and from source port 0 to destination 0 of 60 lengths.
[Image: 16.png?w=687&ssl=1]
Find Rate
Reply







Users browsing this thread:
1 Guest(s)

 


Blackhat Carding forum


Search keywords: the best carding forum, credit card dumps, free credit cards, carding forum, carders forum, wu transfer, western union transfer, hacked ccv, cc dumps, legit carders, altenen hackers, hacking tutorials, free porn acconts, paypal dumps, bank account login, alboraaq hackers, cheap apple items carded, market hackers, fraud market, perfectmoney stealer, platinum card, database dump, atn, how to card btc, free paypal logs, altenen, how to card bitcoins, bitcoin carding, btc carding, amex cc, havij carding tutorial, shop credit card, visa cc, cheap shipping, alboraaq, underground forum, botnet, hacking programs, bitshacking, truehackers, cc stealer, how to get credit cards, dumps, pin, logs, email logs, hacking tools, hacking programs,carding tools, ccv checker, ccv balance checker, carding tutorials, mg transfer, wu transf, bank transfer, card clone, WebMoney carding, card clone, the best hacking country, india hackers team, alboraaq , pakistan hackers, wu transfer to nigeria, wu bug, wu transfer, iPhone carding shipping, hacking and carding forum, carding stuff, porn accounts, x'xx passwords, WebMoney hacking, abh cc live, fresh smtp, hacking forum scam free smtp, wmz carding , spam paypal, caring, true carders, carding board, what is the best hacking forum, www.hackingforum.ru, www.carderscave.ru, www.darkgeo.com, www.darkgeo.su, www.darkgeo.ru, the best hacking forum, freedom to palestine, indian hackers team, spaming tools, ams fresh spaming, inbox spaming, fresh leads, proxy list, bitcoin wallet stealer, how to hack a bitcoin wallet, perfect money adder, hacking forum rip, carding board, western union transfer only for real hackers, carding 2020, carders 2020, carders forum 2020, carding forum 2020, hacking forum 2020, fraud market 2020, carding tutorials 2020, carding forum 2020, carders forum 2020, carding tutorials 2020, carders 2020, hackers forum 2020, hacking forum 2020, fraud market 2020, hacked wu 2020, carded iphone 2020, cardingf.com. Carding forum, Carders Forum, Hacking Forum, Hackers Forum, Cheap WU Transfer, CCV Dumps, Legit Carders 2020, ATN Team, Altenen, Hacking Tutorials, Free Premium Porn Accounts, Carding Tools 2020, Fraud Carding, Fraudsters Marketplace, Carding Forum Scam, Inbox Spamming, Free Mailer PHP, Free VPN 2020, Best VPN 2020, AlphaBay Market, Free Fresh Mail Leads, Real Hacker Forum, Alboraaq Review, Alboraaq Hackers, Perfect Money Stealer, Darknet Forums, Darknet Hackers, Darknet Carders, Cardable Websites 2020, Buy Credit Card Dumps, Western Union Generator, Money Gram Transfers Cheap, Free CVV, Free RDP, Cheap RDP, Amazon Carding 2020, NonVBV Cardable Websites, TOR VPN 2020, Russian Carding Forum, UK Carding Forums, Bitcoin Wallet Stealer, Bitcoin Carding, Bank Stealer, Hacked Bank Logins, Bank Logins, Free Keyloggers 2020, Best Keylogger Download, Free Receipt Generator, Card Bitcoins easy, Amazon method, Best Pakistan Carders, Dumps Section, Legit Carding, Unseen, Tutamail, Deepdotweb, CC Live, Free premium logs, iPhone 6s Carded, Cheap Electronics Carding, Black Marketplace, Cheap Bank Transfers, Carding Tools, Havij Hacking, India Hackers, Cheap Apple Carding 2020, PayPal Dumps Logs, Market Hackers, Fresh email logs, btc carding, amex cc, havij carding tutorial, shop credit card, visa cc, cheap shipping, alboraaq, underground forum, botnet, hacking programs, bitshacking, truehackers, cc stealer, how to get credit cards, dumps, pin, logs, email logs, hacking tools, hacking programs, carding tools, ccv checker, ccv balance checker, carding tutorials, mg transfer, wu transf, bank transfer, card clone, hacking stuff, card clone, the best hacking country, india hackers team, alboraaq scamming, pakistan hackers, wu transfer to nigeria, wu bug, wu transfer, iPhone carding shipping, hacking and carding forum, carding stuff, porn accounts, xxx passwords, xxx username and passwords, abh cc live, fresh smtp, hacking forum scam free smtp, ams spamming, spam paypal, caring, true carders, carding board, what is the best hacking forum, the best hacking forum, freedom to palestine, indian hackers team, spaming tools, ams fresh spaming, inbox spaming, the best carding forum, credit card dumps, free credit cards, carding forum, carders forum, wu transfer, western union transfer, hacked ccv, cc dumps, legit carders, altenen hackers, hacking tutorials, free porn acconts, paypal dumps, bank account login, alboraaq hackers, cheap apple items carded, market hackers, fraud market, perfectmoney stealer, platinum card, database dump, atn, how to card btc, free paypal logs, altenen, how to card bitcoins, bitcoin carding, fresh leads, proxy list, bitcoin wallet stealer, how to hack a bitcoin wallet, perfect money adder, hacking forum rip, carding board, western union transfer, carding 2020, carders 2020, carders forum 2020, carding forum 2020, hacking forum 2020, fraud market 2020, carding tutorials 2020, carding forum 2020, carders forum 2020, carding tutorials 2020, carders 2020, hackers forum 2020, hacking forum 2020, fraud market 2020, hacked wu 2020, carded iphone 2020, cardingf.com, altenen, altenen.com, alboraaq, alboraaq.com