Sabtu, 16 April 2016

Wireshark

Wireshark is a free and open source packet analyzer and used for network troubleshooting, analysis, software and communications protocol development, and education. It is used to see what happen to the packet that we send and receive to and from the target host.

To open the wireshark, turn on your Kali Linux and go to application > 09 - Sniffing and Spoofing > Wireshark.


When you open your Wireshark, it will look like this.

Wireshark

It will show error message but just click ok to continue. There are eth0, any,Loopback: lo, bluetooth0, nflog, nfqueue, usbmon1 and usbmon2. To see the packet info, double click on eth0 (because my connection is on eth0) and it will show like this.


If you want it to run, you must do internet communication thing, like browsing, using terminal or other. For my example, i use terminal and do ping detik.com.

ping detik.com

The result become like this.

Result ping detik.com in wireshark

Now wireshark fills with information of your packet sends to detik.com. If you want to stop the capture, press the stop button.

button for stop capturing packets

Now it's done capturing packet and you can see some information there. One of the example is ICMP info that says "echo (ping) request" means we send packet to the host.

For another example, i use nmap to my laptop as the target.


And the result in wireshark is like this.




You can see there are some red lines and there is "[RST]" means we cancel our communication. But for second picture, there are lots of [RST, ACK]. It means the port is close. For the example, i choose this one.


From this one, it says 22 -> 54295 [RST, ACK] means it sends the RST, ACK packet back to me because the port is closed. If you not sure about that, see again list of my open port below when i use nmap to target my laptop.

Here i give you a video to learn more about wireshark (windows version)



Reference:

Download:
Diposting oleh di Tidak ada komentar:

Minggu, 03 April 2016

Utilizing Search Engine

In general, when we search any information, we usually use google. Maybe others using bing, yahoo or any search engine. But when we search for hacking, we will search with different method. But sometimes when you search for an information, can you ensure that the website or a file that you need to download is safe?

To prevent you from anything that can harm your computer, you need to know is it safe or no. Using virustotal.com, metadefender.com and malwaredomainlist.com, you can know is any site you visit or any file you download is save or no.


This is what virustotal.com looks like. Usually virustotal used for checking if any website is safe or no, check if any file you download is safe or no with max upload 128 MB and check the ip address information.

For example, i search "spesifikasi hp xiaomi mi4, kelebihan dan kekurangannya" and copy that link to virustotal.


virustotal then will analyze the link that i give and give the result like this.



The result shows that the link is safe from any virus. If you can see, below the information there is list of URL scanner and the result. 


Also there is additional information like website category, IP address resolution, HTTP response code and so on.


This is what metadefender.com looks like. Metadefender has similar function like virustotal, but metadefender has "LOOK UP A HASH" which is use for detecting is the has if the hash has been compromised and "SCAN AN IP ADDRESS" which check if the ip address is already compromised or no. For metadefender i will focus at the hash.

For example i put d131dd02c5e6eec4 693d9a0698aff95c 2fcab58712467eab 4004583eb8fb7f89 (MD5) and check is it compromised or no.


The result shows that the MD5 is not compromised, means that hash is safe.


You can try using SHA1 or SHA256, but i only use MD5 for this example.


This is what malwaredomainlist.com looks like. Malwaredomainlist used for checking any ip address, is it dangerous or no. Also if you want to check is website you want to visit is dangerous or no, you can search through it and if it showing the website you enter it means the website is dangerous to visit.

You can see the list of domain that is dangerous. Also you can try to search any domain that you think it's dangerous.


I try to use a save link because i kinda afraid to use dangerous link 


And this is the result if the link is safe. And again, i kinda afraid to use dangerous link.



Sometimes you might want to visit any website or government website and suddenly you get something like this.

hacked website

It means that the website you visit have been hacked by someone and we can see that the website is hacked by wlingigetar.

If you want to know what website is hacked, you can use google to do "Google Hacking". "Google hacking is the use of a search engine, such as Google, to locate a security vulnerability on the Internet." (searchsecurity.techtarget.com). 

When you try to do Google Hacking, for example using site:.go.id "hacked by", it will show some website that using .go.id that hacked by hacker.

some hacked website list

To sum up, everything that you think is save is not 100% save and always check if you have a doubt about the website you want to visit.

Reference link:
https://en.wikipedia.org/wiki/Google_hacking
http://searchsecurity.techtarget.com/definition/Google-hacking
https://www.ethicalhacker.net/features/book-reviews/google-hacking-ten-simple-security-searches-that-work
Diposting oleh di Tidak ada komentar:
Langganan: Postingan (Atom)