I spend 8 weeks on IT security. Here’s my notes.
Jul 26, 2017 · 4 min read
Main learning right up front: Little is as fascinating as tech security. Especially breaching it. I want to share the remarks I made on different topics ranging from just general overviews in a certain field to specific terminal commands and attack procedures.

Procedures
Mapping a local network
- arp -a → Displays all devices which where recently connected to LAN (Alternative 1: nmap -sP 192.168.0.1–254 → Ping Sweep network from 1–254 with NMAP // Alternative 2: nmap 192.168.1.0/24 → Ping Sweep entired Subnet // Alternative 3 nmap -sP -PT80 192.168.0.1–30 → Ping Sweep if network has blocked ICMP via TCP 80 Request)
- nmap 192.168.1.157 → Show open ports on victim device
- sudo nmap -O — osscan-guess 192.168.1.157 → Detect OS of device
Package Injection
Only Kali Linux + airmon-ng
- airmon-ng → See current wlan adapters (doesn’t work on Mac OS X)
- ifconfig wlan2 down → Take down wireless adapter to put it into monitor mode afterwards
- airmon-ng start wlan2 → Starting adapter in monitor mode
- Adapter will create a new interface ‘mon0’ for packet injection
- aireplay-ng -9 mon0 → Testing how well packets are injected into AP, that are detected by ‘mon0’
- See result in % of how many packages were injected into which AP
DNS Spoofing
Setting up a DNS Spoofing Server on ec2 Instance (Detailed tutorial):
- yum install dnsmasq → Install dnsmasq on ec2 instance
- nano /etc/dnsmasq.conf → edit dnsmasq settings
- no-dhcp-interface= [ ENTER LINE BREAK ] server=8.8.8.8 [ ENTER LINE BREAK ] no-hosts [ ENTER LINE BREAK ] addn-hosts=/etc/dnsmasq.hosts → add these four lines (with line breaks!) at the very top of dnsmasq.conf
- nano /etc/dnsmasq.hosts → Create or Open file with spoofed domains (doesn’t exist directly after install
- 54.77.172.205 www.facebook.com facebook.com → Add IP of fake / own content and the domain, that will be spoofed to dnsmasq.hosts
- killall dnsmasq → To stop dnsmasq (if it is not running, you’ll get an error saying “dnsmasq: no process found”, that is fine
- dnsmasq — no-daemon — log-queries → To start dnsmasq
- Change local DNS Settings on computer to IP addresss of ec2 instance
- Check if dns Requests are still getting resolved to the websites and show up in the dnsmasq log in the ec2 Terminal window
- nano /etc/httpd/conf httpd.conf → To edit apache server settings: <VirtualHost *:80>[ ENTER LINE BREAK ] DocumentRoot “/var/www/html” [ ENTER LINE BREAK ] ServerName facebook.com [ ENTER LINE BREAK ]</VirtualHost> → Add virtual server with domain that’s will be spoofed at the very end of httpd.conf (below <VirtualHost *:80> section
- service httpd restart → Restart Apache Server
- Check in browser if spoofed Domain is redirected to fake / own website
Grabbing IP-address of a user (Link):
- Have a web server, whose access log you control, up and running.
- Send your chat partner a unique hyperlink pointing to that web server, have them click the link. For example: http://yourdomain.com/JohnDoe.html (the web page does not have to exist, throwing a 404 is fine).
- Check your web server’s access log to get the IP address of requests to /JohnDoe.html.
- You have your conversation partner’s IP address.
Terminal Tools
- Aircrack-ng → http://www.aircrack-ng.org (Aircrack-ng suite has limited OS X support, but the following works: aircrack-ng, packetforge-ng, ivstools, makeivs)
- KisMAC → GUI sniffer/scanner application for Mac OS X → http://kismac-ng.org/
- tshark
- mdk3 → only works on linux
- Driftnet
- Arpsoof → Intercept Packets on a switched LAN
- urlsnarf → Returns all visited urls visited by victim IP in CLF Format
- nmap
Terminal Commands:
- arp -a → Displays all devices on local network
- sudo airport en0 sniff 11 → Starts sniffing on channel 11
- tcpdump -vr /tmp/nameOfReturnedFile.cap → Opens file with sniffed traffic
- airport -s → Returns all available APs with SSID, BSSID, RSSI, CHANNEL and security
- sudo ifconfig en0 down → turns airport off
- sudo ifconfig en0 up → turns airport on
- ifconfig en0 | grep ether → get MAC Address of Mac Airport
- openssl rand -hex 6 | sed ‘s/\(..\)/\1:/g; s/.$//’ → create random MAC Address
- sudo ifconfig en0 ether d4:33:a3:ed:f2:12 → change MAC Address
- sudo sysctl -w net.inet.ip.forwarding=1 → Activate Package Forwarding
- urlsnarf -i en0 → returns all visited urls in CLF format
- diskutil list → List all drives (Internal and external)
- diskutil unmount /dev/disk1 → unmounts external drive
- diskutil unmountdisk /dev/disk1 → unmounts external partitioned drive
Attack Types
- arc spoofing
- SYN-Flood
- Wifi DoS Attack in LAN (Tutorial)
- dnsspoof
- HID Keyboard Attack → Human Interface Device Attack
- Man in the Middle Attack (Tutorial): dsniff (Explenation) → “dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data”
Conferences
- SHMOOCON → http://www.shmoocon.org
- DEFCON → https://www.defcon.org
- THOTCON → http://thotcon.org
Podcasts
- Gipson Research Corporation: https://www.grc.com/SecurityNow.htm
Forums
Websites
- http://news.hitb.org/ → Computer Security News-Website
- http://hacking.spoonfed.org
- https://www.macports.org → easily download and install terminal software
Tools:
- SNORT → https://www.snort.org “It is an open source intrusion prevention system capable of real-time traffic analysis and packet logging.”
Equipment
- Hak5 Shop: Link
Groups
Hosting
- Private / Anonyme Hosting: http://princevps.com
