Red vs Blue – Find Emails and Users

May 15, 2017May 16, 2017 / ineedchris / 1 Comment

This is the first in my series of Red Team attacks and Blue Team defenses. This first series of attacks and defenses will focus on Phishing attacks. Today phishing attacks are still the easiest and most effective way into a targets environment.

Objective: Gather public data from our target using various sources to discover email address, employees, usernames, websites, and other data that can be used to attack our target.

Purpose: Step 1 in a Red Team engagement is to use open source intelligence (OSINT) to collect data about your target from publicly available sources. We will use various tools and techniques to perform data gathering on our target.

The first tool we will use is called the Harvester.

We will use this tool to gather email accounts, domains, and employee names of our target. We will be using Kali Linux to run this tool.

Scan public information of your target using google.

root@kali:~# theharvester – yourtarget.com -b google

Scan public information of your target using Linkedin (this is one of my favorites as people tend to share way to much information on Linkedin about current roles, they also tend to keep it updated).

root@kali:~# theharvester – yourtarget.com -b linkedin

To scan using all searches use the all command.

root@kali:~# theharvester – yourtarget.com -b all

You should now hopefully have a nice database of email addresses and full names of people that work at your target. This tool may provide little to no results if your target has excellent security practices.

Wireshark Cheat Sheet

May 8, 2017 / ineedchris / Leave a comment

Display Filters

show only smtp port 25 and icmp —> tcp.port eq 25 or icmp

show specific ip address —> ip.addr == 10.43.54.65

Linux Performance Analysis

May 5, 2017 / ineedchris / Leave a comment

This guide is for use in investigating performance of Linux servers. The documentation is originally from Netflix performance team. http://brendangregg.com/linuxperf.html

You may need to install systat package to run some of these tools.

This list is from the Linux Performance Analysis in 60 Seconds.

uptime                     -----> View load averages on processor
dmesg | tail               -----> View last 10 system messages
vmstat 1                   -----> virtual memory statistics with 1sec int
mpstat -P ALL 1            -----> CPU time breakdown    
pidstat 1                  -----> Rolling summary of CPU performance 
iostat -xz 1               -----> I/O for disks
free -m                    -----> free memory, should not be near 0
sar -n DEV 1               -----> Check network interface performance
sar -n TCP,ETCP 1          -----> TCP metrics
top                        -----> Show running processes

Fierce

May 1, 2017May 1, 2017 / ineedchris / Leave a comment

Fierce is a semi-lightweight scanner that helps locate non-contiguous IP space and hostnames against specified domains. It’s really meant as a pre-cursor to nmap, unicornscan, nessus, nikto, etc, since all of those require that you already know what IP space you are looking for. This does not perform exploitation and does not scan the whole internet indiscriminately. It is meant specifically to locate likely targets both inside and outside a corporate network. Because it uses DNS primarily you will often find mis-configured networks that leak internal address space. That’s especially useful in targeted malware.

Fierce is built into Kali Linux

Fierce Usage

Basic Scanning Techniques

Open up help —> fierce -h

Scan a domain for zone transfer —> fierce -dns [domain name]

If the zone transfer is successful you will have a full list of all systems available on the domain.

Nikto

May 1, 2017 / ineedchris / Leave a comment

Nikto is an open source web server vulnerability scanner which performs a number of tests against web servers.

Nikto is part of Kali Linux but can be installed on various Linux operating systems.

To install Nikto

wget https://cirt.net/nikto/nikto–2.1.5.tar.gz

tar zxvf nikto–2.1.5.tar.gz

cd nikto–2.1.5

perl nikto.pl

or the easy way

sudo apt-get install nikto

Nikto Usage

Basic Scanning Techniques

Scan a single target —> nikto -h [target ip address]

Scan a single host with specified port —> nikto -h [target ip address] -p 443

Scan a host output results to text file —> nikto -h [target ip address] -o results.txt

	Onux Technologies on IP Network Design
	Chels on HOW TO Kali Linux Full Screen…
	Al on Hacking Challenges
	window.location="htt… on Hydra Cheat Sheet
	Oliver on HOW TO Kali Linux Full Screen…

Chris Nadeau

IT Professional & Life Long Learner of Computer Science

Month: May 2017