wireshark

Today i'm going to talk about how to use wireshark to actually see what is data is passing and see what inside the data. before i start to explain how to use it this method is not entirely come from me. I actually watch a tutorial in Youtube i will give you the actual link to the video. You can check it at the bottom of the page.

Wireshark is a tool to see a traffic around your network what kind of data and what kind protocol that are use in the network around you or we can say wireshark as packet analyzer. Wireshark is avaliable in linux, windows and mac os you can actuall just download it and install it in this link https://www.wireshark.org/download.html

 Before we start to open wireshark i recommend that you can actually set your homepage to a blank page because if you set the browser to a specific homepage your wireshark will actually listen to the packet traffic and it's going to overwhelm you. I use iceweasel to configure the homepage go to the preference and set the homepage to blank page.

After your open your browser. now open your wireshark

 Apply the interface list at your wireshark and choose that is actually have data moving through the network

Browse www.httprecipes.com it's a website that is design to actually test wireshark in your computer. 

Now the wireshark start to capture the traffic that is actually flow at your network. Now we only interesting finding the http packet you can actually do that by filtering the packet with the column that have been provided or go to the  display filter and type http.

After you done the filtering we can actually determine what kind of server that are use in the website

As you can see the server is use apache server 2.2.26

now as i mention at first we can actually know what data inside the cookies that is have been passing and grabbing password using wireshark

pretty simple

for cookies go to the :http://www.httprecipes.com/1/2/cookies.php

  

i try to enter two cookies in the website first one is williamsiscool and williamsiscool2.and when i try to run the wireshark filter the http packet and find the cookies 

well as you can see i can actually see the cookies that is actually pass at the webpage.

now move one to the grabbing password

go to the:http://www.httprecipes.com/1/2/forms.php

 i try to fill the user id section with "guest" and "guest123". now see your wireshark and filter the http and search for POST because in sql when we pass data. we can actually use GET and POST method

 now you see there are bunch code ish at the lower section. that is actually encoded by POST method but you can solve this by go to display and click follow and choose tcp stream and you can see the data of the password and the user id

Well thats all that i can explain at this entry you can actually go to the source of tutorial video that i watched: https://www.youtube.com/watch?v=NHLTa29iovU

so if you have any critics or question you can comment at my blog  and i open to any sharing about hacking stuff

have a lovely day ^_^

VMWARE

first entry.
So today i decided to do some exercise lab with Vmware. Vmware is a virtual machine that can make you computer to run multiple OS in a single computer.
I encourage you too download this Vmware because it's easy to install and it can run in linux and windows user (and i'm not so sure about mac).

in Vmware i have already installed 2 operating system which is the newest version of Kalilinux and windows server 2012 R2.

 In the Vmware there are many settings you can choose in term of connection of the virtual machine there are NAT mode , Bridge Network and also the Host Only.

Lets explore the Bridge connection first.

i open my windows server 2012 and set up the connection bridge connection and type "ipconfig" at my command

As you can see at the picture the ip address is automatically set at your computer.lets try to ping and browse a website

It run successfully.

Continue to NAT connection

i change my connection from bridge to NAT mode
and lets see what happen to the address

and i test connection and browse a homepage

 it also work succesfully
i wonder why the address of the NAT is change
well there is explanation for that.

in bridge networking connection:your host computer will share the connection with the Vmware and every OS or everyone in your connection can interact with you

in NAT mode: your host computer is acting as a gateway(network point that acts as an entrance to another network) well sadly everyone on the network cannot see or interact with you because it's in different network.


Now lets change the connection into Host Only mode

 As you can see the address is change again
now lets assign the new ip address to this connection (131.107.8.100)

 But unfortunately when i try to browse a homepage it's failed

Why this is happen?
let me explain

Host only networking:is only useful if you want to set up a personal or private virtual network. in this connection any virtual machine can connect to each other

Now lets move one to kalilinux open your kalilinux machine

and try to find the ip address by clicking the terminal and type "ifconfig"

now lets try to ping and browse a home page

it's successfully done.

 setup your Kali Linux with fixed IP address of 131.107.8.200
it's pretty easy you just go to the connection profile and add new profile

 and now open Windows 2012 Server and use the fixed IP address of 131.107.8.100 (as you can see at the previous step i already assign the ip address)

now lets ping from windows server to kali linux

it's successfully ping and now lets try to ping kali linux to windows server

uh-oh what is this i can't ping the windows server
well it's because i wasn't turn off the firewall so make sure to turn off the firewall of the windows server if you want to ping successfully. why? because if the firewall is on the server is set to ignore ping requests

it's easy you just can go to the search the bar and type "windows firewall" and turn off the firewall.

after i turn off the firewall lets try to ping it again.

well now i can ping the windows server.

Thank you and have a lovely day ^_^