(2) untHunt with an intuitive order tracking and session recording function, which is published in the format tar.gz, file download, you first need to extract.
After running the Hunt, initiates a very intuitive menu interface is as follows:---MainMenu---rcvpkt0, free/alloc63/64------l/w/r) list/watch/resetconnectionsu) hostuptestsa) arp/simplehijack (avoidsackstormifarpused) s) simpleijackd) daemonsrst/arp/snif/maco) optionsx) exit * > w0) 192.168.0.1 [1049]--> 192.168.0.2 [23] chooseconn > 0dump [s] [d] rc/st/[b] oth [b] > b Note: the above input (black font) indicates the hunt to record 0, connection, and the output of the source and destination information, the hunt will activity information to the terminal screen. You can see, the output of the hunt is very intuitive and easy to read. Hunt also provides the following tools: allows you to specify any one interested in connections, instead of logging all things; allows you to specify any of the connection, and not only to the connection SYN has just begun; provide active session hijacking. (3) Linsniferlinsniffer is a simple and practical sniffer. Its main function is to capture the user name and password. Software after downloading, use the following commands to compile and run linsniffer: $ cclinsniffer.c-olinsnifer $ linsnifer startup linsniffer will create an empty file: tcp.log to store the results of the sniffer. In tests I create a user name, password cndes 123456. And then use that user to log on to the Linux server, and some common user actions. This is a typical user operations. Here, we look at the results of sniffer linsniffer: gnss = > linux.test.net [21] USERcndesPASS123456SYSTPORT172, 16, 0, 1, 4, 192LIST-alPORT172, 16, 0, 1, 4, 193LISTPORT172, 16, 0, 1, 4, 194LIST-CWDlgPORT172, 16, 0, 1, 4, 195LIST-output is very intuitive. We can analyze the following: first, it records to a Linux host FTP connection: gnss = > linux.test.net [21]. Linsniffer captures then the user name and password. Finally, use the cndes linsniffer records of each command. The output is very clear, very suitable for eavesdropping password and record common activities. However, this software is not very suitable for the more complex analysis. (4) provide relative Linux-sni linux_sniffer more sophisticated detection results. First, use the following command to compile linux_snifer $ cclinux_sniffer.c-olinuxsnif linux_sniffer records below is a telnet session: GNSS2 # telnet192.168.0.1Connectedto192.168.0.1.login: cndespassword: cndes @ linux2 cndes] $ w19: 55: 29up58min, 4users, loadaverage: 0.00, 0.00, 0.00USERTTYFROM LOGIN @ IDLEJCPUPCPUWATroottty17: 44pm27.00s0.17s0.06s-basroottty27: 46pm1: 560.24s0.01slinuxsnifroottty37: 44pm10: 430.17s0.07s-bascndesttyp0gnss7: 55pm1.00s0.26s0.04swcndes @ linux2 cndes] $ woroottty1May2019: 44roottty2May2019: 46roottty3May2019: 44cndesttyp0May2019: 55 (gnss) cndes @ linux2 cndes] $ finger-lLogin: rootName: rootDirectory:/rootShell:/bin/basOnsinceThuMay2019: 44 (PDT) ontty135secondsidleOnsinceThuMay2019: 46 (PDT) ontty22minutes4secondsidleOnsinceThuMay2019: 44 (PDT) ontty310minutes51secondsidleNomail.NoPlan.Login: cndesName: CalderaOpenLinuxUserDirectory:/home/cndesShell:/bin/basOnsinceThuMay2019: 55 (PDT) onttyp0fromgnssNomail.NoPlan. (5) EttercapEttercap is a LAN network monitoring, interception and recording tools, support for multiple active or passive protocol analysis, and data insertion, filtration, stay connected to sync, and other functions, as well as a support for a variety of sniffer mode suite, to check whether the Internet is a switched local area network, and be able to use Active or passive OS fingerprinting technology, allowing a local attacker to fully understand the current situation in local area network. (6) DSni DSniff is developed by DugSong one network audits, tests and sniffer software suite, of which, dsniff, filesnarf, mailsnarf, msgsnarf, webspy rlsnarf and can be used to monitor the network the data we are interested in, such as password, e-mail, documents, etc. Arpspoof, dnsspoof and macof you can easily load through to an attacker usually difficult to obtain network information, such as the second floor of the Exchange data. (7) EtherealEthereal is a free network protocol Analyzer, supports Unix, Windows. With this program, we can grab the data from the network for analysis, or other sniffers grab data for analysis, see each packet in the summary and detailed information. Ethereal has many powerful features, such as support for almost all of the protocols, rich filtering language, easy-to-view TCP session data flow through the refactored. (8) snifitsniffit is a TCP/IP/ICMP protocol datagrams listener, it gives these protocol datagrams of detailed technical information and monitoring conditions of datagrams in various formats. Sniffit can be easily configured to achieve access to filtering of data reported. The profile allows very sure to specify the data need to be addressed. By default, the sniffit can handle Ethernet and PPP device, can also be used in other devices. Because the Linux system by sniffer's excellent features and powerful destruction, therefore, an endless stream of new software, and the improvement of various excellent software version or Edition also emerging, readers can actually use a lot in the collection. 3. intrusion detection system attacks and password cracking (1) CrackCrack is cracked software welcom to crack the password of the well-known UNIX tools, has now become a check network password weakness of industry standards. It is written by alecd.e.muffett work principle is very simple. We know that the encrypted password will not be solved, this is because the encryption algorithm is not reversible. Therefore, the General password is the password through the generation of intrusion by encrypting the password to match the original password, or plaintext directly from online intercepts the password. Crack program contains several very large dictionary library, to break it in accordance with certain rules the word combination, and then to encrypt, and to break the encryption password match. In use, if the password file is very small, time and resources are not a problem, but if the password file is relatively large, you can take a very long time and consume considerable resources. (2) the software and DSniff Fragroute come from a family, this tool development of purported to testing intrusion detection systems, firewalls, basic TCP/IP stack behavior, therefore, it is a destructive intrusion detection system, a powerful tool. In addition, it also has the ability to intercept, modify, and override the send packet to achieve most of IDS attack capabilities. Fragroute has one simple rule-set language, it can realize the delayed, copying, dropping, fragmentation, duplication, printing and reflow, segmentation, source routing or some other host sends packets to the target of attack. (3) JohntheRipperJohntheRipper is a very powerful, flexible, and fast multi-platform password hash, which breaking device design's primary purpose is to check for weak passwords with Unix systems, supporting almost all UNIX platforms through the crypt function encrypted password hash types, also supports KerberosAFS and WindowsNT/2000/XPLM hash etc.
No comments:
Post a Comment