Ethical Hacking and Penetration Testing Guide
Yüklə 22,44 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Introduction
|
Conclusion
In this chapter, we talked about various methods that can be used for a vulnerability assess- ment. We then took a look at one of the best automated tools for vulnerability assessment, that is, Nessus. We discussed what methods and plug-ins to use in what situations and what could be helpful in bypassing firewalls and other protection mechanisms. Last but not least, we discussed using vulnerability and exploit databases to search for vulnerabilities that are often not present in Metasploit or identified by Nessus. 139 Chapter 6 Network Sniffing In this chapter, we will talk about various techniques used to sniff traffic across a network. In order to fully understand this chapter, I would recommend you to spend some time reading about how TCP / IP works. A majority of the techniques we will discuss in this chapter would work only on the local area network and not across the Internet. So the target needs to be on the same local area network for our attacks to work. These attacks are really helpful when you are performing internal penetration tests. The only way to make them work remotely is by com- promising a host remotely and then using that compromised host to sniff traffic on its local network, but this is not discussed in this chapter as all this is a part of the postexploition phase (Chapter 9), where we will learn different techniques to discover and evade internal networks. Sniffing can be performed on both wired and wireless networks. Wired networks would be what we will discuss in this chapter. The main goal of this chapter is to familiarize the reader with the following topics: ◾ Hubs and switches and how they distribute traffic ◾ ARP protocol flaws ◾ Different types of man-in-the-middle (MITM) attacks ◾ Different tools that can be used to sniff traffic ◾ DNS spoofing by using an MITM attack Introduction Network sniffing, aka eavesdropping, is a type of attack where an attacker captures the packets across a wire or across air (wireless connection). The main goal is to capture unencrypted creden- tials across the network. The common target protocols include FTP, HTTP, and SMTP. The best way to protect against sniffing attacks is to use protocols that support encrypted com- munication. Therefore, even if an attacker is able to capture the traffic, he will not be able to use it as it would be encrypted. However, with extra effort, we can also sniff traffic from protocols that use encrypted communications, as discussed later in this chapter. |