Cyber Research
KALI LINUX AND RDP
Installing Kali Linux app on a windows10 desktop and allowing remote permissions.
A VPN is active. Make sure Windows is up to date.
This screenshot shows me installing the traditional Kali Linux GUI.
More Powershell code was required before this.
sudo service xrdp start ## this command is then used to start the remote desktop protocol server.
I had trouble rdp from parallels on my mac. I'll be looking into this.
Now we can use our IP address to remote into the Kali GUI.
Open up Windows Remote Desktop Connection and enter the remote server IP.
We are then prompted by the kali logo and a login. We then enter in the credentials created earlier when setting up the RDP
A Remote desktop is much more secure while pen-testing, using RSA's RD4 encryption on all data that is transmitted to and from the local and remote desktop.
Remote desktop also allows for many vulnerabilities. A strong password is crucial.
"Braholli88&&" will take about 3 weeks to crack.
While something such as "a small k1tten with a g1ant orange hat" would take years.
To test the RDP server I downloaded the harvester, a reconnaissance tool that uses effective python scripts.
While pentesting, manipulating your attacks and their frequency is extremely important.
RDP is one of the most used services across desktop support. It is attacked frequently.
DOWNLOADING SHERLOCK
I was running into an error when downloading sherlock for the first time. That error returned: "bash: git: command not found".
I soon figured out that I needed to install git in order to download sherlock. Noob moment.
I soon install sherlock and ran into another error when trying to run command that would install python scripts into sherlock. "no module named pip"
My fix to this error was "sudo apt-get install python3-pip".
After running into a few errors I decided to search myself of course.
I noticed that my RDP sherlock was running much slower than when I had ran it on my VM. The results were also shockingly different in results of accounts populated.
Im also running a VPN. Maybe that's the reason I'm running so slow?
PHONEINFOGA & DOCKER
PhoneInfoga is a powerful reconnaissance program used to scan international phone numbers.
When installing, I ran into an error stating I didn't have docker. I Sudo -downloaded docker in order to fix this issue.
I then ran a test using my phone number of course to test that it was functional using the command: "sudo docker run -it sundowndev/phoneinfoga scan -n 1330327xxxx"
Only 2 of the scanners succeeded. Leaving out info such as my zip code, what carrier, and whether it was a cell or landline.
It was great to see that my phone carrier could deflect a phoneinfoga search.
Using WireShark to TS Internet Issues
Wireshark is a powerful network analysis tool that can help you troubleshoot internet problems by capturing and analyzing network traffic. Here are the basic steps to follow when troubleshooting a network.
Launch Wireshark and start capturing packets. To capture packets, select the network interface that you want to monitor and click on the "Start" button. You can then filter the packets to focus on the traffic that you are interested in.
Reproduce the problem that you are experiencing. Once you have started capturing packets, perform the action that is causing the internet problem that you are experiencing. For example, if you are having trouble accessing a website, try to access that website while Wireshark is capturing packets.
Analyze the captured packets. After you have reproduced the problem, stop the packet capture in Wireshark and analyze the captured packets. Look for any anomalies, errors, or unexpected behavior in the packets, such as HTTP error codes, DNS resolution failures, or unusual traffic patterns.
Use the information gathered to troubleshoot the problem. Based on your analysis of the captured packets, you can identify potential causes of the internet problem and take appropriate steps to resolve it. For example, if you notice DNS resolution failures, you may need to check your DNS settings or contact your ISP for assistance.
Common WireShark Filters
There are many different Wireshark filters that you can use to focus on specific types of network traffic or packets. Here are some of the most common Wireshark filters:
IP address filter: Filters packets based on the source or destination IP address. For example, you can use "ip.addr == 192.168.0.1" to filter packets that are either sent from or to the IP address 192.168.0.1.
Protocol filter: Filters packets based on the protocol used, such as TCP, UDP, or HTTP. For example, you can use "tcp" to filter packets that use the TCP protocol.
Port filter: Filters packets based on the source or destination port number. For example, you can use "tcp.port == 80" to filter packets that are sent or received on port 80, which is the default port for HTTP.
Display filter: Filters packets based on specific keywords or patterns in the packet payload or header. For example, you can use "http" to filter packets that contain HTTP traffic, or "dns.qry.name contains google" to filter packets that contain DNS queries for the word "google".
Time filter: Filters packets based on the time they were captured or sent. For example, you can use "frame.time >= '2022-02-01 09:00:00'" to filter packets that were captured after 9:00 AM on February 1st, 2022.
These are just a few examples of the most common Wireshark filters. There are many other filters that you can use to focus on specific types of network traffic, protocols, or packets. Wireshark offers a wide range of filter options, and you can combine multiple filters to create more complex filtering rules.
WireShark Color Coating
Black: Packets that are not selected or highlighted.
Blue: Packets that are part of an ongoing TCP conversation. This includes the SYN, SYN-ACK, and ACK packets used to establish a TCP connection, as well as the data packets sent between the client and server.
Green: Packets that are part of an ongoing UDP conversation.
Light blue: Packets that are part of a DNS query or response.
Red: Packets that contain errors, such as checksum errors or malformed packets.
Yellow: Packets that have been marked by a user as interesting or suspicious.
Purple: Packets that are part of a GnuTLS session.
Dark blue: Packets that are part of an SSL/TLS session.
Gray: Packets that are filtered out by the display filter.