Capture Anyconnect vpn traffic in wireshark

To capture tunnel interface traffic we have to run following command on cmd of windows system. The cmd should be open using administrator privilege.

net stop npf
net start npf

vpn-pcap-1

After running above commands start wireshark you will start seeing tunnel interface under interface list.

vpn-pcap-2vpn-pcap-3

 

Advertisements
Posted in Wireshark | Leave a comment

Enable Telnet on Cisco AP

1> Go to exec mode:

AP>en
Password:

2> You need to go to configuration mode:
AP#debug capwap console cli
This command is meant only for debugging/troubleshooting
Any configuration change may result in different
behavior from centralized configuration.

CAPWAP console CLI allow/disallow debugging is on
AP#config t

3> Configure AAA on AP:
aaa new-model
aaa authentication login vty0 local
aaa authorization exec vty0 local

4> Enable telnet on line vty:
line vty 0
authorization exec vty0
login authentication vty0
transport input telnet

Posted in CISCO | Leave a comment

Python script to ping ip in a subnet

from commands import getoutput
from multiprocessing import Process
from sys import exit

class PING_SWEEP(object):

def pinger(self, host_num):
 """thread pinger function"""
 hostadrr = host.split('.')[:-1]#removes . from user input
 hostadrr = '.'.join(hostadrr) + '.' + repr(host_num) # adds . and last octet in the input
 line = getoutput("ping -n -c 2 %s 2> /dev/null" % hostadrr) # tries to ping to the ip address
 not_alive_host = []
 alive_host = []

if line.find(hostadrr) and line.find("bytes from") > -1: # Host Active
 alive_host.append(hostadrr)
 

if line.find(hostadrr) and line.find("Unreachable") > -1: # No response from host
 not_alive_host.append(hostadrr)

for x in range(len(not_alive_host)):
 print not_alive_host[x]

def ping_sweeper(self):
 for host_num in range(1, 254):
 ping = Process(target=self.pinger, args=(host_num,))
 ping.start()

if __name__ == '__main__':
 try:
 host=raw_input("Enter subnet you want to ping [valid input is 10.127.196.0]: ")
 PING_SWEEP().ping_sweeper()
 except KeyboardInterrupt:
 pass

Posted in Python | Leave a comment

Remove trailing space from all line of a file using powershell

We can use following script to remove space at the end of each line in a file with the help of powershell script.

$InputFile = 'C:\Users\user\Desktop\1.txt'

write-host "removing trailing space.. of file $InputFile"

$content = Get-Content $InputFile
 $content | Foreach {$_.TrimEnd()} | Set-Content newfile.txt

write-host ""
 write-host "Done!"
Posted in Other | Leave a comment

Python script to print all hyper links on a URL

We can use this script to find all hyper links on a web page. This script can be used in reconnaissance.

import urllib2
import re
import sys
#connect to a URL
url= str(sys.argv[1])
website = urllib2.urlopen(url)

#read html code
html = website.read()
print type(html)
#use re.findall to get all the links
links = re.findall('"((http|ftp)s?://.*?)"',html)
for l in links:
 print l

Usage:

python searchlinks.py https://detailed.wordpress.com

 

Posted in Python | Leave a comment

Reconnaissance

There are lot of tool to perform reconnaissance:

nmap
arping

arping:

This command send arp request packet to a host and if a reply comes then we can say that that host is alive. This command can be useful to find out host in local LAN.

arping -c 4 192.186.0.1

 

NMAP:

nmap -n -sn 192.168.0.1

This command will try to find out if host is up or not it uses icmp echo request, echo reply, arp request , tcp syn on port 443, 80.

How to scan a single host:

nmap x.x.x.x

This command will scan a single host for tcp ports

How to scan a range of hosts:

nmap x.x.x.x-y

How to scan a subnet:

nmap x.x.x.x/24

Scan host from a file:

nmap -iL name_of_file.txt

Scan a specific port:

nmap -p 22 x.x.x.x

Scan a range of port:

nmap -p 1-100 x.x.x.x

How to find out what all cipher suites are supported by a server:

nmap -sT -PN -p 443 -n --script ssl-enum-ciphers.nse nmap.org

How to scan for TCP or UDP port:

nmap -p U:53 192.168.1.1
nmap -p T:80 192.168.1.1

How to perform nmap scan without dns resolution:

nmap -n 192.168.3.137
-n option tells nmap to not to do dns resolution.

How to find out version of services:

nmap -n -sV 192.168.0.115

How to find out OS version of host:

 nmap -n -O 192.168.0.115

How to tell nmap not to do ping scan:

nmap -n -Pn -O 192.168.0.115

How to tell nmap to perform tcp 3 way handshake:

 nmap -n -sT -p 80 192.168.0.115

How to detect any firewall on target system:

nmap -p 80,443 –script=http-waf-fingerprint <site-address>
nmap -p 80,443 –script=http-waf-detect <site-address>
wafw00f <site-address>

Posted in OSCP | Leave a comment

How to resolve in Linux

While running commands with the help of sudo if you are getting following error the you have to add that user to sudo group :

is not in the sudoers file. This incident will be reported
adduser <username> sudo

 

Posted in Linux | Leave a comment