Task 2: Create Custom Packets using Colasoft Packet Builder to Scan beyond IDS/Firewall

 

Task 2: Create Custom Packets using Colasoft Packet Builder to Scan beyond IDS/Firewall



Module 03: Scanning Networks

Task 2: Create Custom Packets using Colasoft Packet Builder to Scan beyond IDS/Firewall

Colasoft Packet Builder is a tool that allows you to create custom network packets to assess network security. 
You can also select a TCP packet from the provided templates and change the parameters in the decoder editor, hexadecimal
 editor, or ASCII editor to create a packet. In addition to building packets, the Colasoft Packet Builder supports saving 
packets to packet files and sending packets to the network.

scan past firewall 
scan past IDS

open wireshark
Z:\CEHv11 Module 03 Scanning Networks\Packet Crafting Tools\Colasoft Packet Builder
pktbuilder_2.0.0.212.exe.
Adapter 
When the Select Adapter window appears, check the Adapter settings and click OK.
Add
Add Packet dialog box, select the ARP Packet template, set Delta Time as 0.1 seconds, and click OK.
click Send
select the Burst Mode (no delay between packets) option, and then click Start.
Now, when this ARP packet is broadcasted in the network, the active machines receive the packet, and a few start responding
 with an ARP reply. To evaluate which machine is responding to the ARP packet, you need to observe packets captured
 by the Wireshark tool.
In the Wireshark window, click on the Filter field, 
arp 
enter
broadcasting ARP packets, prompting the target machines to reply to the message.

Colasoft Packet Builder is a tool that allows you to create custom network packets to assess network security. You can also select a TCP packet from the provided templates and change the parameters in the decoder editor, hexadecimal editor, or ASCII editor to create a packet. In addition to building packets, the Colasoft Packet Builder supports saving packets to packet files and sending packets to the network.

Here, we will use the Colasoft Packet Builder tool to create custom TCP packets to scan the target host by bypassing the IDS/firewall.

  1. Click Windows Server 2019 to switch to the Windows Server 2019 machine.

  2. Click Ctrl+Alt+Delete to activate the machine. By default, Administration user profile is selected, click Pa$$w0rd to paste the password in the Password field and press Enter to login.

    Alternatively, you can also click Pa$$w0rd under Windows Server 2019 machine thumbnail in the Resources pane or Click Type Text | Type Password button under Commands (thunder icon) menu.

    Networks screen appears, click Yes to allow your PC to be discoverable by other PCs and devices on the network.

    Screenshot

  3. In the Desktop, double-click Wireshark shortcut.

    Screenshot

  4. The Wireshark Network Analyzer main window appears; double-click the available ethernet or interface (here, Ethernet) to start the packet capture.

  5. Navigate to Z:\CEHv11 Module 03 Scanning Networks\Packet Crafting Tools\Colasoft Packet Builder and double-click pktbuilder_2.0.0.212.exe.

  6. Follow the wizard-driven installation steps to install Colasoft Packet Builder.

  7. After the completion of the installation, click on the Launch Colasoft Packet Builder 2.0 checkbox and click Finish.

    Screenshot

  8. The Colasoft Packet Builder GUI appears; click on the Adapter icon, as shown in the screenshot.

    If a pop-up appears, close the window.

    Screenshot

  9. When the Select Adapter window appears, check the Adapter settings and click OK.

    Screenshot

  10. To add or create a packet, click the Add icon in the Menu bar.

    Screenshot

  11. In the Add Packet dialog box, select the ARP Packet template, set Delta Time as 0.1 seconds, and click OK.

    Screenshot

  12. You can view the added packets list on the right-hand side of the window, under Packet List.

    Screenshot

  13. Colasoft Packet Builder allows you to edit the decoding information in the two editors, Decode Editor and Hex Editor, located in the left pane of the window.

    • The Decode Editor section allows you to edit the packet decoding information by double-clicking the item that you wish to decode.

    • Hex Editor displays the actual packet contents in raw hexadecimal value on the left and its ASCII equivalent on the right.

    cola.png

  14. To send the packet, click Send from the Menu bar.

    Screenshot

  15. In the Send Selected Packets window, select the Burst Mode (no delay between packets) option, and then click Start.

    Screenshot

  16. After the Progress bar completes, click Close.

    Screenshot

  17. Now, when this ARP packet is broadcasted in the network, the active machines receive the packet, and a few start responding with an ARP reply. To evaluate which machine is responding to the ARP packet, you need to observe packets captured by the Wireshark tool.

  18. In the Wireshark window, click on the Filter field, type arp and press Enter. The ARP packets will be displayed, as shown in the screenshot.

    Here, the host machine (10.10.10.19) is broadcasting ARP packets, prompting the target machines to reply to the message.

    Screenshot

  19. Switch back to the Colasoft Packet Builder window, to export the packet, click Export --> Selected Packets….

    Screenshot

  20. In the Save As window, select a destination folder in the Save in field, specify File name and Save as type, and click Save.

  21. This saved file can be used for future reference.

  22. This concludes the demonstration of creating a custom TCP packets to scan the target host by bypassing the IDS/firewall.

  23. Close all open windows and document all the acquired information.

Comments

Post a Comment

Popular posts from this blog

Lab 1: Perform S3 Bucket Enumeration using Various S3 Bucket Enumeration Tools

Image
Lab 1: Perform S3 Bucket Enumeration using Various S3 Bucket Enumeration Tools Lab Scenario As an ethical hacker, you must try to obtain as much information as possible about the target cloud environment using various enumeration tools. This lab will demonstrate various S3 bucket enumeration tools that can help you in extracting the list of publicly available S3 buckets. Lab Objectives Enumerate S3 buckets using lazys3 Enumerate S3 buckets using S3Scanner Overview of Enumeration Tools Enumeration tools are used to collect detailed information about target systems to exploit them. Information collected by S3 enumeration tools consists of a list of misconfigured S3 buckets that are available publicly. Attackers can exploit these buckets to gain unauthorized access to them. Moreover, they can modify, delete, and exfiltrate the bucket content. Task 1: Enumerate S3 Buckets using lazys3 lazys3 is a Ruby script tool that is used to brute-force AWS S3 buckets using different permutations. This...
Read more

Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools

Image
Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools Module 20: Cryptography Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools Task 1: Perform Cryptanalysis using CrypTool CrypTool is a freeware program that enables you to apply and analyze cryptographic mechanisms, and has the typical look and  feel of a modern Windows application. CrypTool includes a multitude of state-of-the-art cryptographic functions and allows you  to both learn and use cryptography within the same environment. CrypTool is a free, open-source e-learning application used in  the implementation and analysis of cryptographic algorithms. Here, we will use the CrypTool tool to perform cryptanalysis. refer to blog  little long --------------------------------------------------------------------------------------------------------------------------------------- Module 20: Cryptography Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools Task 2: Perform Cryptanalysis us...
Read more

Task 2: Perform OS Discovery using Nmap Script Engine (NSE)

Image
  Task 2: Perform OS Discovery using Nmap Script Engine (NSE) Module 03: Scanning Networks Lab 3: Perform OS Discovery Task 2: Perform OS Discovery using Nmap Script Engine (NSE) open zenmap nmap -A [Target IP Address]   = -A: to perform an aggressive scan. nmap -O [Target IP Address]   = -O: performs the OS discovery. nmap --script smb-os-discovery.nse [Target IP Address]   = --script: specifies the customized script and smb-os-discovery.nse: attempts to determine the OS, computer name, domain, workgroup, and current time over the SMB protocol (ports 445 or 139). end Nmap, along with Nmap Script Engine (NSE), can extract considerable valuable information from the target system. In addition to Nmap commands, NSE provides scripts that reveal all sorts of useful information from the target system. Using NSE, you may obtain information such as OS, computer name, domain name, forest name, NetBIOS computer name, NetBIOS domain name, workgroup, system time o...
Read more