Task 3: Create Custom UDP and TCP Packets using Hping3 to Scan beyond IDS/Firewall

 

Task 3: Create Custom UDP and TCP Packets using Hping3 to Scan beyond IDS/Firewall



Module 03: Scanning Networks

Task 3: Create Custom UDP and TCP Packets using Hping3 to Scan beyond IDS/Firewall

Hping3 is a scriptable program that uses the TCL language, whereby packets can be received and sent via a binary or string representation describing the packets.

hping3 [Target IP Address] --udp --rand-source --data 500
Here, --udp specifies sending the UDP packets to the target host, --rand-source enables the random source mode and --data specifies the packet body size.
have wireshark open
go to actaul steps for more info




Hping3 is a scriptable program that uses the TCL language, whereby packets can be received and sent via a binary or string representation describing the packets.

Here, we will use Hping3 to create custom UDP and TCP packets to evade the IDS/firewall in the target network.

Before beginning this task, ensure that the Windows Defender Firewall in the Windows 10 machine is enabled.

  1. Click Windows 10 to switch to the Windows 10 machine.

  2. Navigate to the Desktop, double-click Wireshark shortcut.

    Screenshot

  3. The Wireshark Network Analyzer window appears, double-click the available ethernet or interface (here, Ethernet2) to start the packet capture.

    Screenshot

  4. Click Parrot Security to switch to the Parrot Security machine.

  5. Click the MATE Terminal icon in the top-left corner of the Desktop window to open a Terminal window.

    233.jpg

  6. Parrot Terminal window appears. In the terminal window, type sudo su and press Enter to run the programs as a root user.

  7. In the [sudo] password for attacker field, type toor as a password and press Enter.

    The password that you type will not be visible.

  8. Now, type cd and press Enter to jump to the root directory.

    Screenshot

  9. Parrot Terminal window appears, type hping3 [Target IP Address] --udp --rand-source --data 500 (here, the target machine is Windows 10 [10.10.10.10]) and press Enter.

    Here, --udp specifies sending the UDP packets to the target host, --rand-source enables the random source mode and --data specifies the packet body size.

    Screenshot

  10. Now, click Windows 10 to switch to the Windows 10 machine and observe the random UDP packets captured by Wireshark.

    You can double-click any UDP packet and observe the detail.

  11. Expand the Data node in the Packet Details pane and observe the size of Data and its Length (the length is the same as the size of the packet body that we specified in Hping3 command, i.e., 500).

    2020-08-28_11-05-47.jpg

  12. Click Parrot Security to switch to the Parrot Security machine. In the Parrot Terminal window, first press Control+C and type hping3 -S [Target IP Address] -p 80 -c 5 (here, target IP address is 10.10.10.10), and then press Enter.

    Here, -S specifies the TCP SYN request on the target machine, -p specifies assigning the port to send the traffic, and -c is the count of the packets sent to the target machine.

  13. In the result, it is indicated that five packets were sent and received through port 80.

    Screenshot

  14. Now, click Windows 10 to switch to the target machine (i.e., Windows 10) and observe the TCP packets captured via Wireshark.

    Screenshot

  15. Click Parrot Security to switch to the Parrot Security machine and try to flood the target machine (here, Windows 10) with TCP packets.

  16. In the Parrot Terminal window, type hping3 [Target IP Address] --flood (here, target IP address is 10.10.10.10) and press Enter.

    --flood: performs the TCP flooding.

  17. Once you flood traffic to the target machine, it will respond in the hping3 terminal.

    Screenshot

  18. Click Windows 10 to switch to the Windows 10 (target machine) and stop the packet capture in the Wireshark window after a while by click Stop Capturing Packets icon in the toolbar.

  19. Observe the Wireshark window, which displays the TCP packet flooding from the host machine.

    You can double-click the TCP packet stream to observe the TCP packet information.

    Screenshot

  20. The TCP packet stream displays the complete information of TCP packets such as the source and destination of the captured packet, source port, destination port, etc.

    Screenshot

  21. This concludes the demonstration of evading the IDS and firewall using various evasion techniques in Hping3.

  22. Close all open windows and document all the acquired information.

Comments

Post a Comment

Popular posts from this blog

Lab 1: Perform S3 Bucket Enumeration using Various S3 Bucket Enumeration Tools

Image
Lab 1: Perform S3 Bucket Enumeration using Various S3 Bucket Enumeration Tools Lab Scenario As an ethical hacker, you must try to obtain as much information as possible about the target cloud environment using various enumeration tools. This lab will demonstrate various S3 bucket enumeration tools that can help you in extracting the list of publicly available S3 buckets. Lab Objectives Enumerate S3 buckets using lazys3 Enumerate S3 buckets using S3Scanner Overview of Enumeration Tools Enumeration tools are used to collect detailed information about target systems to exploit them. Information collected by S3 enumeration tools consists of a list of misconfigured S3 buckets that are available publicly. Attackers can exploit these buckets to gain unauthorized access to them. Moreover, they can modify, delete, and exfiltrate the bucket content. Task 1: Enumerate S3 Buckets using lazys3 lazys3 is a Ruby script tool that is used to brute-force AWS S3 buckets using different permutations. This...
Read more

Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools

Image
Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools Module 20: Cryptography Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools Task 1: Perform Cryptanalysis using CrypTool CrypTool is a freeware program that enables you to apply and analyze cryptographic mechanisms, and has the typical look and  feel of a modern Windows application. CrypTool includes a multitude of state-of-the-art cryptographic functions and allows you  to both learn and use cryptography within the same environment. CrypTool is a free, open-source e-learning application used in  the implementation and analysis of cryptographic algorithms. Here, we will use the CrypTool tool to perform cryptanalysis. refer to blog  little long --------------------------------------------------------------------------------------------------------------------------------------- Module 20: Cryptography Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools Task 2: Perform Cryptanalysis us...
Read more

Task 2: Perform OS Discovery using Nmap Script Engine (NSE)

Image
  Task 2: Perform OS Discovery using Nmap Script Engine (NSE) Module 03: Scanning Networks Lab 3: Perform OS Discovery Task 2: Perform OS Discovery using Nmap Script Engine (NSE) open zenmap nmap -A [Target IP Address]   = -A: to perform an aggressive scan. nmap -O [Target IP Address]   = -O: performs the OS discovery. nmap --script smb-os-discovery.nse [Target IP Address]   = --script: specifies the customized script and smb-os-discovery.nse: attempts to determine the OS, computer name, domain, workgroup, and current time over the SMB protocol (ports 445 or 139). end Nmap, along with Nmap Script Engine (NSE), can extract considerable valuable information from the target system. In addition to Nmap commands, NSE provides scripts that reveal all sorts of useful information from the target system. Using NSE, you may obtain information such as OS, computer name, domain name, forest name, NetBIOS computer name, NetBIOS domain name, workgroup, system time o...
Read more