Capture Packets at Cisco IOS

Cisco IOS routers have built in sniffer. It is called EPC ( Embedded Packet Capture ).
The capture is store using PCAP format ( Tcpdump format ). so after capture you can analyze the packet with Wireshark, can submit file to Dsniff etc 😉
IOS has to be 12.4(20) or higher.
The packets too are stored in DRAM.
Please see CISCO manual for more information and limitations.

In this tutorial, I’ll show how use these resource and apply a filter to capture specific packets.

Let’s start …

At cisco router, on configuration mode, create a filter.

ROUTER(config)# ip access-list extended POP_CAP
ROUTER(config-ext-nacl)# permit tcp any any eq 110

after, LEAVE configuration mode and create a buffer

# monitor capture buffer ciscobuffer size 512 max-size 1024 circular
# monitor capture buffer ciscobuffer filter access-list POP_CAP
# monitor capture point ip cef thepoint f0/0 in
# monitor capture point associate thepoint ciscobuffer

Brief analysis:

Created a buffer named “ciscobuffer” with size 512 and max-size to packets 1024 and of type CIRCULAR.
Circular buffer, will rewrite the packet when limit are reached.
A filter was applied to buffer, as created previously.
A point named “thepoint” was created to first interface of router “f0/0” on “in” ( inbound traffic )
and the point was associate with buffer 🙂

Now, it time to start capture


# monitor capture point start thepoint

You can see details of capture point typing:


# show monitor capture buffer all param

Now stop the capture


# monitor capture point stop thepoint

To analyze captured packet, export it


# monitor capture buffer ciscobuffer export scp://knight@10.20.30.40:/captured.cap

Now clear all:


# monitor capture buffer ciscobuffer clear
# monitor capture point disassociate thepoint
# no monitor capture point ip cef thepoint f0/0 in
# no monitor capture buffer ciscobuffer

Mission Acomplished

Like? Please comment it and leave a sugestion to this blog,
Coming soon, RSS feed

Posted in Network | Tagged , , | Leave a comment

Tools Section Updated

    I added 3 new tools

1 -) Cap SASL

2 -) CISCO PASSWORD CRACK

3 -) Skype Log Extractor

If you have a sugestion or a tool, contact me

Enjoy !

Posted in Tools | Leave a comment

Testing Network with Iperf

Iperf is an traffic generator.
It is distributed under BSD License .
Iperf has a client and server functionality, and can measure the throughput between the two ends, either unidirectonally or bi-directionally. It is open source software and runs on various platforms including Linux, Unix and Windows. It is supported by the National Laboratory for Applied Network Research.
When used for testing UDP capacity, Iperf allows the user to specify the datagram size and provides results for the datagram throughput and the packet loss.

Iperf can be downloaded here: http://sourceforge.net/projects/iperf/

OpenBSD install:

    # export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/4.8/packages/i386
    # pkg_add -vi iperf

Gentoo install:

    # USE=threads emerge iperf

Usage:

Server side:

    # iperf -s

Client side:

    # iperf -c 172.16.202.1

Where: 172.16.202.1 is ip address of server

Another example of usage:

bidirectional test

On client side execute:

    # iperf -c 172.16.202.1 -d

Using UDP mode

Server side:

    # iperf -s -u

Client side:

    # iperf -c 172.16.202.1 -u

See man pages for more details

Iperf GUI interface can be found here: http://code.google.com/p/xjperf/downloads/list

Posted in Network, Tools | Tagged , , , , , | Leave a comment

VMWARE Remote Console Plugin

When use the Vmware Server 2.0.x with Mozilla Firefox 3.6.x, some errors occured when tried use the console of virtual machine. To resolve this small inconvenience, locate the follow files:

vmware-vmrc-linux-x64.xpi ( for 64bits system)
vmware-vmrc-linux-i386.xpi ( for 32bits system )

Now, the instalation:

Make a copy of one of these files ( according with your plataform ) to one directory;

$ file vmware-vmrc-linux-x64.xpi
vmware-vmrc-linux-x64.xpi: Zip archive data, at least v1.0 to extract

$ unzip vmware-vmrc-linux-x64.xpi

We needed only of “plugins” folder

$ cd plugins
$ ./vmware-vmrc

On windows that will open, on hostname field, type the hostname following the port

Ex: 10.1.1.1:8333

Your user and your password

Finished ! We have the list of Virtual Machines and we can access the console

Reference:
http://communities.vmware.com/thread/136783

Posted in Network | Tagged , , , | Leave a comment

Article published in undeadly.org

Our article was published in undeadly.org ( OpenBSD Journal: A resource for the OpenBSD community )

see: http://undeadly.org/cgi?action=article&sid=20110219160358&mode=expanded&count=1

Thanks Jason ( http://www.dixongroup.net/ )
🙂

Posted in Information | Leave a comment

Building VPN’s with OpenBSD and IPSEC

In this tutorial, I’ll show how to create a VPN using OpenBSD
Making a VPN on OpenBSD is very easy.
Within minutes

Follow the scenario:

Consider A and B OpenBSD’s respectively .

Adjust /etc/sysctl.conf on both sides.


net.inet.ip.forwarding=1
net.inet.ah.enable=1
net.inet.esp.enable=1
net.inet.ipcomp.enable=1

Adjust /etc/ipsec.conf of side OpenBSD A

# cat /etc/ipsec.conf

local_ip="172.16.123.1"
local_network="192.168.20.0/24"
remote_ip="172.16.123.2"
remote_network="192.168.40.0/24"

ike esp from $local_network to $remote_network peer $remote_ip
ike esp from $local_ip to $remote_network peer $remote_ip
ike esp from $local_ip to $remote_ip

Adjust /etc/ipsec.conf of side OpenBSD B

# cat /etc/ipsec.conf

local_ip="172.16.123.2"
local_network="192.168.40.0/24"
remote_ip="172.16.123.1"
remote_network="192.168.20.0/24"

ike passive esp from $local_network to $remote_network peer $remote_ip
ike passive esp from $local_ip to $remote_network peer $remote_ip
ike passive esp from $local_ip to $remote_ip

Adjust /etc/pf.conf of both OpenBSD’s ( I will assume that you have a PF with POLICY block all )

set skip on { lo enc0 }

# VPN
pass in log on $ext_if proto esp from $remote_gw to $ext_if
pass out log on $ext_if proto esp from $ext_if to $remote_gw

pass in log on $ext_if proto udp from $remote_gw to $ext_if port {isakmp, ipsec-nat-t}
pass out log on $ext_if proto udp from $ext_if to $remote_gw port {isakmp, ipsec-nat-t}

pass in log on enc0 from $remote_nets to $int_if:network keep state (if-bound)
pass out log on enc0 from $int_if:network to $remote_nets keep state (if-bound)

Copy isakmpd keys of both OpenBSD’s

On OpenBSD A, copy /etc/isakmpd/local.pub from OpenBSD B into /etc/isakmpd/pubkeys/ipv4/172.16.123.2
# scp 172.16.123.2:/etc/isakmpd/local.pub /etc/isakmpd/pubkeys/ipv4/172.16.123.2

On OpenBSD B, copy /etc/isakmpd/local.pub from OpenBSD A into /etc/isakmpd/pubkeys/ipv4/172.16.123.1
# scp 172.16.123.1:/etc/isakmpd/local.pub /etc/isakmpd/pubkeys/ipv4/172.16.123.1

Test your ipsec.conf
# ipsecctl -n -f /etc/ipsec.conf
Do this on both sides

Now its time to run VPN

In both sides execute

# isakmpd -K ; ipsecctl -f /etc/ipsec.conf

Test it:

On one of sides do:

# tcpdump -ni enc0

On another side do:

# ping 172.16.123.2

Assume that tcpdump are running on side B and ping was executed on side A

Start Automaticaly after reboot

On side A,
do
# echo ‘!route add -net 192.168.40.0/24 172.16.123.2’ >> /etc/hostname.yourEXT_IF

On side B,
do
# echo ‘!route add -net 192.168.20.0/24 172.16.123.1’ >> /etc/hostname.yourEXT_IF

put this on both sides

echo ‘isakmpd=”-K” >> /etc/rc.conf.local
echo ‘ipsec=”YES” >> /etc/rc.conf.local

Reboot and Have Fun with your IPSEC VPN RUNNING UNDER OpenBSD

Posted in OpenBSD | Tagged , , , | Leave a comment

Attack Clients with SET Framework

“The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET was designed to be released with the http://www.social-engineer.org launch and has quickly became a standard tool in a penetration testers arsenal. SET was written by David Kennedy (ReL1K) and with a lot of help from the community it has incorporated attacks never before seen in an exploitation toolset. The attacks built into the toolkit are designed to be targeted and focused attacks against a person or organization used during a penetration test. ”

In this video turorial, I will show how steal Windows Live Messenger Password of the victim , with Java Applet Infection and site Clone attack vetor.

Posted in Videos | Tagged , , , | Leave a comment

SSH HONEYPOT

Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.

This video tutorial, will show how configure a Honeypot for SSH Server well as use this for dark-side

Posted in Videos | Tagged , , | Leave a comment

ASP SHELL

ASP shell added to tools section:

http://stuffresearch.tor.hu/?page_id=40

Posted in Tools | Tagged , , | Leave a comment

Tools Section Added

Hello there,

I have created Tools Section

Please Colaborate and send me sugestions

Best Regards,

spawn

Posted in Information, Tools | Leave a comment