weyne/kaliwiki
1
0
Fork 0
mirror of https://github.com/mubix/kaliwiki.git synced 2025-10-29 16:59:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Finished Info Gathering

Browse Source 
Finished out the last section of info gathering.
This commit is contained in:
Will Pennell 2014-03-30 15:48:18 -04:00
parent 52c04cdec6
commit bb988e8295
9 changed files with 296 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
infogathering/index.md
View File

@ -154,9 +154,13 @@ Telephony Analysis
Traffic Analysis
------------
* [first]()
* [second]()
* [third]()
* [cdpsnarf](../tools/cdpsnarf.md)
* [intrace](../tools/intrace.md)
* [irpas-ass](../tools/irpass-ass.md)
* [irpas-cdp](../tools/irpass-cdp.md)
* [p0f](../tools/p0f.md)
* [tcpflow](../tools/tcpflow.md)
* [wireshark](../tools/wireshark.md)
VoIP Analysis
------------

20
tools/acccheck.md
View File

@ -2,6 +2,7 @@
Notes
-------
The tool is designed as a password dictionary attack tool that targets windows authentication via the SMB protocol. It is really a wrapper script around the smbclient binary, and as a result is dependent on it for its execution.
Help Text
-------
@ -40,7 +41,26 @@ Attempt a single password against a single user.
Example Usage
-------
The simplest way to run the tool is as follows:
./acccheck.pl -t 10.10.10.1
This mode of execution attempts to connect to the target ADMIN$ share with the username Administrator and a [BLANK] for the password.
./acccheck.pl -t 10.10.10.1 -u test -p test
This mode of execution attempts to connect to the target IPC$ share with the username test and a password test.
Each -t, -u and -p flags can be substituted by -T, -U and -P, where each represents an input file rather than a single input from standard in.
E.g.
./acccheck.pl -T iplist -U userfile -P passwordfile
Only use -v mode on very small dictionaries, otherwise, this has the affect of slowing the scan down to the rate the system writes to standard out.
Any username/password combinations found are written to a file called cracked in the working directory.
Links
-------
Notes and example usage from: https://labs.portcullis.co.uk/tools/acccheck/

7
tools/ace.md
View File

@ -1,7 +1,10 @@
# ace Automated Corporate (Data) Enumerator
# ace - Automated Corporate (Data) Enumerator
Notes
-------
ACE (Automated Corporate Enumerator) is a simple yet powerful VoIP Corporate Directory enumeration tool that mimics the behavior of an IP Phone in order to download the name and extension entries that a given phone can display on its screen interface. In the same way that the "corporate directory" feature of VoIP hardphones enables users to easily dial by name via their VoIP handsets, ACE was developed as a research idea born from "VoIP Hopper" to automate VoIP attacks that can be targeted against names in an enterprise Directory. The concept is that in the future, attacks will be carried out against users based on their name, rather than targeting VoIP traffic against random RTP audio streams or IP addresses. ACE works by using DHCP, TFTP, and HTTP in order to download the VoIP corporate directory. It then outputs the directory to a text file, which can be used as input to other VoIP assessment tools. ACE is a standalone utility, but its functions are integrated into UCSniff.
From: http://ucsniff.sourceforge.net/ace.html
Help Text
-------
@ -49,4 +52,4 @@ Example Usage
Links
-------
http://ucsniff.sourceforge.net/ace.html

18
tools/intrace.md Normal file
View File

@ -0,0 +1,18 @@
# intrace
Notes
-------
Help Text
-------
```
InTrace, version 1.5 (C)2007-2011 Robert Swiecki <robert@swiecki.net>
2014/03/30 15:34:27.143598 <INFO> Usage: intrace <-h hostname> [-p <port>] [-d <debuglevel>] [-s <payloadsize>] [-6]
```
Example Usage
-------
Links
-------

23
tools/irpass-ass.md Normal file
View File

@ -0,0 +1,23 @@
# ass - irpass-ass
Notes
-------
Help Text
-------
```
ass: invalid option -- 'h'
ass [-v[v[v]]] -i <interface> [-ApcMs] [-P IER12]
[-a <autonomous system start> -b <autonomous system stop>]
[-S <spoofed source IP>] [-D <destination ip>]
[-T <packets per delay>]
[-r <filename>]
```
Example Usage
-------
Links
-------

34
tools/irpass-cdp.md Normal file
View File

@ -0,0 +1,34 @@
# cdp - irpass-cdp
Notes
-------
Help Text
-------
```
cdp [-v] -i <interface> -m {0,1} ...
Flood mode (-m 0):
-n <number> number of packets
-l <number> length of the device id
-c <char> character to fill in device id
-r randomize device id string
Spoof mode (-m 1):
-D <string> Device id
-P <string> Port id
-L <string> Platform
-S <string> Software
-F <string> IP address
-C <capabilities>
these are:
R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
```
Example Usage
-------
Links
-------

70
tools/p0f.md Normal file
View File

@ -0,0 +1,70 @@
# p0f
Notes
-------
"P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Version 3 is a complete rewrite of the original codebase, incorporating a significant number of improvements to network-level fingerprinting, and introducing the ability to reason about application-level payloads (e.g., HTTP).
Some of p0f's capabilities include:
* Highly scalable and extremely fast identification of the operating system and software on both endpoints of a vanilla TCP connection - especially in settings where NMap probes are blocked, too slow, unreliable, or would simply set off alarms.
* Measurement of system uptime and network hookup, distance (including topology behind NAT or packet filters), user language preferences, and so on.
* Automated detection of connection sharing / NAT, load balancing, and application-level proxying setups.
* Detection of clients and servers that forge declarative statements such as X-Mailer or User-Agent.
"The tool can be operated in the foreground or as a daemon, and offers a simple real-time API for third-party components that wish to obtain additional information about the actors they are talking to.
Common uses for p0f include reconnaissance during penetration tests; routine network monitoring; detection of unauthorized network interconnects in corporate environments; providing signals for abuse-prevention tools; and miscellanous forensics."
From: http://lcamtuf.coredump.cx/p0f3/
Help Text
-------
```
p0f: invalid option -- 'h'
Usage: p0f [ -f file ] [ -i device ] [ -s file ] [ -o file ]
[ -w file ] [ -Q sock [ -0 ] ] [ -u user ] [ -FXVNDUKASCMROqtpvdlrx ]
[ -c size ] [ -T nn ] [ -e nn ] [ 'filter rule' ]
-f file - read fingerprints from file
-i device - listen on this device
-s file - read packets from tcpdump snapshot
-o file - write to this logfile (implies -t)
-w file - save packets to tcpdump snapshot
-u user - chroot and setuid to this user
-Q sock - listen on local socket for queries
-0 - make src port 0 a wildcard (in query mode)
-e ms - pcap capture timeout in milliseconds (default: 1)
-c size - cache size for -Q and -M options
-M - run masquerade detection
-T nn - set masquerade detection threshold (1-200)
-V - verbose masquerade flags reporting
-F - use fuzzy matching (do not combine with -R)
-N - do not report distances and link media
-D - do not report OS details (just genre)
-U - do not display unknown signatures
-K - do not display known signatures (for tests)
-S - report signatures even for known systems
-A - go into SYN+ACK mode (semi-supported)
-R - go into RST/RST+ACK mode (semi-supported)
-O - go into stray ACK mode (barely supported)
-r - resolve host names (not recommended)
-q - be quiet - no banner
-v - enable support for 802.1Q VLAN frames
-p - switch card to promiscuous mode
-d - daemon mode (fork into background)
-l - use single-line output (easier to grep)
-x - include full packet dump (for debugging)
-X - display payload string (useful in RST mode)
-C - run signature collision check
-t - add timestamps to every entry
'Filter rule' is an optional pcap-style BPF expression (man tcpdump).
```
Example Usage
-------
Links
-------

37
tools/tcpflow.md Normal file
View File

@ -0,0 +1,37 @@
# tcpflow
Notes
-------
Help Text
-------
```
tcpflow version 0.21 by Jeremy Elson <jelson@circlemud.org>
usage: tcpflow [-chpsv] [-b max_bytes] [-d debug_level] [-f max_fds]
[-i iface] [-r file] [expression]
-b: max number of bytes per flow to save
-c: console print only (don't create files)
-C: console print only, but without the display of source/dest header
-d: debug level; default is 1
-e: output each flow in alternating colors
-f: maximum number of file descriptors to use
-h: print this help message
-i: network interface on which to listen
(type "ifconfig -a" for a list of interfaces)
-p: don't use promiscuous mode
-r: read packets from tcpdump output file
-s: strip non-printable characters (change to '.')
-v: verbose operation equivalent to -d 10
expression: tcpdump-like filtering expression
See the man page for additional information.
```
Example Usage
-------
Links
-------

82
tools/wireshark.md Normal file
View File

@ -0,0 +1,82 @@
# wireshark
Notes
-------
Help Text
-------
```
Wireshark 1.8.5
Interactively dump and analyze network traffic.
See http://www.wireshark.org for more information.
Copyright 1998-2013 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Usage: wireshark [options] ... [ <infile> ]
Capture interface:
-i <interface> name or idx of interface (def: first non-loopback)
-f <capture filter> packet filter in libpcap filter syntax
-s <snaplen> packet snapshot length (def: 65535)
-p don't capture in promiscuous mode
-k start capturing immediately (def: do nothing)
-S update packet display when new packets are captured
-l turn on automatic scrolling while -S is in use
-I capture in monitor mode, if available
-B <buffer size> size of kernel buffer (def: 1MB)
-y <link type> link layer type (def: first appropriate)
-D print list of interfaces and exit
-L print list of link-layer types of iface and exit
Capture stop conditions:
-c <packet count> stop after n packets (def: infinite)
-a <autostop cond.> ... duration:NUM - stop after NUM seconds
filesize:NUM - stop this file after NUM KB
files:NUM - stop after NUM files
Capture output:
-b <ringbuffer opt.> ... duration:NUM - switch to next file after NUM secs
filesize:NUM - switch to next file after NUM KB
files:NUM - ringbuffer: replace after NUM files
Input file:
-r <infile> set the filename to read from (no pipes or stdin!)
Processing:
-R <read filter> packet filter in Wireshark display filter syntax
-n disable all name resolutions (def: all enabled)
-N <name resolve flags> enable specific name resolution(s): "mntC"
User interface:
-C <config profile> start with specified configuration profile
-d <display filter> start with the given display filter
-g <packet number> go to specified packet number after "-r"
-J <jump filter> jump to the first packet matching the (display)
filter
-j search backwards for a matching packet after "-J"
-m <font> set the font name used for most text
-t ad|a|r|d|dd|e output format of time stamps (def: r: rel. to first)
-u s|hms output format of seconds (def: s: seconds)
-X <key>:<value> eXtension options, see man page for details
-z <statistics> show various statistics, see man page for details
Output:
-w <outfile|-> set the output filename (or '-' for stdout)
Miscellaneous:
-h display this help and exit
-v display version info and exit
-P <key>:<path> persconf:path - personal configuration files
persdata:path - personal data files
-o <name>:<value> ... override preference or recent setting
-K <keytab> keytab file to use for kerberos decryption
--display=DISPLAY X display to use
```
Example Usage
-------
Links
-------