Network Hacking (security) 101 [October '20 - Online]

I’m very excited to adapt to the new state of the world a host a long overdue edition of Network Hacking 101, online this time, on Thursday October 22nd at 6:00pm PT

2020-10-23T01:00:00Z2020-10-23T03:00:00Z

I’m excited to explore moving this class online, and since everything is designed to be done over the Internet, it will be a great time from wherever you are!

What this?

If you want to secure your home network, the best place to start is to learn how to attack it! Let’s do just that! By the end of this workshop, everyone can walk away having intercepted some packets and popped some reverse shells, and you’ll be able to use these skills on your own home network!

The content we will use is available online, and you can check it out now at naumachiactf.com. I encourage you to try the challenges ahead of time, and feel free to ask me any questions on Discord at chat.naumachiactf.com.

Topics we’ll cover:

  • Network crash course in peeling back the layers
  • Network sniffing and the world of broadcast traffic
  • Man-in-the-middle attacks through ARP poisoning
  • Network scanning and finding your next target
  • DNS poisoning so that your too can be facebook.com

What do I need to hack?

You’ll need a laptop and the following tools:

  • OpenVPN
    • Connect to the challenges you will be hacking
  • Wireshark (tcpdump also works)
    • Capture and dissect network traffic
  • nmap
    • Scan and search for vulnerable targets
  • ettercap
    • Intercept and manipulate traffic
  • arpspoof
    • Another good way to intercept traffic
  • bettercap (optional)
    • Next-generation replacement for ettercap (but a bit unreliable)
  • python3
    • Build new attack tools
  • netcat (nc)
    • Swiss-army-knife of networking

It’s highly recommended that you use Linux or MacOS, but these tools are availible for Windows as well. If you have a Windows laptop, I recommend you install Linux in a VM*. Kali is the canonical offensive security distribution if you need to pick one. (https://youtu.be/FVmWMogGX4Q )

*Windows Subsystem for Linux (WSL) is great, but doesn’t work with packet capturing, so you won’t be able to use it here

3 Likes

Speaking of network hacking, just plugged this in to teh internet https://fccid.io/2AC8OFLIIKE/Internal-Photos/Internal-Photos-2545489

Currently found at !Pv4 199.188.195.60

happy port scanning

escalation vector…

ping jitsi.noisebridge.io
nmap -v -sn 199.188.195.0/24
nmap -v -sT -p http* 199.188.195.0/24

1 Like

would you be interested in remotely presenting for 5MoF.net could solicit some more interest in your event as well.

Details

Alright, I’ve been hard at work making this workshop global-pandemic friendly and here are the deets!

I’ve put together a notebook with a written-up version of all the content. You’ll have an easier time if you check it out and install the dependencies before the workshop starts

bit.ly/network-hacking-101

As for for chatting during the event, I’ve set up a space on a cool app called Gather. Basically it’s a mashup of Pokemon and video chat.

bit.ly/network-hacking-gather

https://gather.town/app/3nGSCSr4JmOE3mKF/hacking

Additionally, for any other time, and in case the Gather fails, I have a Discord server

bit.ly/network-hacking-chat

If you have any issues, let me know here or on the Discord server

See y’all on Thursday :vb-wave:

Working thru the dependencies, note on ettercap, for ubuntu it wants ettercap-text-only or ettercap-graphical do you recommend one or the other or both, and any particular reasons to go this route over arpspoof (which doesn’t seem to be in the standard repo)?

If you want to use the GUI, the ettercap-graphical is good. It also includes the text CLI I believe. I reference the CLI in the notebook. arpsoof is also nice because it allows spoofing without forwarding, which I utilize in the example of how to solve the DNS poisoning challenge. It’s also the case that ettercap won’t work for some people, but arpspoof will and vice versa :man_shrugging:

Ya, I definitely would like to present something! This would be a good topic.

···

On Fri, Oct 2, 2020, 11:45 the via Noisebridge <noreply@discuss.noisebridge.info> wrote:

the Ⅹ, Mover
October 2

would you be interested in remotely presenting for 5MoF.net could solicit some more interest in your event as well.


Visit Topic or reply to this email to respond.

To unsubscribe from these emails, click here.