Cyber With KT
  • About Me
  • 🗃️Courses
    • TCM
      • Practical Ethical Hacking (TCM)
        • Intro
          • Technical Skills Needed
          • Soft Skills Needed
        • Networking Refresher
          • IP Addresses
          • MAC Addresses
          • TCP, UDP, and the Three-Way Handshake
          • Common Ports and Protocols
          • The OSI Model
          • Subnetting
        • Setting Up Our Lab
          • Configuring VirtualBox
        • Introduction to Linux
          • Sudo Overview
          • Navigating the File System
          • Users and Privileges
          • Common Network Commands
          • Installing and Updating Tools
          • Installing gedit
          • Viewing, Creating, and Editing Files
          • Scripting with Bash
          • Creating a basic IP sweep script with BASH.
        • Introduction to Python
          • Strings
          • Maths
          • Variables and Methods
          • Functions
          • Boolean Expressions
          • Relational and Boolean Operators
          • Conditional Statements
          • List
        • Information Gathering (Reconnaissance)
          • Passive Reconnaissance
          • Identifying Our Target
          • Discovering Email Addresses
          • Hunting Breached Credentials with DeHashed
          • Hunting Subdomains Part 1
          • Hunting Subdomains Part 2
          • Identifying Website Technologies
          • Information Gathering with Burp Suite
          • Google Fu
          • Utilizing Social Media
        • Scanning & Enumeration
          • Installing Kioptrix
          • Scanning with Nmap
          • Enumerating HTTP and HTTPS I
          • Enumerating HTTP and HTTPS II
    • Cybrary
      • Offensive Penetration Testing
        • M01 : Setting the Foundation for Success
          • Understanding the Penetration Test Report
          • Penetration Test Report Demo
          • Note Taking and Mind Mapping
          • Finding Resources to Prepare for the Offensive Penetration Testing
        • M02: Kali Linux Basics
          • Setting up the Kali Linux VM
          • Overview of Tools in Kali Linux
          • Understanding the Command Line
          • The who, what, when, where, and how of the Linux command line
          • Windows Commands
        • M03: Understanding Network Protocols
          • Scanning Network Protocols
          • Scanning with Nmap
          • Scanning with Masscan
          • Scanning with Netcat
          • Using Wireshark
          • Wireshark and Encrypted Traffic
          • Weaponizing Wireshark
        • Important Things
  • 📚Concepts
    • Networking & Protocols
      • IP Addresses
  • 🏁Challenges/CTFs
  • 🚩Walkthrough/Writeups
    • TryHackMe
      • 🟩Easy Rooms
      • 🟧Medium Rooms
      • 🟥Hard Rooms
    • HackTheBox
      • 🟩Easy Machines
      • 🟧Medium Machines
      • 🟥Hard Machines
  • 🛠️Tools & Commands
    • Scanning & Enumeration
      • Nmap
    • Web Application Tools
      • Burp Suite
    • Exploitation Tools
    • Privilege Escalation
    • Password Attacks
  • 💎Projects
    • Browser-Based Vulnerability Scanner
  • 📱Content Creation
    • LinkedIn Post Ideas
    • Blog/YouTube Script Drafts
  • 📝Cheat Sheets
    • Nmap Cheatsheet
    • Linux Commands
    • Burp Suite Shortcuts
    • Regex for Security
    • Payloads (XSS, SQLi, LFI, etc.)
  • 🔍OSINT Tools & Notes
    • Tools (theHarvester, Spiderfoot, etc.)
    • People Search Techniques
    • Metadata Analysis
    • Real-life Case Studies
  • 🐞Bug Bounty
  • 💡Research & Experiments
  • Templates & Reporting
  • Interview & Certification Prep
Powered by GitBook
On this page
  • Wireshark – Defensive Perspective
  • Wireshark – Offensive Perspective
  • Summary
  1. Courses
  2. Cybrary
  3. Offensive Penetration Testing
  4. M03: Understanding Network Protocols

Weaponizing Wireshark

Wireshark – Defensive Perspective

Wireshark is a powerful network analysis tool that defenders can use to capture and inspect traffic generated by offensive tools such as Nmap and Socat. It allows visibility into network-level activities that may indicate reconnaissance or exploitation attempts.

Common Uses in Defense:

  • Detecting scanning activity (e.g., unusual port probes from Nmap).

  • Identifying unencrypted command execution (e.g., reverse shells via Socat).

  • Monitoring unauthorized use of commonly trusted ports (e.g., cleartext data on port 22 or 443).

Example filters for analysis:

tcp.port == 22 && tcp.len > 0
tcp contains "cmd.exe"

Wireshark – Offensive Perspective

While typically used for defense, Wireshark also has value in offensive security operations, particularly during client-side attacks.

Use Case: Fingerprinting the Victim's Environment

When an attacker entices a user to visit a malicious webpage, the attacker's system can capture and analyze HTTP headers, including the User-Agent string, to determine the browser and system configuration.

Captured example:

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; 
Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729)

Analysis:

  • MSIE 7.0 indicates Internet Explorer 7, an outdated browser with known vulnerabilities.

  • .NET CLR versions suggest older runtime environments.

  • This information can be used to assess exploitability for attacks such as drive-by downloads or legacy browser exploits.

Summary

Perspective
Objective
Wireshark Application

Defensive

Detect and analyze malicious network activity

Monitor traffic from tools like Nmap and Socat

Offensive

Gather client system/browser information

Inspect User-Agent strings to identify outdated software

msfconsole -x "use /exploit/windows/browser/ie unsafe_scripting; set ALLOWPROMPT true; set URIPATH /evil; info; run"

PreviousWireshark and Encrypted TrafficNextImportant Things

Last updated 8 days ago

🗃️