david/netsec-djw2
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update hw3

Browse Source
This commit is contained in:
David Westgate 2024-05-14 10:39:47 -07:00
parent 2ff8075b48
commit f64bab0e39
6 changed files with 36 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
hw3/archer-scan.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 88 KiB

28
hw3/hw3.md
View File

@ -1,5 +1,7 @@
# Homework 3: Cracking WiFI!
For this homework assignment, I will demostrate cracking the `NetSec` WiFi network, and performing some reconissance. I will do this via the `mallory` machine, running kali
## Crack the NetSec WiFi network password with bettercap
### Find the BSSID and connected client of the NetSec Network
@ -31,11 +33,31 @@ The connection was successfull
I now want to scan the network to identify the router, and devices connected to the router. A quick check with `iwconfig` and looking at the `wlan0` interface shows that as a client of this router, we are in the subnet `192.168.0.0/24`
![subnet](./subnet.png)
Now running `sudo nmap -sn 192.168.0.0/24` (a simple ping scan) we have some interesting results.
Now running `sudo nmap -sn 192.168.0.0/24` (a simple ping scan) we have some interesting results. I've run this a few times on different days to see which hosts are persistant, and less likely to be other students
![nmap](./nmap.png)
### Open ports and services on client 1
![nmap-1](./nmap-1.png)
![nmap-2](./nmap-2.png)
### Open ports and services on client 2
To summerize this, the interesting devices, excluding ourselves (mallory) are
```
Nmap scan report for Archer (192.168.0.1)
MAC Address: 28:87:BA:75:7E:98 (TP-Link Limited)
Nmap scan report for bookworm (192.168.0.139)
MAC Address: D8:3A:DD:7E:3C:31 (Unknown)
```
We have one router/gateway (archer/28:87:BA:75:7E:98), one persistant client device (bookworm/D8:3A:DD:7E:3C:31). The other devices shown in some of these scans do not seem to persist and are not shown in my last scan which is at the time of writing. I will now scan for open ports on these available devices.
### Open ports and services on archer
As the router/gateway, I do not expect any interesting servcies to be running here. But let us make sure
![archer-scan](./archer-scan.png)
As probably expected, our gateway is responding to DNS requests, and has a web interface open on http(s).
Let's assume the port 80 traffic is only allowed to redirect users to the SSL web traffic on 443. From my home machine, I can do the following to tunnel traffic and take a look at the web page
![ssh-double-tunnel](./ssh-double-tunnel.png)
### Open ports and services on bookworm
### Access the RTSP stream

BIN
hw3/nmap-1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 55 KiB

BIN
hw3/nmap-2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 29 KiB

11
hw3/notes.txt Normal file
View File

@ -0,0 +1,11 @@
Advertising Device View Device Details
MAC 28:87:BA:75:7E:93 (TP-Link Corporation Limited)
Name NetSec
Type Wi-Fi AP
Advertised encryption WPA2 WPA2-PSK AES-CCM
First advertised May 11 2024 23:21:58
Last advertised May 11 2024 23:21:58
Last advertised SSID NetSec
Encryption WPA2 WPA2-PSK AES-CCM
Channel 48
Main Frequency 5.240 GHz

BIN
hw3/ssh-double-tunnel.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 34 KiB