Analyzing Wireshark Capture

You ran Wireshark during one of the logins to the site and got the following capture, webadmin.pcap.  Download the pcap file in Kali and open it in Wireshark.  Use the information in it to fill in the blanks of the following:

What is the IP address of the web server? 

What page was accessed to login? 

To prove the lack of security, what was the username   and password used to login?

What HTTP-related protocol would you recommend that the company use to protect the username and password?

Setup for remainder of exam

For this exam you will need Kali installed in VirtualBox as well as Windows installed in VirtualBox. Note: if your host is Windows you could technically use that, but be aware that for this to work you will be doing things such as disabling firewall and installing tools like netcat etc. on Windows, which is why running it in VirtualBox is the suggested method.

To get a Windows 7 image to run in VirtualBox, go to https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/ and download IE8 on Win 7 VirtualBox image.  Once you have downloaded the zip, unzip it (preferably with 7zip) to extract the owa file within.  You can them import that owa image into VirtualBox.

Run your Windows virtual machine.  Use the installed browser to download and then install Firefox and/or Chrome.

Turn off the Windows firewall on your Windows virtual machine.  This will ensure that Kali is able to see it.

Shutdown your Windows virtual machine.

Change the network settings of your Windows virtual machine

Select either Host-only (better) or Bridged adapter for the Networking setting of the Windows virtual machine.  Note: If using Host-only make sure that your Kali VM also has at least 1 network adapter set as Host-only network (shown in video from last class).

Then run both Kali and your Windows virtual machines.

Test that Kali can see your Windows machine and vice-versa using the ping command.

Open terminal/command shell in both Kali and Windows.  In Kali, type ifconfig to see its IP address.  On Windows, type ipconfig to see its IP address.  Now that you know the IP address of both machines you can test that each can see the other.

In the Kali terminal type ping IP-address-of-your-Windows-VM.  For example, if your Windows VM has the IP address of 192.168.1.7, you would type ping 192.168.1.7. Then do the opposite. Try pinging your Kali VM from your Windows VM using the cmd prompt in Windows.

Capture All Kali Work Using Script

Finally, like we did in the bandit assignment, you must capture all your Kali work using script.  Your log file must be named midterm.log and the corresponding timing file must be named midterm_timing.txt.  Remember to use the -a flag on script.  Also, if you are not completing everything in one session, use exit when you have finished a session, and re-run the script command again at the beginning of a new session.

Finding Files

You are going to need to transfer a few tools from Kali to Windows.  In the Kali terminal window, use the command shown in class to locate the Windows executables for sbd, netcat, and ncat.

Where is the Windows ncat executable located in Kali?

Transfer necessary files

1. Start the web server on your Kali VM.

2. Copy the Windows executable netcat and ncat files into the web server's root directory.

3. Make sure that the permissions on them are readable for all.

4. Fire up Wireshark on Kali and set a capture filter to only capture data between the IP of your Kali VM and the IP of your Windows VM.

5. Start the capture on the correct interface.

6. In your Windows VM open Firefox/Chrome and put in the IP address of your Kali VM followed by /sbd.exe to download the sbd.exe to your Windows VM. So for instance, if the IP address of my Kali VM was 192.168.1.13, in my Windows VM the address I would type into Firefox/Chrome would be http://192.168.1.13/ncat.exe

7. Now also download the Windows netcat executable in the same way.

8. Stop the Wireshark capture.  Make sure that your Wireshark capture shows the HTTP download of all the tools.

9. Save (as) the capture in the default pcap-ng format in a file named cats-download.pcapng.  Upload that file as a submission to this question.

Use netcat or ncat to transfer sbd

1. Again fire up Wireshark and capture only traffic between your Kali and Windows VM's.

2. Use either netcat or ncat to transfer the Windows executable for sbd from Kali to Windows.

3. Stop your Wireshark capture.

4. Save (as) the file as sbd-transfer.pcapng.

5. Upload sbd-transfer.pcapng here.

Attachment:- Assignment.rar