Tag: Kali Linux

[PenTest] Network Mapping

===============================================================

DISCLAIMER 

You should NEVER run any of the tools that are shown on my blog or on any of the IP addresses I’ve used for illustrative purposes without proper authorisation to do so.

================================================================

So you want to see what hosts are alive on a network that you have been asked to Pen Test. After you’ve done some reconnaissance you have an IP range of 100.10.0.0/16 that is used by the network in question. There are a couple of tools that will do the job for us here, they are fping and nmap. The focus of this blog post will be the fping tool a separate blog post will show the nmap tool.

fping is a ping sweep tool. If we were to try and test each of the IP addresses in the 100.10.0.0/16 range using traditional ping it would take a very long time.

fping is installed by default on Kali Linux if you are running a different flavour of Linux you can run the apt-get command to install it.

#sudo apt-get install fping

To use fping it is straightforward. I will use my own local Wifi address range to test what addresses are alive in the 192.168.88.0/24 range.

#fping -a -g 192.168.88.0/24

the -a option is used to only show addresses that are alive.

the -g option tells the tool that it is a ping sweep that needs to be carried out instead of a traditional ping test.

fping

As you can see there are many IP addresses in use from that range. This is very useful information as we now know what IP addresses have been assigned to a device in the network they might be servers or hosts more on how to find that out in the next blog post using the nmap tool.

Note when using the fping tool on a LAN or WLAN you are connected to you will get [ICMP Host Unreachable] messages for IP addresses that aren’t in use. If you do not want to see these displayed in the output you can send the standard out errors to /dev/null using the following command.

#fping -a -g 192.168.88.0/24 2>/dev/null

In my next blog post, I will show you a very very powerful tool called nmap that does the same as fping and a lot lot more.

 

CCNA Cyber Ops

It has been a while since I have posted something on my blog. I’ve been busy studying for the CCNA Cyber Ops cert. Cisco created this certificate due to the serious lack of Cyber Security personal worldwide, Cisco will invest $10 Million into this program to close this gap. They opened up a CCNA Cyber Ops scholarship program which I applied for over a year ago now and I was successful in getting a place on the program (https://mkto.cisco.com/security-scholarship).

The scholarship gives students access to an online portal where you get access to all the training material which include text slides, videos and labs for hands on training. Unlike most Cisco certifications the Cyber Ops certificate is mostly vendor neutral, yes Cisco equipment gets mentioned from time to time but most of the security tools used on the course are not Cisco such as Kali Linux, Security Onion, Burp, Wireshark, Bro, ELSA to name a few.

The certificate is broken into two exams the SECFND 210-250 exam and the SECOPS 210-255 exam.

The SECFND 210-250 exam topics are broken out into the following main areas:

  • Network Concepts
  • Security Concepts
  • Cryptography
  • Host-Based Analysis
  • Security Monitoring
  • Attack Methods

The SECOPS 210-255 exam topics are broken out into the following main areas:

  • Endpoint Threat Analysis and Computer Forensics
  • Network Intrusion Analysis
  • Incident Response
  • Data and Event Analysis
  • Incident Handling

I have to say that Cisco did a great job here and created a really interesting and engaging course. I hope they continue to develop this track into the CCNP level and beyond and that they stick to the vendor neutral delivery of this course.

I’ve now passed both exams and I’m officially CCNA Cyber Ops certified.

So what is next? I’ve started the PTSv3 course from eLearnSecurity which is a pentesting course and what I like about the course is that it is hands on learning in a lab environment and what is even better for me is the exam is hands on. You have 72 hours to carry out pentesting against designated targets. I think this is a great way to test you on what you have learned and I personally prefer this way of testing over just multiple choice questions.