Scanning Networks - p.18

Lab 17

Scanning the Network Using the Colasoft Packet Builder

The Colasoft Packet Builder is a useful tool for creating custom nehrork packets.

Lab Scenario

In the previous lab you have learned how you can detect, delete, and block cookies. Attackers exploit die XSS vulnerability, which involves an attacker pushing malicious JavaScript code into a web application. When anodier user visits a page widi diat malicious code in it, die user’s browser will execute die code. The browser lias noway of telling the difference between legitimate and malicious code. Injected code is anodier mechanism diat an attacker can use for session liijacking: by default cookies stored by the browser can be read by JavaScript code. The injected code can read a user’s cookies and transmit diose cookies to die attacker.

As an expert ethical hacker and penetration te s te r you should be able to prevent such attacks by validating all headers, cookies, query strings, form fields, and hidden fields, encoding input and output and filter meta characters in the input and using a web application firewall to block the execution of malicious script.

Anodier method of vulnerability checking is to scan a network using the Colasoft Packet Builder. in this lab, you will be learn about sniffing network packets, performing ARP poisoning, spoofing the network, and DNS poisoning.

Lab Objectives

The objective of diis lab is to reinforce concepts of network security policy, policy enforcement, and policy audits.

Lab Environment

in this lab, you need:

■ Colasoft Packet Builder located at D:\CEH-Tools\CEHv8 Module 03 Scanning Networks\Custom Packet Creator\Colasoft Packet Builder

■ A computer running Windows Server 2012 as host machine

■ Window 8 running on virtual machine as target machine
■ You can also download die latest version of Advanced Colasoft Packet Builder from die link http:/ / www.colasoft.com/download/products/download_packet_builder. php
■ If you decide to download die latest version, dien screenshots shown in die lab might differ.
■ A web browser widi Internet connection nuuiing in host macliine

Lab Duration

Time: 10 Minutes

Overview o f Colasoft Packet Builder

Colasoft Packet Builder creates and enables custom network packets. This tool can be used to verify network protection against attacks and intmders. Colasoft Packet Builder features a decoding editor allowing users to edit specific protocol field values much easier. Users are also able to edit decoding infonnation in two editors: Decode Editor and Hex Editor. Users can select any one of die provided templates: Ethernet Packet, IP Packet, ARP Packet, or TCP Packet.

Lab Tasks

1. Install and launch die Colasoft Packet Builder.
2. Launch the Start menu by hovering die mouse cursor on the lower-left corner of the desktop.

FIGURE 17.1: Windows Server 2012 - Desktop view

3. Click the Colasoft Packet Builder 1.0 app to open the Colasoft Packer Builder window

FIGURE 17.2 Windows Server 2012 - Apps

4. Tlie Colasoft Packet Builder main window appears

FIGURE 17.3: Colasoft Packet Builder main screen

5. Before starting of vonr task, check diat die Adapter settings are set to default and dien click OK.

FIGURE 17.4: Colasoft Packet Builder Adapter settings

6. To add 01 create die packet, click Add 111 die menu section

FIGURE 17.5: Colasoft Packet Builder creating die packet

7. When an Add Packet dialog box pops up, you need to select die template and click OK.

FIGURE 17.6: Cohsoft Packet Builder Add Packet dialog box

8. You can view die added packets list 011 your right-hand side of your window.

FIGURE 17.7: Colasoft Packet Builder Packet List

9. Colasoft Packet Builder allows you to edit die decoding information in die two editors: Decode Editor and Hex Editor.

FIGURE 17.8: Cohsoft Packet Builder Decode Editor

FIGURE 17.9: Colasoft Packet Builder Hex Editor

10. To send all packets at one time, click Send All from die menu bar.

11. Check die Burst Mode option in die Send All Packets dialog window, and dien click Start.

FIGURE 17.10: Colasoft Packet Builder Send All button

FIGURE 17.11: Colasoft Packet Builder Send AH Packets

12. Click Start

FIGURE 17.12 Colasoft Packet Builder Send AH Packets

13. To export die packets sent from die File menu, select File Export - All Packets.

FIGURE 17.13: Export All Packets potion

FIGURE 17.14: Select a location to save the exported file

FIGURE 17.15: Colasoft Packet Builder exporting packet

Lab Analysis
Analyze and document die results related to the lab exercise.

Questions

1. Analyze how Colasoft Packet Builder affects your network traffic while analyzing your network.
2. Evaluate what types of instant messages Capsa monitors.
3. Determine whether die packet buffer affects performance. If yes, dien what steps do you take to avoid or reduce its effect on software?