2023-06-10

Windows Network - Common Protocols

In a typical Microsoft Windows network environment, you would expect to see a range of protocols that facilitate network communication, resource sharing, authentication, and management. Here are some protocols commonly used in a Windows network:

1. **Server Message Block (SMB)**: SMB is a protocol used for file and printer sharing, as well as accessing shared resources on Windows-based systems. It allows clients to connect to file servers, access shared folders, and perform file operations such as reading, writing, and file locking.

2. **Active Directory (AD)**: Active Directory is a directory service that stores information about network resources and enables centralized management of user accounts, groups, and network resources. It uses the Lightweight Directory Access Protocol (LDAP) for communication.

3. **Domain Name System (DNS)**: DNS is used for name resolution in Windows networks. It translates domain names into IP addresses and vice versa, allowing clients to locate domain controllers, servers, and other network resources.

4. **Dynamic Host Configuration Protocol (DHCP)**: DHCP is commonly used in Windows networks to automatically assign IP addresses, subnet masks, and other network configuration parameters to client devices when they connect to the network.

5. **NetBIOS (Network Basic Input/Output System)**: NetBIOS is an API used by applications for network communication in Windows environments. It allows applications to send and receive data over the network and provides services like name resolution and session management.

6. **Remote Desktop Protocol (RDP)**: RDP enables remote access to Windows-based systems. It allows users to connect to a remote desktop and interact with the desktop environment as if they were sitting in front of the physical machine.

7. **Simple Mail Transfer Protocol (SMTP)**: SMTP is used for sending and receiving email in Windows networks. It facilitates the communication between email clients (such as Microsoft Outlook) and email servers (such as Microsoft Exchange).

8. **Windows Internet Name Service (WINS)**: WINS is a legacy NetBIOS name resolution service used in older Windows networks. It translates NetBIOS names to IP addresses, helping clients locate resources.

9. **Kerberos**: Kerberos is a network authentication protocol used in Windows networks to verify the identities of users and services. It provides secure authentication and supports features like single sign-on.

10. **Remote Procedure Call (RPC)**: RPC is a protocol used for communication between applications and services running on different systems in a Windows network. It allows applications to request services from remote systems and exchange data.

These protocols form the foundation for network communication, authentication, and resource sharing in a Windows network environment. It's important to note that the specific protocols and their usage can vary depending on the version of Windows, network configuration, and services deployed within the network.

================

Here's an elaboration on each protocol mentioned, along with the port numbers commonly associated with them in a Microsoft Windows network:

1. **Server Message Block (SMB)**

   - Description: SMB is a protocol used for file and printer sharing, as well as accessing shared resources on Windows-based systems. It allows clients to connect to file servers, access shared folders, and perform file operations.

   - Port Numbers: 

     - SMB over NetBIOS: Port 139 (TCP/UDP)

     - SMB over IP (direct-hosted SMB): Port 445 (TCP/UDP)


2. **Active Directory (AD)**

   - Description: Active Directory is a directory service that stores information about network resources and enables centralized management of user accounts, groups, and network resources. It provides authentication and authorization services.

   - Port Numbers: 

     - LDAP: Port 389 (TCP/UDP)

     - LDAPS (LDAP over SSL/TLS): Port 636 (TCP)


3. **Domain Name System (DNS)**

   - Description: DNS is used for name resolution in Windows networks. It translates domain names into IP addresses and vice versa, allowing clients to locate domain controllers, servers, and other network resources.

   - Port Numbers: 

     - DNS: Port 53 (TCP/UDP)


4. **Dynamic Host Configuration Protocol (DHCP)**

   - Description: DHCP is commonly used in Windows networks to automatically assign IP addresses, subnet masks, and other network configuration parameters to client devices when they connect to the network.

   - Port Numbers: 

     - DHCP server: Port 67 (UDP)

     - DHCP client: Port 68 (UDP)


5. **NetBIOS (Network Basic Input/Output System)**

   - Description: NetBIOS is an API used by applications for network communication in Windows environments. It allows applications to send and receive data over the network and provides services like name resolution and session management.

   - Port Numbers: 

     - NetBIOS Name Service (NBNS): Port 137 (UDP)

     - NetBIOS Datagram Service: Port 138 (UDP)

     - NetBIOS Session Service: Port 139 (TCP)


6. **Remote Desktop Protocol (RDP)**

   - Description: RDP enables remote access to Windows-based systems. It allows users to connect to a remote desktop and interact with the desktop environment as if they were sitting in front of the physical machine.

   - Port Numbers: 

     - RDP: Port 3389 (TCP/UDP)


7. **Simple Mail Transfer Protocol (SMTP)**

   - Description: SMTP is used for sending and receiving email in Windows networks. It facilitates the communication between email clients (such as Microsoft Outlook) and email servers (such as Microsoft Exchange).

   - Port Numbers: 

     - SMTP: Port 25 (TCP)


8. **Windows Internet Name Service (WINS)**

   - Description: WINS is a legacy NetBIOS name resolution service used in older Windows networks. It translates NetBIOS names to IP addresses, helping clients locate resources.

   - Port Numbers: 

     - WINS: Port 137 (TCP/UDP)


9. **Kerberos**

   - Description: Kerberos is a network authentication protocol used in Windows networks to verify the identities of users and services. It provides secure authentication and supports features like single sign-on.

   - Port Numbers: 

     - Kerberos: Port 88 (TCP/UDP)


10. **Remote Procedure Call (RPC)**

    - Description: RPC is a protocol used for communication between applications and services running on different systems in a Windows network. It allows applications to request services from remote systems and exchange data.

   

Here is an expanded list of common protocols in a Windows network environment:

1. **Server Message Block (SMB)**

2. **Active Directory (AD)**

3. **Domain Name System (DNS)**

4. **Dynamic Host Configuration Protocol (DHCP)**

5. **NetBIOS (Network Basic Input/Output System)**

6. **Remote Desktop Protocol (RDP)**

7. **Simple Mail Transfer Protocol (SMTP)**

8. **Windows Internet Name Service (WINS)**

9. **Kerberos**

10. **Remote Procedure Call (RPC)**

11. **Internet Protocol (IP)**

12. **Transmission Control Protocol (TCP)**

13. **User Datagram Protocol (UDP)**

14. **Hypertext Transfer Protocol (HTTP)**

15. **Secure Shell (SSH)**

16. **File Transfer Protocol (FTP)**

17. **Simple Network Management Protocol (SNMP)**

18. **Internet Group Management Protocol (IGMP)**

19. **Border Gateway Protocol (BGP)**

20. **Open Shortest Path First (OSPF)**

21. **Internet Control Message Protocol (ICMP)**

22. **Virtual LAN (VLAN)**

23. **Secure Sockets Layer/Transport Layer Security (SSL/TLS)**

24. **Internet Group Management Protocol (IGMP)**

25. **Network Time Protocol (NTP)**

26. **Simple Network Time Protocol (SNTP)**

27. **Post Office Protocol (POP3)**

28. **Internet Small Computer System Interface (iSCSI)**

29. **Point-to-Point Protocol (PPP)**

30. **Spanning Tree Protocol (STP)**


These protocols cover various aspects of network communication, services, management, and security within a Windows network. Each protocol serves a specific purpose and plays a crucial role in enabling effective network operations.


Certainly! Here's a short description of each protocol from the expanded list:


1. **Server Message Block (SMB)**: File and printer sharing protocol for accessing shared resources on Windows systems.

2. **Active Directory (AD)**: Directory service for storing and managing network resources, user accounts, and groups.

3. **Domain Name System (DNS)**: Resolves domain names to IP addresses and vice versa for network communication.

4. **Dynamic Host Configuration Protocol (DHCP)**: Automates the assignment of IP addresses and network configuration to client devices.

5. **NetBIOS (Network Basic Input/Output System)**: Legacy API for network communication, including name resolution and session management.

6. **Remote Desktop Protocol (RDP)**: Allows remote access to Windows-based systems and interaction with the desktop environment.

7. **Simple Mail Transfer Protocol (SMTP)**: Protocol for sending and receiving email messages between email clients and servers.

8. **Windows Internet Name Service (WINS)**: Legacy name resolution service for NetBIOS names in older Windows networks.

9. **Kerberos**: Network authentication protocol providing secure verification of user and service identities.

10. **Remote Procedure Call (RPC)**: Facilitates communication between applications and services running on different systems.

11. **Internet Protocol (IP)**: Protocol for logical addressing and routing of data packets across network devices.

12. **Transmission Control Protocol (TCP)**: Reliable, connection-oriented protocol ensuring error checking and sequencing of data transmission.

13. **User Datagram Protocol (UDP)**: Connectionless protocol for sending datagrams without error checking and sequencing.

14. **Hypertext Transfer Protocol (HTTP)**: Protocol for transferring data between web clients and servers, enabling web browsing.

15. **Secure Shell (SSH)**: Cryptographic network protocol for secure remote access and administration of network devices.

16. **File Transfer Protocol (FTP)**: Protocol for transferring files between a client and a server over a network.

17. **Simple Network Management Protocol (SNMP)**: Protocol for managing and monitoring network devices.

18. **Internet Group Management Protocol (IGMP)**: Used for managing multicast group memberships in IP networks.

19. **Border Gateway Protocol (BGP)**: Routing protocol used for exchanging routing information between different autonomous systems on the internet.

20. **Open Shortest Path First (OSPF)**: Interior gateway routing protocol for efficient exchange of routing information within an autonomous system.

21. **Internet Control Message Protocol (ICMP)**: Used for diagnostic and error reporting purposes in IP networks, including ping requests and responses.

22. **Virtual LAN (VLAN)**: Network virtualization technique for logically separating network devices into separate broadcast domains.

23. **Secure Sockets Layer/Transport Layer Security (SSL/TLS)**: Protocols for securing communication channels over the internet, commonly used for secure web browsing (HTTPS).

24. **Internet Group Management Protocol (IGMP)**: Used for managing multicast group memberships in IP networks.

25. **Network Time Protocol (NTP)**: Synchronizes the time of network devices in a distributed system.

26. **Simple Network Time Protocol (SNTP)**: Lightweight version of NTP used for time synchronization in network devices.

27. **Post Office Protocol (POP3)**: Protocol for retrieving email from a mail server to a client device.

28. **Internet Small Computer System Interface (iSCSI)**: Protocol for accessing remote block-level storage over IP networks.

29. **Point-to-Point Protocol (PPP)**: Data link layer protocol for establishing a direct connection between two network nodes.

30. **Spanning Tree Protocol (STP)**: Protocol for maintaining a loop-free logical topology in Ethernet networks.


These protocols cover a wide range of network functions, including communication

WIFI | Aircrack Revisit

Title: Cracking Wireless Networks with Aircrack-ng: A Comprehensive Guide for Network Forensics Experts

Introduction:

Aircrack-ng is a powerful suite of tools used to assess and exploit wireless network security. As a network forensics expert, understanding and utilizing this suite can greatly enhance your skills and capabilities. In this blog post, we'll go through a step-by-step guide on using Aircrack-ng to crack a Wi-Fi network, including the use of deauthentication attacks.

Disclaimer: This information is provided for educational purposes only. Unauthorized access to networks is illegal, and you should only use these techniques on networks that you have permission to access.

Step-by-Step Guide to Using Aircrack-ng


1. Install Aircrack-ng: Before you begin, make sure Aircrack-ng is installed on your system. You can download the latest version from the official website (https://www.aircrack-ng.org/) and follow the installation instructions provided for your specific operating system.

2. Identify the target network: Start by scanning for available Wi-Fi networks in the vicinity using the "airodump-ng" command, which requires an interface in monitor mode. Run the following commands:



# Set the wireless interface to monitor mode sudo airmon-ng start <interface_name> # Scan for available networks sudo airodump-ng <monitor_interface_name>

3.Capture handshake: To crack a WPA/WPA2 network, you'll need to capture the handshake between a client and the access point. Use the "airodump-ng" command to target the specific network and write the captured packets to a file:


sudo airodump-ng -c <channel> --bssid <BSSID> -w <capture_file> <monitor_interface_name>
4. Deauthenticate clients (Deauth Attack): If no clients are connected to the target network or if you want to speed up the handshake capturing process, use a deauthentication attack to disconnect clients from the access point. This will force them to reconnect, thereby generating a handshake. Run the following command:

sudo aireplay-ng -0 <number_of_deauth_packets> -a <BSSID> -c <client_MAC_address> <monitor_interface_name>
  1. Crack the password: Once you've captured the handshake, use Aircrack-ng to crack the password. You'll need a wordlist for this step, which is a file containing a list of possible passwords. Run the following command:

aircrack-ng -w <path_to_wordlist> -b <BSSID> <capture_file.cap>
  1. Analyze the results: If Aircrack-ng successfully cracks the password, it will display the passphrase along with the associated BSSID. You can now use this information to connect to the network.
Summary:
  • Install Aircrack-ng on your system.
  • Identify the target network by scanning for available Wi-Fi networks using "airodump-ng."
  • Capture the handshake between a client and the access point with "airodump-ng."
  • Use deauthentication attacks to speed up the handshake capturing process with "aireplay-ng."
  • Crack the password using a wordlist and the captured handshake with "aircrack-ng."
  • Analyze the results and connect to the network using the cracked passphrase.
By following these steps and employing the tools in the Aircrack-ng suite, network forensics experts can efficiently assess and exploit wireless network security. Remember to use these techniques responsibly and only on networks you have permission to access.

2023-04-28

Aircrack | Crunch | Hashcat

 

Hacking WPA/WPA2 passwords with Aircrack-ng & Hashcat

Hacking WPA/WPA2 passwords with Aircrack-ng: dictionary searching, collaboration with Hashcat, maskprocessor, statsprocessor, John the Ripper, Crunch, hacking in Windows Successfully captured handshake can be hacked by various Tools.

If you manage to configure proprietary video card drivers, then, of course, it is recommended to do a hacking using the Hashcat tool. The speed of searching candidates for passwords will be much higher.

If you want to bust WPA PSK passwords with only processor power, then Aircrack-ng is one of the suitable tools . From the minuses of this tool it can be noted that it does not use a video card. Another big disadvantage is the lack of support for masks, rules and other options brute force. Although the last flaw is leveled by the fact that Aircrack-ng can be paired with other tools that support these same masks, rules, and password generation on the fly.

Another advantage of the Tools is that it works fine under Windows.
The easiest way to use Aircrack-ng is:

aircrack-ng -w path_to_dicionary -e AP handshake.cap

Although the command is simple, we explain that:

  • -w dictionary_path – in the dictionary, one candidate for passwords should be located on a separate line, i.e., one password per line.
  • -e AP . After this option you need to specify the name of the access point. If there is information about several access points in the capture file (and usually it happens if you have not previously cleared this file), then Aircrack-ng will ask for which AP you need to crack the password. Those. This option is optional – the choice can be made after starting the tool. Alternatively, you can use the -b option , after which you need to specify the MAC address of the AP.
  • handshake.cap – file with a grabbed handshake

So, my dictionary is located in /home/mial/2ndHDD/newrockyou.txt , the access point is named dlink , and the handshake file is called dlink-02.cap and is located in the current working directory, then I get the command

aircrack-ng -w /home/mial/2ndHDD/newrockyou.txt -e dlink dlink-02.cap

Brute force running:

As you can see, all eight process cores are fully loaded:

Key found!

Aircrack-ng key found

Using passwords created in other tools in Aircrack-ng
Aircrack-ng can work with any tools that output passwords to standard output. To do this, with the -w option, instead of specifying the path to the dictionary, you need to put a dash ( – ). And pass the passwords themselves by pipe ( | ) from the generator tool to Aircrack-ng. In general, the command looks like this:

password generator | aircrack-ng -w - -e AP handshake.cap

Using Hashcat generated passwords in Aircrack-ng
In order not to crack passwords, but only to show candidates,  Hashcat has the option –stdout
We also need to specify the hacking mode (option -a ) and the mask itself.

# | Mode of
  === + ======
   0 | Direct
   1 | Combined
   3 | Brute force
   6 | Hybrid dictionary + mask
   7 | Hybrid mask + dictionary
   
- [Built-in character sets] -
   
   ? | The character set
  === + =========
   l | abcdefghijklmnopqrstuvwxyz
   u | ABCDEFGHIJKLMNOPQRSTUVWXYZ
   d | 0123456789
   h | 0123456789abcdef
   H | 0123456789ABCDEF
   s | ! "# $% & '() * +, -. / :; <=>? @ [\] ^ _` {|} ~
   a | ? l? u? d? s
   b | 0x00 - 0xff

As a result, the command to display passwords looks like this:

hashcat --stdout -a 3 pattaya?l?l?l?l

Here:

  • –Stdout means only to show passwords candidates.
  • -a 3 brute force / mask attack mode selected
  • pattaya? l? l? l? l – the mask itself. All passwords created at the beginning of the word will have pattaya, and then there will be four small letters.

The command to transfer generated passwords from hashcat to aircrack-ng for my data looks like this:

hashcat --stdout -a 3 pattaya?l?l?l?l | aircrack-ng -w - -e dlink dlink-02.cap

Aircrack-ng and maskprocessor collaboration

The maskprocessor tool is part of the hashcat package. Its purpose is to generate candidates for passwords by mask. Using maskprocessor is even easier than hashcat itself, which without the necessary dependencies will not even run on some systems.
The command syntax is very simple:

maskprocessor mask

For example, for my matched password, the mask could be pattaya? L? L? L? L Check:

maskprocessor pattaya?l?l?l?l | aircrack-ng -w - -e dlink dlink-02.cap

started:

maskprocessor

Done:

maskprocessor aircrack-ng

Aircrack-ng and statsprocessor collaboration

Statsprocessor is another tool that comes with Hashcat. Statsprocessor is a high-performance word generator (dictionary), based on Markov’s positional attack, packed into a separate executable file

Hacking WiFi in Aircrack-ng with Crunch

Crunch is a dictionary generator with passwords in which you can define a standard or specified encoding. Crunch can create a list of words with all sorts of combinations and permutations in accordance with specified criteria. The data that crunch prints can be displayed on the screen, saved to a file or transferred to another tool.
 A simple example of use:

crunch   [character set]

In general, Crunch is a very flexible tool, and in order to use it 100% you need to study its options and familiarize yourself with the examples.
For my case it would be possible to do this:

crunch 11 11 -t pattaya@@@@ | aircrack-ng -w - -e dlink dlink-02.cap

Or so:

crunch 11 11 -t @@@@@@@@@@@ | aircrack-ng -w - -e dlink dlink-02.cap

Hacking WiFi Passwords in Aircrack-ng with John the Ripper

John the Ripper supports the withdrawal of candidates (option –stdout ), as well as various rules for generating passwords. John the Ripper has its own syntax, but in general, you can achieve the same result as with the tools already reviewed. Therefore, if you are more familiar with John the Ripper, you can use it in commands like this:

./john --wordlist= --rules --stdout | aircrack-ng -e  -w -

Hacking WPA passwords with Aircrack-ng in Windows

Since the Aircrack-ng package is cross-platform, it is possible to hack WPA handshake in Windows. Go to the official website , download the version for Windows, unzip the downloaded archive.

Change to the directory where the executable file aircrack-ng-avx.exe is located (your path will be different):

cd C:\Users\Alex\Downloads\aircrack-ng-1.2-rc4-win\bin\64bit\

Example of starting hacking:

aircrack-ng-avx.exe -w D:\newrockyou.txt -e dlink dlink-02.cap

Where:

  • -w D: \ newrockyou.txt is the path to the dictionary;
  • -e dlink – selected access point for hacking
  • dlink-02.cap – the file with the seized handshake, is placed in the same folder as the executable file.
Hacking WPA passwords with Aircrack-ng in Windows

By the way, you will find three similar files:

  • aircrack-ng-avx.exe
  • aircrack-ng-avx2.exe
  • aircrack-ng-sse2.exe

Try them all – they will have different performance, and some may not start.

Conclusion

Aircrack-ng combines well with password generators and is able to work under Windows. However, much greater results can be obtained by cracking the password using a graphics card.