Adjusting source IP stack and tool identification settings

Before the penetration tester (or the attacker) begins testing, we must ensure that all unnecessary services on Kali are disabled or turned off.

For example, if the local DHCP daemon is enabled and is not required, it is possible for the DHCP to interact with the target system, which could be logged and send alarms to the target's administrators.

Some commercial and open source tools (for example, the Metasploit framework) tag their packets with an identifying sequence. Although this can be useful in post-test analysis of a system's event logs (where events initiated by a particular testing tool can be directly compared to a system's event logs to determine how the network detected and responded to the attack), it can also trigger certain intrusion detection systems. Test your tools against a lab system to determine the packets that are tagged, and either change the tag or use the tool with caution.

The easiest way to identify tagging is to apply the tool against a newly-created virtual image as the target and review system logs for the tool's name. In addition, use Wireshark to capture traffic between the attacker and target virtual machines, and then search the packet capture (pcap) files for any keywords that can be attributed to the testing tool (name of the tool, vendor, license number, and so on).

useragent in the Metasploit framework can be changed by modifying the http_form_field option. From the msfconsole prompt, select the option to use auxiliary/fuzzers/http/http_form_field and then set a new useragent header, as shown in the following screenshot:

In this example, useragent was set to be Google's indexing spider, Googlebot-Image. This is a common automated application that visits and indexes websites and rarely attracts attention from the website's owner.

To identify legitimate useragent headers, refer to the examples at: http://www.useragentstring.com/.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
52.55.19.189