Category: Networking

Detecting Rogue Virtual Machine- My Script

I wrote a post about detecting rogue virtual machine a while ago. Today I am publishing my script for how to get list of mac addresses and their manufacturer. It is easy to put an if statement and make this script to detect virtual machines. This is just start, if I get some time I will make this smarter.

#scan C subnet assuming you're in 192.168.1.X
#check arp info
for ((i=0; i<255; i++))
do
ping -t 1 192.168.1.$i >temp.txt
done
arp -a | awk /:/ | cut -f 4 -d " " > macAddresses.txt
arp -a | awk /:/ | cut -f 2 -d " " > ipAddresses.txt
fileName=macAddresses.txt
#lookup those mac address on the web
cat $fileName | while read mac
do

#for each mac addresses we are sending post request and formating the output
#-qO- means show the output in terminal, not save in a file
#post data is obvious, use post method to fill a field "mac" on the form
#awk the Company part and format to gather the result

wget -qO- --post-data="mac=$mac" http://aruljohn.com/mac.pl | awk /\>Company/ | cut -f 5 -d ">" >>companiesTemp.txt

done

#little more formating for companies.Temp required

cut -f 1 -d "<" companiesTemp.txt >companies.txt
#combining ip,mac, and companies in a single file
paste ipAddresses.txt macAddresses.txt companies.txt>finalResult.txt

#printing final result on the screen
echo "The results are saved in local finalResult.txt, and we are kind enough to show them here"
cat ./finalResult.txt

#cleanUp temp files
rm temp.txt companies.txt companiesTemp.txt ipAddresses.txt macAddresses.txt

TCPTraceroute to Bypass the Firewall filters

Introduction

The first step for penetration testers is getting information about the system. Traceroute is a great tool for this purpose.

Traceroute shows the route between you and the target machine.  Linux has a command line utility called traceroute.

traceroute

traceroute uses UDP.

Windows has a tool called tracert.

tracert

tracert uses ICMP.

It is quite common for firewalls to be configured to block ICMP or UDP and thereby prevent Traceroute from returning useable information.

One program designed to get around this issue is Michael Toren’s TCPTraceroute.

TCPTraceroute uses TCP SYNpackets insted of ICMP or UDP and is able to bypass common firewall filters.

Installation

TCPTraceroute is currently available for only Linux. You can install on your debian based machine by using apt-get:

<p style=”background: black; color: white”>
</p>ISMAIL

sudo apt-get install tcptraceroute

Example

tcptraceroute

Summary

As a penetration tester to gain information about the target system, you need to be familiar with several tools. One of these tools is tcptraceroute. It can bypass most of the firewalls since it uses TCP unlike tracert and traceroute.