RubyGuides
Share this post!

All posts by Jesus Castello

Network forensics with tshark

Let’s say we have a packet capture file (.pcap) and we want to get as much information out of it as possible. One option could be wireshark and its command line version tshark. Using the latter we will be able to manipulate and format the output using tools like sed, grep, awk…

Extracting host names with tshark

Since we are dealing with mostly http traffic we may be interested in the sites that have been visited. To obtain this information we can use the http.host field and then a bit of sorting and this will show us the top 10 sites.

Continue reading

Playing with firewalls: setting up and detecting port forwarding.

Have you ever wanted to be able to tell if a host is using port forwarding? In this post we will setup a test scenario and you will learn how!

Setting up our lab

For this experiment we will need 3 host, in my case I have 2 Linux VM and a windows box. One of them will be used for scanning with nmap and send packets with hping, the second is going to be our NAT/firewall device and the windows machine will host the real service.
Continue reading

Nmap: beyond the basics

You probably have used nmap before, but did you know there are plenty of cool options to spice up your scanning sessions? For example, you can specify the –open option to show only open ports, or –reason if you want to see why a port is in the state it is (open/closed/filtered). If you want to dig deeper you could add the –packet-trace flag, which will make nmap show you all the packets sent and received.

Continue reading

Finding windows host on your network

If you ever wondered if there is a quick way to find all the Windows host in your network with exact version information, you are in the right place! We are going to see a few tools that will aid us in this task by quering the CIFS service (also known as SMB / NetBIOS) which is run by all Windows host.

To get us started let’s see the nbtscan tool, we can give it network range in the form of a CIDR or just with two values separated with a dash. This will give us a nice list of all the Windows host on our network with their netbios names.
Continue reading

Game hacking: messing with game saves.

Would you like to skip that annoying level or perhaps get some extra cash? Well, you are in the right place! We are going to have some fun by editing a savegame and get a small advantage. Welcome to game hacking. 🙂

Out test subject is going to be Capsized. A platformer game I picked up from HumbleIndieBundle. Let’s get right into it!

Continue reading

1 17 18 19 20 21 26