MODULE 6:- Enumeration

Secure Socket Layer SSL analysis with sslstrip in Kali Linux

SNMP Enumeration Kali by snmpwalk tool and snmpenum

nbtscan and nmap “nbtstat -s” For SMB scanning

What is SSL (secure socket layer)?

SSL analysis (Secure Socket Layer) is a standard security technology which used for establishing an encrypted channel between a server and a client. For example a web server (website) and a browser; or a mail server and a mail client.

SSL allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely. Normally, data sent between browsers and web servers is sent in plain text—leaving you vulnerable to eavesdropping. If an attacker is able to intercept (capture) all data being sent over the internet between a browser and a web server they can see and use that information. Http is sent data in plain text over network. https protocol used for establishing scure channel between browser (client) and web server.

More specifically, SSL is a security protocol. Protocols describe how algorithms should be used; in this case, the SSL protocol determines variables of the encryption for both the link and the data being transmitted.

More detail https://www.digicert.com/ssl.htm

What sslstrip?

Sslstrip is tool used to downgrade HTTPS to HTTP. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, and then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial.

How does sslstrip work?

First, arpspoof convinces a host that our MAC address is the router’s MAC address, and the target begins to send attacker all its network traffic. The kernel forwards everything along except for traffic destined to port 80, which it redirects to $listenPort (10000, for example).