I'm trying to use Cain & Abel to log the network traffic between my domain controller which is a Windows 2008 Server (Machine A) and Windows XP computer (Machine B). They're both installed as virtual machines on an ESXi server I recently bought, and rather than putting them on a NAT, I've configured ESXi to keep them both bridged to my network.
Machine B is on a domain known as 'test.local' with an IP of:
192.14.0.195
Machine A is hosting the domain 'test.local' with an IP of:
192.14.0.196
My target is to detect the hashes being sent by Machine B to Machine A.
I was able to log traffic using the sniffer + ARP Poising technique. However, I like to learn how to reverse engineer and hack things, and then try writing something to 'patch' or 'prevent' it and since one my of my friends had told me earlier that he had used Cain and Abel to log the same stuff, but when the domain controller had an IP of something like:
192.15.0.198
And Machine B had an IP of:
192.14.0.195
As you can see there's different subnets. Knowing this is possible, how would I go about accomplishing attacks on the hosts that are on my subnet, but the domain controller is not? I know it is accessible because running 'nslookup' sets it as the default server and traceroutes and pings are successful. I can also RDP to it.
Any help is appreciated, thanks!
Related
I am configuring a High Availability load balancing based on HAProxy and Keepalived.
Everywhere I do research they talk about Virtual IP like something that fell off the sky – I mean, with little to none explanation about how to get one.
By now, I have arbitrary defined a virtual ip address in the keepalived.conf like this:
virtual_ipaddress {
10.0.0.100
}
With both Servers running keepalived, I do ip address command in the MASTER machine and it shows inet 10.0.0.100/32 scope global eth0 next to the Public IP, which I believe is correct.
When I do service keepalived stop in the MASTER machine and run ip address in the BACKUP machine, BACKUP shows inet 10.0.0.100/32 scope global eth0, IP which effectively disappeared from MASTER.
The above mentioned behavior indicates me that the config is all right.
Now, how can I publish that Virtual IP? Do I need to buy one? If my server provider (Contabo) doesn't offer the Virtual IP service, where to buy it?
My goal is to have my Front-End API requests aiming at the Virtual IP.
Thanks very much in advance for any guidance!
Server A and server B addresses are either manually configured when setting up the servers, or obtained via dhcp.
There is nothing magical about the virtual ip, other than it is not obtained in the same way.
If it is your own network, you can just pick one in the same range as for the two servers, and make sure that no new servers will use it.
Since you are talking about a provider, you will need to ask them if they provide floating ip addresses.
10.x.x.x is a private ip, so you can not publish that to the internet, but you could use it for example to fail over internal services.
I have used a windows command to find this
nslookup myip.opendns.com resolver1.opendns.com
and gives me an IP but if I run the same command in other pc which is in the same subnet will also give the same IP. There is no difference in both's IP.
This is same when I search in the browser as What is my IP?
Now How can I know My external IP address of my windows system? However I got internal IP from the command ipconfig which is not usefull now.
Internal IP:
A local Area Network Address provided by your DHCP server/ Router.
External IP:
A Wide Area Network address provided by your ISP(Internet service provider).
Internal IP/ LAN Address, can only be accessed within the same network. Think of babies and a mother in a house. Babies talk to each other and to their mom but don't know anything about outside. If they want any outside information, they ask their mother and mother translates the outside information to them.(NAT Translation)
Similarly, no one from outside can reach to the babies. The mother will protect her babies from anyone and everyone except she knows someone and she trusts someone what their intention is. (Port forwarding)
In your case, it is normal that both PC (babies) in the same LAN network have same external IP (Mother's name/IP). If you would like to reach to a specific baby from outside, you must ask the mom and configure the mom (Your gateway router) to permit this action.
usually default gateways in a home setup are 192.168.1.1 / 192.168.2.1 You will find this information using ipconfig
In Addition,
babies within the same household do not require mothers permission to talk to each other. They can freely communicate. However if wish to play hide-and-seek, then they need their mother's permission (UPNP settings). Where mother reveals information about one child to another.
Is it possible to access 127.0.0.1:8080 publicly i have a project application that is running on VM, What should I do?
Diagram:
VMachine( where xampp is installed) IP <-> Global(external) IP (167.1.174.21:8080)
I don't have any option left what should i do i'm really new to this. #respect
Yes, this is possible but there are multiple steps to the configuration and the details for each steps differ depending on the hardware/software used. In general though it can be accomplished like this:
VMware config
Configure the VM with a bridged network
Configure the guest OS to either have a dhcp reservation or static ip.
Router config
Add a dhcp reservation for the VM (if using DHCP)
Add a port forwarding rule pointing to the VM's IP address
XAMPP config
Make sure the XAMPP server is listening on all interfaces.
The key point is to make the Virtual Machine to have bridged connection.
You can do it by looking at this one.
After that do a Port Forwarding to the virtual machine like it a real machine on your LAN.
Step 1 : Apart from above solution, in your local network where xampp is installed, make your local ip as static one, like "192.168.1.125" from router settings->Address reservation option.
Once you reserve address
Step 2 : Open your router->port forwarding->set port & ip to forward.
Step 3 : Now you check your public ip, and bingo now you can go to your public ip from vmware or from any other network.
As long as the vm has a configured network and is therefor able to communicate with your LAN (using Bridged networks in the VM configuration is a good way to go) and the internet, it is possible to make it accessible to the external web/internet.
Therefor you would most likely need to define a port-redirect/port forwarding on your router, that all incoming packets on the external IP (167.1.174.21) on port 8080 gets forwarded to the local ip of your vm and the related xampp session.
A possible problem at that point might be changing IP addresses of the VM based on a possible DHCP configuration. Either use a fixed IP on the VM or configure some mac-based rule for fixed IP or increase the lease time of the dhcp-server (your router to unlimited)
That's the theory, but please think twice before you do so. Running a webserver which is available in the wild is not recommended if you are not used to IT security. And even if you decide to do so, using xampp sounds wrong to me ears. xampp is designed for local development & testing purposes, not for productive use.
I want to create a TFTP server on my computer, and I found a program named TFTPD32 that can help me. But when I try to bind my local IP (192.168.X.X) to a public one as I see in a tutorial, it doesn't show as a possible choice in that program.
As far as I know, to make this to work you need to install a server OS like Windows Server 2008, and Windows 7 Ultimate is a client one.
Is there a way to configure Windows 7 Ultimate as a public server?
Or maybe I am doing something wrong?
P.S.: I am sorry for my bad English.
If you can get that working in a LAN environment, then the solution is what ElGalivan said - take a look at the NAT table in your router.
Typically you need to do NAT over the UDP port 69 to your sever LAN IP address.
http://en.wikipedia.org/wiki/Network_address_translation
Tftpd32 can only "bind" to IP addresses available to the Windows OS where Tftpd32 runs.
In the very unusual case that your host is directly attached to a public IP Tftpd32 sure will have that public IP available for binding.
In a more normal case your host will be behind a router/NAT etc then your host will only have private IPs (192.168.x.x) available. In this case you should forward certain IP ports in your router in order to let exterior users reaching your server services.
But please consider; you should never do this with TFTP; TFTP is a protocol not meant for Internet traffic. It is used in the early stages of PXE booting strategies in LANs (Local Area Networks).
I developed a client/server simulation application. I deployed client and server on two different Windows XP machines. Somehow, the client is not able to send requests to the server.
I tried below options:
Pinged server machine successfully from client using ip-address.
Pinged client machine successfully from server using ip-address.
Checked netstat command line tool from both machines. Server is in LISTENING mode and client is in SYS_SENT mode. But the foreign address it is using to send is host name not the ip address.
Pinged server machine unsuccessfully using host name from client.
Pinged client machine successfully using host name from server.
I feel the problem is when the client is trying to connect to the server using the host name.
Could you please let me know how to force an application to use an ip address instead of a host name? Is there any other way to map the host name to an ip address?
Go to your client machine and type in:
nslookup server.company.com
substituting the real host name of your server for server.company.com, of course.
That should tell you which DNS server your client is using (if any) and what it thinks the problem is with the name.
To force an application to use an IP address, generally you just configure it to use the IP address instead of a host name. If the host name is hard-coded, or the application insists on using a host name in preference to an IP address (as one of your other comments seems to indicate), then you're probably out of luck there.
However, you can change the way that most machine resolve the host names, such as with /etc/resolv.conf and /etc/hosts on UNIXy systems and a local hosts file on Windows-y systems.
Try tracert to resolve the hostname. IE you have Ip address 8.8.8.8 so you would use; tracert 8.8.8.8
You could use a C function getaddrinfo() to get the numerical address - both ipv4 and ipv6.
See the example code here
This is hard to answer without more detail about the network architecture. Some things to investigate are:
Is it possible that client and/or server is behind a NAT device, a firewall, or similar?
Is any of the IP addresses involved a "local" address, like 192.168.x.y or 10.x.y.z?
What are the host names, are they "real" DNS:able names or something more local and/or Windows-specific?
How does the client look up the server? There must be a place in code or config data that holds the host name, simply try using the IP there instead if you want to avoid the lookup.
Windows XP has the Windows Firewall which can interfere with network traffic if not configured properly. You can turn off the Windows Firewall, if you have administrator privileges, by accessing the Windows Firewall applet through the Control Panel. If your application works with the Windows Firewall turned off then the problem is probably due to the settings of the firewall.
We have an application which runs on multiple PCs communicating using UDP/IP and we have been doing experiments so that the application can run on a PC with a user who does not have administrator privileges. In order for our application to communicate between multiple PCs we have had to use an administrator account to modify the Windows Firewall settings.
In our application, one PC is designated as the server and the others are clients in a server/client group and there may be several groups on the same subnet.
The first change was to use the functionality of the Exceptions tab of the Windows Firewall applet to create an exception for the port that we use for communication.
We are using host name lookup so that the clients can locate their assigned server by using the computer name which is composed of a mnemonic prefix with a dash followed by an assigned terminal number (for instance SERVER100-1). This allows several servers with their assigned clients to coexist on the same subnet. The client uses its prefix to generate the computer name for the assigned server and to then use host name lookup to discover the IP address of the assigned server.
What we found is that the host name lookup using the computer name (assigned through the Computer Name tab of the System Properties dialog) would not work unless the server PC's Windows Firewall had the File and Printer Sharing Service port enabled.
So we had to make two changes: (1) setup an exception for the port we used for communication and (2) enable File and Printer Service in the Exceptions tab to allow for the host name lookup.
** EDIT **
You may also find this Microsoft Knowledge Base article on helpful on Windows XP networking.
And see this article on NETBIOS name resolution in Windows.