Answer Happy

Accurate answers. Every time.
https://answerhappy.com/

- L 1 Capturing from Ethernet [Wireshark 1.12.6 (v1.12.6-0-gee1fce from master-1.12)] File Edit View Go Capture Analyze

https://answerhappy.com/viewtopic.php?t=42637

Page 1 of 1

- L 1 Capturing from Ethernet [Wireshark 1.12.6 (v1.12.6-0-gee1fce from master-1.12)] File Edit View Go Capture Analyze

Posted: Sat Feb 19, 2022 3:21 pm
by answerhappygod
L 1 Capturing From Ethernet Wireshark 1 12 6 V1 12 6 0 Gee1fce From Master 1 12 File Edit View Go Capture Analyze 1
L 1 Capturing From Ethernet Wireshark 1 12 6 V1 12 6 0 Gee1fce From Master 1 12 File Edit View Go Capture Analyze 1 (346.57 KiB) Viewed 69 times
Explanation of Vulnerability(ies)
1. Describe TWO of the vulnerabilities demonstrated by
Bruter.
Remediation of Vulnerability(ies)
2. Describe how you would tell the FTP server administrator to
mitigate these vulnerabilities.
3. Describe how your solution solves the specific
vulnerabilities identified above.
- L 1 Capturing from Ethernet [Wireshark 1.12.6 (v1.12.6-0-gee1fce from master-1.12)] File Edit View Go Capture Analyze Statistics Telephony Tools Internals Help X2 71 Filter: Expression... Clear Apply Save No. Time Source Destination Protocol Length Info 1345453 101.972971 203.0.113.100 175.45.176.200 FTP 96 Response: 331 Password required for administrator. 1345454 101.972983 192.168.1.10 175.45.176.200 FTP 96 Response: 331 Password required for administrator. 1345455 101.972983 192.168.1.10 175.45.176.200 FTP 96 Response: 331 Password required for administrator. 1345456 101.973000 175.45.176.200 203.0.113.100 FTP 68 Request: PASS oconnor 1345457 101.973144 203.0.113.100 175.45.176.200 FTP 93 Response: 530 user administrator cannot log in. 1345458 101.973144 203.0.113.100 175.45.176.200 FTP 96 Response: 331 Password required for administrator. 1345459 101.973144 175.45.176.200 192.168.1.10 FTP 68 Request: PASS oconnor 1345460 101.973144 203.0.113.100 175.45.176.200 FTP 96 Response: 331 Password required for administrator. 1345461 101.973171 175.45.176.200 203. 0.113.100 FTP 74 Request : USER administrator 1345462 101.973173 175.45.176.200 203.0.113.100 FTP 67 Request: PASS ocotea 1345463 101.973182 175.45.176.200 203.0.113.100 FTP 66 Request : PASS ocote 1345464 101.973256 175.45.176.200 192.168.1.10 FTP 67 Request: PASS ocotea 1345465 101.973268 192.168.1.10 175.45.176.200 FTP 93 Response: 530 user administrator cannot log in. 1345466 101.973312 175.45.176.200 192.168.1.10 FTP 74 Request: USER administrator 1345467 101.973347 203.0.113.100 175.45.176.200 FTP 93 Response: 530 User administrator cannot log in. 1345468 101.973364 175.45.176.200 203.0.113.100 FTP 74 Request : USER administrator 1345469 101.973380 175.45.176.200 192.168.1.10 FTP 66 Request: PASS ocote 1345470 101.973381 192.168.1.10 175.45.176.200 FTP 96 Response: 331 Password required for administrator. 1345471 101.973451 203.0.113.100 175.45.176.200 FTP 96 Response: 331 Password required for administrator. 1345472 101.973451 175.45.176.200 192.168.1.10 FTP 74 Request: USER administrator 1345473 101.973468 175.45.176.200 203.0.113.100 FTP 69 Request: PASS ocotillo 1345474 101.973547 175.45.176.200 192.168.1.10 FTP 69 Request : PASS ocotillo 1345475 101.973557 192.168.1.10 175.45.176.200 FTP 96 Response: 331 Password required for administrator. 1345476 101.973618 203. 0.113.100 175.45.176.200 FTP 96 Response: 331 Password required for administrator. Frame 1: 249 bytes on wire (1992 bits), 249 bytes captured (1992 bits) on interface o Interface id: 0 (\Device NPF_{B679DE 3F-12FE-471F-9FE7-85018CA5B1B6}) Encapsulation type: Ethernet (1) Arrival Time: Feb 15, 2022 04:10:50.535282000 Eastern Standard Time [Time shift for this packet: 0.000000000 seconds) Epoch Time: 1644916250.535282000 seconds 0000 ff ff ff ff ff ff 00 50 56 02 47 CO 08 00 45 00 PV.G...E 0010 00 eb 11 lb 00 00 80 11 a4 8d co a8 01 Oa co a 8 0020 01 ff 00 8a 00 8a 00 d7 39 cd 11 0e ac 60 CO a8 9... 0030 01 0a 00 8a 00 c1 00 00 20 46 44 45 46 46 43 46 FDEFFCF 0040 47 45 46 46 43 43 41 43 41 43 41 43 41 43 41 43 GEFFCCAC ACACACAC 0050 41 43 41 43 41 43 41 41 41 00 20 41 42 41 43 46 ACACACAA A. ABACF 0060 50 45 50 45 40 45 44 45 43 46 43 45 50 45 48 46 DEPENEDE CECEDEHE Time shift applied to this packet (frame.offs... Packets: 1447424. Displayed: 1447424 (100.0%) Activate Window Go to PC settings to Profile: Default
х Capturing from Ethernet [Wireshark 1.12.6 (v1.12.6-0-gee1fce from master-1.12)] File Edit View Go Capture Analyze Statistics Telephony Tools Internals Help X2 71 Q QQ Filter: Expression... Clear Apply Save No. Time Source Destination Protocol Length Info 1084641 87.2591330 192.168.1.10 17.45.1/0.200 FIP 93 Response: 530 user acministrator cannot log in. 1084642 87.2591710 175.45.176.200 203.0.113.100 FTP 74 Request: USER administrator 1084643 87.2591710 175.45.176.200 203.0.113.100 FTP 74 Request: USER administrator 1084644 87.2592270 203.0.113.100 175.45.176.200 FTP 93 Response: 530 user administrator cannot log in. 1084645 87.2592460 175.45.176.200 203.0.113.100 FTP 74 Request: USER administrator 1084646 87.2593290 203.0.113.100 175.45.176.200 FTP 93 Response: 530 user administrator cannot log in. 1084647 87.2593300 175.45.176.200 192.168.1.10 FTP 74 Request: USER administrator 1084648 87.2593300 175.45.176.200 192.168.1.10 FTP 74 Request: USER administrator 1084649 87.2593300 192.168.1.10 175.45.176.200 FTP 96 Response: 331 Password required for administrator. 1084650 87.2593520 175.45.176.200 203.0.113.100 FTP 74 Request: USER administrator 1084651 87.2593610 192.168.1.10 175.45.176.200 FTP 96 Response: 331 Password required for administrator. 1084652 87.2593750 175.45.176.200 192.168.1.10 FTP 74 Request: USER administrator 1084653 87.2595160 203.0.113.100 175.45.176.200 FTP 96 Response: 331 Password required for administrator. 1084654 87.2595170 192.168.1.10 175.45.176.200 FTP 96 Response: 331 Password required for administrator. 1084655 87.2595170 175.45.176.200 192.168.1.10 FTP 74 Request: USER administrator 1084656 87.2595170 203.0.113.100 175.45.176.200 FTP 96 Response: 331 Password required for administrator. 1084657 87.2595170 192.168.1.10 175.45.176.200 FTP 96 Response: 331 Password required for administrator. 1084658 87.2595170 203.0.113.100 175.45.176.200 FTP 96 Response: 331 Password required for administrator. 1084659 87.2595440 175.45.176.200 203.0.113.100 FTP 67 Request: PASS koryak 1084660 87.2595600 203.0.113.100 175.45.176.200 FTP 96 Response: 331 Password required for administrator. 1084661 87.2595620 175.45.176.200 203.0.113.100 FTP 65 Request: PASS kory 1084662 87.2595840 175.45.176.200 203.0.113.100 FTP 69 Request: PASS korymboi 1084663 87.2595960 175.45.176.200 203.0.113.100 FTP 69 Request: PASS korymbos 1084664 87.2596660 175.45.176.200 192.168.1.10 FTP 67 Request: PASS koryak 1084665 87.2596660 175.45.176.200 192.168.1.10 FTP 65 Request: PASS kory 1084666 87.2605770 175.45.176.200 192.168.1.10 FTP 69 Request: PASS korymbos 1084667 87.2605770 175.45.176.200 192.168.1.10 FTP 69 Request : PASS korymboi 1084668 87.2605780 192.168.1.10 175.45.176.200 FTP 93 Response: 530 User administrator cannot log in. 1084669 87.2605780 192.168.1.10 175.45.176.200 FTP 93 Response: 530 user administrator cannot log in. 1084670 87.2605780 203.0.113.100 175.45.176.200 FTP 93 Response: 530 user administrator cannot log in. 1084671 87.2606260 175.45.176.200 203.0.113.100 FTP 74 Reauest: USER administrator 9... 0000 0010 0020 0030 0040 0050 ff ff ff ff ff ff 00 50 56 02 47 CO 08 00 45 00 .P V.G...E. 00 eb 11 lb 00 00 80 11 a4 8d co a8 01 Oa co a8 01 ff 00 8a 0o 8a oo d7 39 cd 11 De ac 60 CO a8 01 Oa 00 8a 00 c1 00 00 20 46 44 45 46 46 43 46 FDEFFCF 47 45 46 46 43 43 41 43 41 43 41 43 41 43 41 43 GEFFCCACACACACAC 41 43 41 43 41 43 41 41 41 00 20 41 42 41 43 46 АСАСАСАА А. ABACE Time shift applied to this packet (frame.offs.. Packets: 1447599. Displayed: 1447599 (100.0%) Activate Window Go to PC settings to Profile Default
1 - STP Capturing from Ethernet (Wireshark 1.12.6 (v1.12.6-0-gee1fce from master-1.12)] Eile Edit View Go Capture Analyze Statistics Telephony Tools Internals Help T. Filter: Expression... Clear Apply Save No. Time Source Destination Protocol Length Info 1447309 240.574905 CISCO_TI:T0:19 PVS+ SIP 64 Conr. ROOT = 819271529700:zarba:ta:9a:81 COST = UPO 1447310 247.409684 fe80:: adbd: 9f24:1adff02::1:2 DHCPv6 150 solicit XID: 0x3d7c93 CID: 0001000122865d7f0050560247 1447311 248.573728 Cisco_fi:f0:19 PVST+ STP 64 conf. Root = 8192/1529/00:2a: 6a:fa:9a: 81 Cost - 0 PO 1447312 248.573728 Cisco_fi:f0:19 PVST+ STP 64 Conf. Root = 8192/1529/00:2a:6a:fa:9a: 81 Cost = 0P 1447313 249.945972 Vmware_8e:21:19 Broadcast ARP 60 who has 192.168.1.100? Tell 192.168.1.254 1447314 249.945973 Vmware_8e:21:19 Broadcast ARP 60 who has 192.168.1.100? Tell 192.168.1.254 1447315 250.575881 Cisco_fi:f0:19 PVST+ 64 Conf. Root = 8192/1529/00:2a: 6a:fa:9a: 81 Cost = 0 PC 1447316 250.575882 cisco_fi:f0:19 PVST+ STP 64 Conf. Root - 8192/1529/00:2a:6a:fa:9a: 81 Cost- PC 1447317 251.961809 Vmware_8e:21:19 Broadcast ARP 60 who has 192.168.1.100? Tell 192.168.1.254 1447318 251.961833 Vmware_8e: 21:49 Broadcast ARP 60 who has 192.168.1.100? Tell 192.168.1.254 1447319 252.574123 Cisco_fi:f0:19 PVST+ STP 64 Conf. Root - 8192/1529/00:2a: 6a:fa:9a: 81 Cost - 0 PC 1447320 252.574124 Cisco_fi:f0:19 PVST+ STP 64 Conf. Root = 8192/1529/00:2a: 6a:fa:9a: 81 Cost = 0 PO 1447321 254.574893 cisco_fi:f0:19 PVST+ STP 64 Conf. Root = 8192/1529/00:2a: 6a:fa:9a: 81 Costo 1447322 254.574894 Cisco_fi:f0:19 PVST STP 64 Conf. Root - 8192/1529/00:2a: 6a:fa:9a: 81 Cost - PC 1447323 256. 594267 cisco_fi:f0:19 PVST+ STP 64 conf. Root = 8192/1529/00:2a:6a:fa:9a: 81 COSTO 1447324 256.594268 Cisco_fi:f0:19 PVST+ STP 64 Conf. Root = 8192/1529/00:2a: 6a:fa:9a: 81 Cost = 0 1447325 258.587067 Cisco_fi:f0:19 PVST STP 64 Conf. Root - 8192/1529/00:2a: 6a:fa:9a: 81 Cost - PC 1447326 258.587068 Cisco_fi:f0:19 PVST+ 64 Conf. Root = 8192/1529/00:2a: 6a:fa:9a: 81 Cost = 0 Pe 1447327 260.571732 Cisco_fi:f0:19 PVST+ STP 64 Conf. Root = 8192/1529/00:2a:6a:fa:9a: 81 cost=0 PC 1447328 260.571733 Cisco_fi:f0:19 PVST+ STP 64 Conf. Root = 8192/1529/00:2a: 6a:fa:9a: 81 Cost = 0 PC 1447329 261.964813 Vmware_8e:21:19 Broadcast ARP 60 who has 192.168.1.100? Tell 192.168.1.254 1447330 261.964838 Vmware_8e:21:49 Broadcast ARP 60 who has 192.168.1.100? Tell 192.168.1.254 1447331 262.549707 Cisco_fi:f0:19 PVST+ STP 64 Conf. Root = 8192/1529/00:2a:6a:fa:9a: 81 Cost = 0 PC 1447332 262.549708 Cisco_fi:f0:19 PVST+ STP 64 Conf. Root = 8192/1529/00:22:6a:fa:9a:81 Cost = 0 PC PC PA Pe STP # Internet Protocol Version 4, Src: 192.168.1.10 (192.168.1.10), Dst: 192.168.1.255 (192.168.1.255) User Datagram Protocol, Src Port: 138 (138), Dst Port: 138 (138) # NetBIOS Datagram Service # SMB (Server Message Block Protocol) SMB Mailslot Protocol E Microsoft windows Browser Protocol 0000 ff ff ff ff ff ff 00 50 56 02 47 CO 08 00 45 00 PV.G...E 0010 00 eb 11 lb 00 00 80 11 a4 8d co a8 01 Oa co a 8 0020 01 ff 00 8a 00 8a oo d7 39 cd 11 0e ac 60 CO a8 9.. 0030 01 Oa 00 8a 00 01 00 00 20 46 44 45 46 46 43 46 FDEFFCF 0040 47 45 46 46 43 43 41 43 41 43 41 43 41 43 41 43 GEFFCCAC ACACACAC 0050 41 43 41 43 41 43 41 41 41 00 20 41 42 41 43 46 ACACACAA A. ABACF 0060 50 45 50 45 40 45 44 45 43 46 43 45 50 45 4R 45 PEPENEDE CECEPEHE Ethernet: <live capture in progress> File:C:\Us Packets: 1447332 . Displayed: 1447332 (100.0%) Activate Windo Go to PC settings to Profile: Default
- Filter: Capturing from Ethernet (Wireshark 1.12.6 (v1.12.6-0-gee1fce6 from master-1.12)] File Edit View Go Capture Analyze Statistics Telephony Tools Internals Help X2 71 Expression... Clear Apply Save No. Time Source Destination Protocol Length Info 144/270 215.395419 Te80::aada:YT 24:1 OTTUZ::1:2 DHCPVO 150 5011c1t XIV: UX30/093 LID: JUULUUU12280/TUUDU5042471 1447271 216.393989 fe80::adbd:9f24:1adff02::1:2 DHCPv6 150 Solicit XID: 0x3d7c93 CID: 0001000122865d7f0050560247 1447272 216.590485 Cisco_fi:f0:19 PVST STP 64 conf. Root = 8192/1529/00:2a:6a:fa:9a:81 Cost = 0 PC 1447273 216.590486 Cisco_fi:f0:19 PVST+ STP 64 Conf. Root = 8192/1529/00:2a:6a:fa:9a: 81 Cost = 0 PC 1447274 217.394323 fe80::adbd:9f24:1adff02::1:2 DHCPv6 150 Solicit XID: 0x3d7c93 CID: 0001000122865d7f0050560247 1447275 218.589978 Cisco_fi:f0:19 PVST+ STP 64 conf. Root = 8192/1529/00:2a:6a:fa:9a: 81 Cost = 0 PC 1447276 218.589979 Cisco_fi:f0:19 PVST+ STP 64 Conf. Root = 8192/1529/00:2a:6a:fa:9a: 81 Cost = 0 PC 1447277 219.409602 fe80::adbd:9f24:1adff02::1:2 DHCPv6 150 solicit XID: 0x3d7c93 CID: 0001000122865d7f0050560247 1447278 220.576769 Cisco_fi:f0:19 PVST+ STP 64 conf. Root = 8192/1529/00:2a: 6a:fa:9a: 81 COSTO PC 1447279 220.576770 cisco_fi:f0:19 PVST+ STP 64 Conf. Root = 8192/1529/00:2a: 6a: fa:9a: 81 Cost=0 PC 1447280 222.573233 Cisco_fi:f0:19 PVST+ STP 64 Conf. Root - 8192/1529/00:2a: 6a:fa:9a: 81 Costo PC 1447281 222.573234 Cisco_fi:f0:19 PVST+ STP 64 Conf. Root = 8192/1529/00:2a:6a:fa:9a: 81 COSTO 1447282 223.409602 fe80::adbd: 9f24:1adff02::1:2 DHCPV6 150 solicit XID: 0x3d7c93 CID: 0001000122865d7f0050560247 1447283 224.572616 Cisco_fi:f0:19 PVST STP 64 Conf. Root - 8192/1529/00:2a: 6a:fa:9a: 81 Cost - PC 1447284 224.572633 Cisco_f1:f0:19 PVST+ STP 64 Conf. Root = 8192/1529/00:2a: 6a:fa:9a: 81 COSTO Pe 1447285 226.554552 cisco_fi:f0:19 PVST+ STP 64 Conf. Root = 8192/1529/00:2a: 6a:fa:9a: 81 Costo PC 1447286 226.554553 cisco_fi:f0:19 PVST+ STP 64 Conf. Root = 8192/1529/00:22: 6a:fa:9a: 81 Costo PC 1447287 228.553263 Cisco_f1:f0:19 PVST+ STP 64 conf. Root = 8192/1529/00:2a: 6a:fa:9a: 81 COSTO Pe 1447288 228.553264 Cisco_fi:f0:19 PVST+ STP 64 Conf. Root = 8192/1529/00:22:6a:fa:9a: 81 cost=0 PC 1447289 230.555132 cisco_fi:f0:19 PVST STP 64 Conf. Root = 8192/1529/00:2a: 6a:fa:9a: 81 Cost - PC 1447290 230.555134 cisco_f1:f0:19 PVST+ STP 64 conf. Root = 8192 1529/00:2a: 6a:fa:9a: 81 Cost = 0 PO 1447291 231.409661 fe80::adbd: 9f24:1adff02::1:2 DHCPv6 150 solicit XID: 0x3d7c93 CID: 0001000122865d7f0050560247 1447292 232.558845 Cisco_fi:f0:19 PVST+ STP 64 Conf. Root - 8192/1529/00:2a:6a:fa:9a: 81 Cost = 0 PC 1447293 232.558846 cisco_fi:f0:19 PVST+ STP 64 Conf. Root = 8192/1529/00:2a:6a:fa:9a:81 Cost = 0 PC PC > # Frame 1: 249 bytes on wire (1992 bits), 249 bytes captured (1992 bits) on interface o Ethernet II, Src: Vmware_02:47:00 (00:50:56:02:47:00), Dst: Broadcast (ff:ff:ff:ff:ff:ff) Internet Protocol Version 4, Src: 192.168.1.10 (192.168.1.10), Dst: 192.168.1.255 (192.168.1.255) User Datagram Protocol, Src Port: 138 (138), Dst Port: 138 (138) NetBIOS Datagram Service SMB (Server Message Block Protocol) 0000 ff ff ff ff ff ff 00 50 56 02 47 CO 08 00 45 00 P V.G...E 0010 00 eb 11 lb 00 00 80 11 a4 8d co a8 01 Oa co a8 0020 01 ff 00 8a 00 8a 00 07 39 cd 11 0e ac 60 CO a8 9.. 0030 01 0a 00 8a 00 c1 00 00 20 46 44 45 46 46 43 46 FDEFFCF 0040 47 45 46 46 43 43 41 43 41 43 41 43 41 43 41 43 GEFFCCAC ACACACAC 0050 41 43 41 43 41 43 41 41 41 00 20 41 42 41 43 46 ACACACAA A. ABACF 0060 50 45 50 45 446 44 45 43 46 43 45 50 45 4R 46 PEPENEDE CECEPEHE O Ethernet: <live capture in progress> File:C:\Us Packets: 1447293 - Displayed: 1447293 (100.0%) Activate Window Go to PC settings to Profile Default
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited