Discover & Attack Network Devices with Sparta [Tutorial]

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

kali linux comes pre-installed with a number of powerful hacking tools and one of them is sparta Sparta's a tool for finding and tacking network targets without needing to know a lot about the targets to begin with we'll show you how it works on this episode of cyber weapons lab [Music] [Applause] [Music] if you're a hacker or penetration tester auditing a wireless network there's a couple things you need to do in order to find and exploit devices on that network the first is actually gain access but assuming you have then the next step is to scan the network and start to go after the services you find now this can be a lot for a beginner to understand and it can also be a whole lot of terminal windows open even for an experienced hacker so in general it's best to consolidate these things and Kali Linux has a pre-installed tool that's really excellent for doing this Sparta's a tool that can basically scan the entire network find all the devices identify the services and continually go after them even if new devices are added later on this capability is really useful to automate the exportation of various devices you find in a network and can make it really simple to scan and check to make sure that there's none lurking on your network that could be used against you that being said in order to do this you just need to have a computer with Kali Linux installed because Kali Linux has this pre-installed to begin with from the version that you'll download from the website so you don't need to download anything unless you've gotten a version that's specifically designated as light if you have that then you might need to install it but it's just a simple apt install to get started once you have a version of Kali Linux installed either via USB stick maybe on a hard drive or even in a virtual machine then we can get started now if you're starting out in Kali Linux you're going to want to check out some of the default tools and one of them you can try is sparta which you can access by just typing SP a R and there you go you can see the little Spartan helmet here if you click on this then it will open a Sparta window and it'll go ahead and do things like opening temporary word lists and take care of all the stuff in the background and present you with a nice graphic user interface now if you don't already have Sparta you can usually in Kali Linux in a terminal window that's not busy doing all that type apt install sparta but I already have that and it's art at the newest version so that is not very helpful for me so let's go into sparta and see exactly what is going on so at this point i'm assuming you are connected to either a Wi-Fi network or an Ethernet network and this means that you have access to the internal network so this will not work if you're sitting on the outside of a password-protected network and you have not yet broken in so if you are part of the network then we can begin to start scanning and probing around for stuff and this will also work on external targets that not are not part of an internal network as well such as websites and that sort of thing so to begin we can click to add a hostess cope now this will require us to know the network address of a or at least the network range of the network and this is something that we can calculate pretty easily so in our computer terminal window if we want to type ifconfig then we can see our IP address is right here now if we take this and calculate our network range then you can see that this is a Class C of private internet IP range and the our network mask is 255 255 255 0 which means that everything in this first part right here is our network and we can just put a zero to indicate that we want everything in this network range so what we'll actually do is we can see the network is 192 168 0 0 / 24 this will basically represent every possible all hundred all basically all hundred a 254 IP addresses that are possible in this IP range all in one kind of handy expression so let's take this and if we want we can add this to the network range but instead I'm going to do something else and add the host min so on most networks the host min or basically the first available IP address will be taken up by the router and I'm going to take advantage of that to just go ahead and scan the router rather than scanning the entire network because that can actually take quite some time but if you're looking to scan an entire network then you can just paste in the network range in this case it would be 192 168 0 0 / 24 and that will scan everything in the entire network so let's type in just the the minimum IP address which is 192 168 0 1 and then we'll click on add to scope now it's really easy for us to scan a whole lot of stuff with Sparta and I'm keeping a little bit light because the script really goes into depth with what with what it does as soon as it scans in nmap it'll take the result and begin probing a little bit further on the default ports to try to find if there's anything open and available for us to attack after that it'll run a sequence of other scans using some more non-standard ports than the 80 and 443 have initially scans forth and it kind of conserves conserves time by doing this by initially looking for the most obvious stuff and then later on looking for stuff that might be more unusual so first we can see that we found port 80 and port 443 and it prioritizes that because it'll also go ahead and as you can see attempt to take a screenshot and then start probing it with Nik so Nick doe is running against both ports 80 and 443 which is the webserver and then the HTTP webserver that's running on this router so it's actually already finished on one of them and it's still scanning on the other but we've already run through the first round of scans as it were so let's take a look but the various ways we can break this down and see what's happening either by services hosts or tools so let's click on services and we can see we've detected HTTP and HTTPS you can see the host it's been detected on the port and the state of the port so we've also now just detected in our next wing of M F scans a UPnP let's see a linux protocol so we can see that the state is open and the port that it's opened on and also go into the tools section and see what we can actually begin to do about these various things we've seen so here we can see Nick doe has already been deployed against both of these targets and we can see the results of the scan which already have found a light httpd server along with a potential clickjacking attack so there's some other information like the server leaks inodes via e tags and some other stuff a penetration tester might find interesting but in general you can see how this script is kind of going by itself it didn't manage to grab a very good screenshot of this particular port 80 because it actually redirects you to the router but that's okay because we can also go to hosts and then click on the port 80 and then by Rama right mouse clicking on it we can see a list of all the various things we can do now it won't do us much good to open this in telnet or netcat however we probably could do a panel grab with Mac hat but instead we're going to go ahead and just open it in a browser and see what it looks like so if you're curious you can do this on port 80 or 443 and this should give you the information you need to identify exactly what it is that's sitting there you can see where the screenshot just kind of grabbed that but the script after a second redirects us over to the actual login page now this is where we could deploy a brute-forcing attack against this particular login but instead let's go back to Sparta and we're going to take a look we're gonna take a look at what it's doing now so if we find any services beyond and in fact I'm going to add another target to scope so if you want to do that you can add hosts of scope and this time I'm going to do the whole network and let it run for a little bit and it will discover other hosts on this network and add them as it goes and then sequentially attack everything that it detects as open on that host that's been added so this is going to run for quite some time but in general I just want to give you guys an overview of what the results are of these scans and how you can then start to attack things that you find so let's say that we find a different service perhaps a a SSH or telnet service so these are both services that are used to log in and actually interact with the device that is administered remotely for example a router or a printer or something like that so if we go into brut this other table here we can see that if we actually do detect one of these services we can specify the IP address the port and then the service we can see that it supports a whole bunch of different stuff and including if we get the HTTP header or get or post elements for an HTTP login site we can fruit forest it looks like cisco actually didn't know that FTP File Transfer Protocol and some other really interesting things that we could possibly find so this brute force program will either use the username and password if you just want to use a single one or a username and password list at which we can add one from the various ones that Callie has installed now what our ultimate goal with this is to identify as many house as possible add them to this list find something that we can probably try to brute force and then pass it to this brute forcing tool so that we can attack as many things as we can while we're connected to the network you can see that this creates a really handy dashboard for using a lot of different tools so I encourage you to check out this default counting tool as it's a really fast way of getting to know what's on the network and then audit it really quick maybe if you have a limited amount of time or if you just want to go after everything at once now I'll try to let this run all the way but these scans can really take quite some time so be aware that if you're going after everything on entire network if that network is quite large for example there's over 200 possible hosts that could be connected to this network just based on the IP address space then this script can really really take a long time even in the first wave let alone and the subsequent went waves of scans attacks and then subsequent more scans so be aware of this when you're running it it is a really powerful way of interacting with a couple targets but if you scale to try to attack the whole network at once then that can really start to bog the speed of the program down and there we go although it did take some time we were able to detect quite a bit of house on the network and we can even see that there are some more different HTTP of websites that have been found so we can see there's 1 2 3 4 different sites that we can now attempt to attack and run subsequent scans on which you can see that nikto is now kicking off so as this runs I'm sure we'll find more interesting things on this network but I'm gonna wrap it up here because we want to keep this kind of light but I encourage you guys to check this out because it works quite well while Sparta is an excellent tool for auditing wireless networks it is particularly aggressive that means it will go after pretty much anything it finds and you might be actually going after something that you don't have permission to audit if you're on a network that you don't own because of this make sure that you do have permission to audit whatever network you're on when you're using Sparta because unlike other tools it won't ask you for permission before trying things like brute forcing for weak credentials that being said it is a great tool to run against your own network because it might find default credentials on a maybe an IOT device that you forgot about or some other thing on the network that might be vulnerable that's all we have for this episode of cyberweapons lon make sure to like comment and subscribe and if you have any thoughts or feedback around this on the show send me a message on Twitter because they'd love to hear from you we'll see you next time you

Info

Channel: Null Byte

Views: 165,226

Rating: undefined out of 5

Keywords: wht, wonderhowto, nullbyte, null byte, hack, hacking, hacker, hacks, hackers, how to hack, howto, how to, tutorial, guide, cyber weapon, cyber weapons, cyber, Kali Linux, Sparta, Discovering Network Devices, attacking networks, discover & attack, attacking network devices, kali hacking tools, ssh, services, discover, attack, recon, reconnaissance, network range, ipcalc, ip address, url, website, web app

Id: owEVhvbZMkk

Channel Id: undefined

Length: 12min 48sec (768 seconds)

Published: Wed Jun 12 2019