Network Traffic Analysis

Introduction

It's crucial that we understand the networking behind a binary. What connections it's making, what protocol it utilizes and the host it's attempting to communicate with.

Wireshark

This example I am running the following binary I took from HackTheBox using mono (wine will also work).

└─$ mono ./UserInfo.exe -v find -first testr
[*] LDAP query to use: (givenName=testr)
[-] Exception: No Such Object
                              

Notice that the binary is making a connection using the ldap protocol, which is an un-encryted. protocol The username and password is in plaintext.