Computer Security
Added on 2023-01-19
18 Pages3268 Words86 Views
Running head: COMPUTERS SECURITY
Computer Security
Name of the Student
Name of the University
Author’s Note
Computer Security
Name of the Student
Name of the University
Author’s Note
1
COMPUTERS SECURITY
Table of Contents
Overview..........................................................................................................................................3
Summary of Results.........................................................................................................................3
Methodology....................................................................................................................................4
Scope............................................................................................................................................5
Information Gathering.................................................................................................................5
IP and MAC Address...................................................................................................................6
Virtual Host.................................................................................................................................7
Scanning......................................................................................................................................8
Port Scan..................................................................................................................................8
Framework.............................................................................................................................12
WEB Scan..............................................................................................................................13
SQL Injection Scan................................................................................................................14
Result and Recommendations........................................................................................................15
Bibliography..................................................................................................................................17
COMPUTERS SECURITY
Table of Contents
Overview..........................................................................................................................................3
Summary of Results.........................................................................................................................3
Methodology....................................................................................................................................4
Scope............................................................................................................................................5
Information Gathering.................................................................................................................5
IP and MAC Address...................................................................................................................6
Virtual Host.................................................................................................................................7
Scanning......................................................................................................................................8
Port Scan..................................................................................................................................8
Framework.............................................................................................................................12
WEB Scan..............................................................................................................................13
SQL Injection Scan................................................................................................................14
Result and Recommendations........................................................................................................15
Bibliography..................................................................................................................................17
2
COMPUTERS SECURITY
Overview
The virtual machine of WidgetInc has been attacked by means of ethical hacking for the
purpose of finding out the major weaknesses that exists in the computer system and also for the
purpose of handling the various attacking environment. In order to perform the test numerous
attacks have been performed upon the host. Followed by the completion of the attack the results
have been recorded and observed so as to identify those points which are weak and are having
the possibility of getting compromising the entire virtual machine. For the purpose of
penetration, the flags have been used and this acts as the root user where the other users were
used for the purpose of exploiting those issues existing in the configuration and for finding of the
desired vulnerabilities.
The entire report is associated with demonstrating the logs related to testing the results obtained
and providing of recommendations which were used for the security compromising of the host
targeted.
Summary of Results
After successful completion of the penetration testing it was found that the virtual
machine of the victim is vulnerable to the various kind of attacks which are to be faced by the
network and this type of attacks are mainly related to the access control, authorization and
authentication. The possibility related to unauthorized access increased in the authentication
process by usage of the non-plaintext for example the DIGEST-MD5 for the different web
applications as well as for having an impact of negative nature upon the data of the users which
are present in the database of the servers (Im et al. 2016). Besides all this the services which are
seen to be available for the users would be examined in a through manner by making use of
COMPUTERS SECURITY
Overview
The virtual machine of WidgetInc has been attacked by means of ethical hacking for the
purpose of finding out the major weaknesses that exists in the computer system and also for the
purpose of handling the various attacking environment. In order to perform the test numerous
attacks have been performed upon the host. Followed by the completion of the attack the results
have been recorded and observed so as to identify those points which are weak and are having
the possibility of getting compromising the entire virtual machine. For the purpose of
penetration, the flags have been used and this acts as the root user where the other users were
used for the purpose of exploiting those issues existing in the configuration and for finding of the
desired vulnerabilities.
The entire report is associated with demonstrating the logs related to testing the results obtained
and providing of recommendations which were used for the security compromising of the host
targeted.
Summary of Results
After successful completion of the penetration testing it was found that the virtual
machine of the victim is vulnerable to the various kind of attacks which are to be faced by the
network and this type of attacks are mainly related to the access control, authorization and
authentication. The possibility related to unauthorized access increased in the authentication
process by usage of the non-plaintext for example the DIGEST-MD5 for the different web
applications as well as for having an impact of negative nature upon the data of the users which
are present in the database of the servers (Im et al. 2016). Besides all this the services which are
seen to be available for the users would be examined in a through manner by making use of
3
COMPUTERS SECURITY
different aspects such as the payloads, encoders, exploits and encoders. In addition to all this, the
security weaknesses have been documented which is to be used for the purpose of execution of
the arbitrary commands by the modules for the victims targeted and for running the distCC
daemon command without checking authorization.
For the purpose of enhancing the FTP server the service known as the ProFTPD has been
used along with the features of the Apache configuration syntax which consist of various virtual,
as well as permission based FTP servers (Coffey et al. 2018). All this are used for the purpose of
testing the favorable documents and for documenting the outputs.
Another security tool known as the Kali Linux is something different which is used for
the purpose of analyzing the different kind of potential problems along with the vulnerabilities
which are faced by the host by means of the password security bypassing, tools used for cracking
and for the purpose of recovering the data which were stored previously (Ambrosini, Groux and
Bucher 2018). Besides all this packages which are kali Linux has is a mixture of various
algorithms and the cracking strategies such as the brute force the attack dictionary which are
seen to be the most productive at the time of conducting the penetration testing.
Additionally, the Web server vulnerability is also tested and this is done so as to look for
the problems and identify them present in the software or in misconfiguration of the server. The
default files along with the programs are checked for finding the outdated and for identifying the
ones which are seen to be vulnerable for the various type of attacks faced by the network.
Methodology
Number of steps are undertaken for the purpose of starting the scope of the test for any
kind of vulnerabilities and this ends by means of the reporting of the output of all the test. Inn
COMPUTERS SECURITY
different aspects such as the payloads, encoders, exploits and encoders. In addition to all this, the
security weaknesses have been documented which is to be used for the purpose of execution of
the arbitrary commands by the modules for the victims targeted and for running the distCC
daemon command without checking authorization.
For the purpose of enhancing the FTP server the service known as the ProFTPD has been
used along with the features of the Apache configuration syntax which consist of various virtual,
as well as permission based FTP servers (Coffey et al. 2018). All this are used for the purpose of
testing the favorable documents and for documenting the outputs.
Another security tool known as the Kali Linux is something different which is used for
the purpose of analyzing the different kind of potential problems along with the vulnerabilities
which are faced by the host by means of the password security bypassing, tools used for cracking
and for the purpose of recovering the data which were stored previously (Ambrosini, Groux and
Bucher 2018). Besides all this packages which are kali Linux has is a mixture of various
algorithms and the cracking strategies such as the brute force the attack dictionary which are
seen to be the most productive at the time of conducting the penetration testing.
Additionally, the Web server vulnerability is also tested and this is done so as to look for
the problems and identify them present in the software or in misconfiguration of the server. The
default files along with the programs are checked for finding the outdated and for identifying the
ones which are seen to be vulnerable for the various type of attacks faced by the network.
Methodology
Number of steps are undertaken for the purpose of starting the scope of the test for any
kind of vulnerabilities and this ends by means of the reporting of the output of all the test. Inn
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Analysis of Security Vulnerability of WidgetsInc Virtual Machine Imagelg...
|23
|3636
|97
Computer Securitylg...
|19
|2531
|97
Identification of Threats using Nmap and Metasploit Network Security Toolslg...
|9
|1788
|54
ICT287 Computer Security: Planet of the Grapeslg...
|14
|2703
|84
Penetration Testing and Intrusion Detection Name of the University Authorlg...
|57
|5094
|316
Computer Forensics and Security Fundamentals Coursework 1lg...
|8
|1546
|185