Ethical Hacking: Methodology, Results and Recommendations
Added on 2022-10-16
56 Pages6920 Words253 Views
|
|
|
ETHICAL HACKING
Contents
1. Introduction............................................................................................................ 2
2. Methodology........................................................................................................... 2
3. Ethical considerations............................................................................................. 14
4. Results and Recommendations..................................................................................17
5. Custom developed tools........................................................................................... 41
6. Recommendations.................................................................................................. 51
1. Encrypt your Drive (Full Disk Encryption)..............................................................52
2. Enable Your Firewall.......................................................................................... 52
3. Disable SSH Login via Root.................................................................................. 52
4. Make your BIOS More Secure............................................................................... 53
5. Disable USB Mount............................................................................................. 53
7. Conclusion............................................................................................................ 53
8. References............................................................................................................ 54
1
1. Introduction............................................................................................................ 2
2. Methodology........................................................................................................... 2
3. Ethical considerations............................................................................................. 14
4. Results and Recommendations..................................................................................17
5. Custom developed tools........................................................................................... 41
6. Recommendations.................................................................................................. 51
1. Encrypt your Drive (Full Disk Encryption)..............................................................52
2. Enable Your Firewall.......................................................................................... 52
3. Disable SSH Login via Root.................................................................................. 52
4. Make your BIOS More Secure............................................................................... 53
5. Disable USB Mount............................................................................................. 53
7. Conclusion............................................................................................................ 53
8. References............................................................................................................ 54
1
1. Introduction
In this project, we are required to design and apply a procedure illustrating a scenario where
ethical hacking is being done. This test-like project will examine your knowledge based on what
we have understood from the contents that are sent to you on a weekly basis. The assessment is
to know what we’ve learnt regarding writing and articulating a report on penetration testing
according to the industry standard.
In Task 1: We need to penetrate the virtual machine—which is the supplied system —to attain a
root level by following a legitimate process and proper tools. Check, 5 Banner-like objects have
been placed— representing a value—at each junction of system compromise. Look for them by
checking through web pages, home directories, and so on. We need to be to find them in
sequence, one after the other. Just like the example is given below.
2. Methodology
In the paper presented here the researchers will be trying to decipher a complex “Capture the
Flag” (referred to as CTF from now on) problem. Said CTF had been posted on the blog title
VulnHub by Hadi Mene. It is not a standalone problem. It is included in the sequence called the
Basic Pen testing sequence (Baloch, 2017)
As indicated by the data given in the depiction by the creator of the test, this is a passage level
boot2root electronic test. This test intends to pick up root benefit through a web application
facilitated on the machine. The engine used is available as a free download on various
tormenting sites and the download bundle also includes a readme file (Simpson & Antill, n.d.)
(Sinha, 2017) (Wong, n.d.)
2
In this project, we are required to design and apply a procedure illustrating a scenario where
ethical hacking is being done. This test-like project will examine your knowledge based on what
we have understood from the contents that are sent to you on a weekly basis. The assessment is
to know what we’ve learnt regarding writing and articulating a report on penetration testing
according to the industry standard.
In Task 1: We need to penetrate the virtual machine—which is the supplied system —to attain a
root level by following a legitimate process and proper tools. Check, 5 Banner-like objects have
been placed— representing a value—at each junction of system compromise. Look for them by
checking through web pages, home directories, and so on. We need to be to find them in
sequence, one after the other. Just like the example is given below.
2. Methodology
In the paper presented here the researchers will be trying to decipher a complex “Capture the
Flag” (referred to as CTF from now on) problem. Said CTF had been posted on the blog title
VulnHub by Hadi Mene. It is not a standalone problem. It is included in the sequence called the
Basic Pen testing sequence (Baloch, 2017)
As indicated by the data given in the depiction by the creator of the test, this is a passage level
boot2root electronic test. This test intends to pick up root benefit through a web application
facilitated on the machine. The engine used is available as a free download on various
tormenting sites and the download bundle also includes a readme file (Simpson & Antill, n.d.)
(Sinha, 2017) (Wong, n.d.)
2
A well-known webpage, VulnHub is an outstanding site for security specialists. Its point is to
furnish clients with an approach to learn and rehearse their hacking aptitudes through a
progression of difficulties in a protected and lawful condition. This website can be used to
download defenseless machines (Beaver, n.d.) and attempt to use them according to the
requirements you have (Engebretson, 2013).
A brief introduction to CTF
Once the download is complete, try to open the files in “Virtual Box” which is a tool that can
easily open old files. Once this stage has been crossed, “netdiscover” is the command that should
be run in order to find out the IP address of the computer that will be engaged with. Refer to the
below image for details (Ethical hacking and countermeasures, 2017).
The image clearly shows the obtained the address of the computer that was behaving as the
virtual machine in this case which shows the experiment is fine so far. This IP should be
192.168.1.11. This IP belongs to the computer that the researchers are trying to establish a secure
connection with. Another IP address that is part of this transaction is of the system. This IP will
be 192.168.1.45.
Here it must be noted that the IP address of both the systems could vary slightly depending upon
the way the overall internet network has been wired. So if a different IP address is encoutnered,
it is nothing to worry about.
Once the IP has been achieved and the IP address of the system is in hand, it can be used for
attacking, the next thing to do is to look for the ports that are open and awaiting connection on
the system that is being attacked. (NMAP full port scan can accomplish this). One very efficient
3
furnish clients with an approach to learn and rehearse their hacking aptitudes through a
progression of difficulties in a protected and lawful condition. This website can be used to
download defenseless machines (Beaver, n.d.) and attempt to use them according to the
requirements you have (Engebretson, 2013).
A brief introduction to CTF
Once the download is complete, try to open the files in “Virtual Box” which is a tool that can
easily open old files. Once this stage has been crossed, “netdiscover” is the command that should
be run in order to find out the IP address of the computer that will be engaged with. Refer to the
below image for details (Ethical hacking and countermeasures, 2017).
The image clearly shows the obtained the address of the computer that was behaving as the
virtual machine in this case which shows the experiment is fine so far. This IP should be
192.168.1.11. This IP belongs to the computer that the researchers are trying to establish a secure
connection with. Another IP address that is part of this transaction is of the system. This IP will
be 192.168.1.45.
Here it must be noted that the IP address of both the systems could vary slightly depending upon
the way the overall internet network has been wired. So if a different IP address is encoutnered,
it is nothing to worry about.
Once the IP has been achieved and the IP address of the system is in hand, it can be used for
attacking, the next thing to do is to look for the ports that are open and awaiting connection on
the system that is being attacked. (NMAP full port scan can accomplish this). One very efficient
3
solution to use is the NMAP ("Nmap: the Network Mapper - Free Security Scanner", 2019)
solution in which it will show something like in the image pasted below (Worley, n.d.).
Give some time for the scan to be finished and after that it can be seen that the ports that are
open and awaiting connection.
First of all, the researchers took a deeper look at the http port. After opening the IP listed above,
there will be a page that will show a broken webpage. Refer to the next screenshot in which it
clearly shows that a total of 2 directories were found while searching. The “dirb tool” made the
search on the system that was being attacked. To take a closer look, “development” folder can be
opened from command line and examine the things inside this folder.
4
solution in which it will show something like in the image pasted below (Worley, n.d.).
Give some time for the scan to be finished and after that it can be seen that the ports that are
open and awaiting connection.
First of all, the researchers took a deeper look at the http port. After opening the IP listed above,
there will be a page that will show a broken webpage. Refer to the next screenshot in which it
clearly shows that a total of 2 directories were found while searching. The “dirb tool” made the
search on the system that was being attacked. To take a closer look, “development” folder can be
opened from command line and examine the things inside this folder.
4
In this folder the folder list had been made not disable so that it could show all options. Other
than that it can also be seen that two text files were made. If the first file is opened it can be seen
that something similar to the next screenshot is displayed.
5
than that it can also be seen that two text files were made. If the first file is opened it can be seen
that something similar to the next screenshot is displayed.
5
The messages now read as:
“2018-04-22: SMB configuration complete. -K
2018-04-21: Apache set up complete. Will put in content now”
This piece of text explains that the server is currently being developed and has not been
completed. It does not contain any proper app that can be used by a user. However, the “SMB” is
still installed and ready to use on the system in question. So the next step is to move onto the
contents of the second file. This file should be named as “j.txt”. the screenshot has been added
below for reference.
It was very tough to read the text that appeared so it can be copy/pasted into a word file or a
browser to show you good results. It reads as follows:
6
“2018-04-22: SMB configuration complete. -K
2018-04-21: Apache set up complete. Will put in content now”
This piece of text explains that the server is currently being developed and has not been
completed. It does not contain any proper app that can be used by a user. However, the “SMB” is
still installed and ready to use on the system in question. So the next step is to move onto the
contents of the second file. This file should be named as “j.txt”. the screenshot has been added
below for reference.
It was very tough to read the text that appeared so it can be copy/pasted into a word file or a
browser to show you good results. It reads as follows:
6
“For J:
I've been auditing the contents of /etc/shadow to make sure we don't have any weak credentials,
and I was able to crack your hash really easily. You know our password policy, so please follow
it? Change that password ASAP.
-K"
The above are the exact words of the message. After giving it some thought the conclusion can
be reached that the message was meant for some user named “J” and it originated from another
user named “K”. Other than that it also explains that a password was cracked very easily and
poses this as a warning to change the password before any harm is done.
After this encounter we take a look at the information we have available. We are yet to figure out
the username but we have managed to extract the SMB port that is open and awaiting
connections. Our next step would be to list down the details of the SMB. The researchers used a
linux command “enum4linux” for this purpose. See the returned screenshot below
Upon analyzing the screenshot, it is evident that the returned message contained in it 2 different
login name. If these messages are combined by just copy/pasting above, it is easy to conclude
that the user “J” is the one who had a password that needed changing. Now this user will be
attacked. The attack results in data that is shown in the screenshot pasted below.
7
I've been auditing the contents of /etc/shadow to make sure we don't have any weak credentials,
and I was able to crack your hash really easily. You know our password policy, so please follow
it? Change that password ASAP.
-K"
The above are the exact words of the message. After giving it some thought the conclusion can
be reached that the message was meant for some user named “J” and it originated from another
user named “K”. Other than that it also explains that a password was cracked very easily and
poses this as a warning to change the password before any harm is done.
After this encounter we take a look at the information we have available. We are yet to figure out
the username but we have managed to extract the SMB port that is open and awaiting
connections. Our next step would be to list down the details of the SMB. The researchers used a
linux command “enum4linux” for this purpose. See the returned screenshot below
Upon analyzing the screenshot, it is evident that the returned message contained in it 2 different
login name. If these messages are combined by just copy/pasting above, it is easy to conclude
that the user “J” is the one who had a password that needed changing. Now this user will be
attacked. The attack results in data that is shown in the screenshot pasted below.
7
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
System Security Investigation and Proposallg...
|13
|1808
|1
ETHICAL. HACKING. CONTENTS. Ethical Hacking. Why Ethicalg...
|16
|313
|90
BIT354 : Network Vulnerability and Penetration Testing Assessment 2022lg...
|15
|1747
|17
Computer Security System Investigationlg...
|20
|2886
|78
Computer Security System Investigationlg...
|25
|3821
|87
Computer Security System Investigationlg...
|18
|2613
|81