logo

Ethical Hacking Techniques and Practices

   

Added on  2020-03-16

28 Pages2784 Words266 Views
 | 
 | 
 | 
Running head: ETHICAL HACKING AND DEFENCEEthical Hacking and DefenseAssignment 2Name of the StudentName of the UniversityAuthor’s Note
Ethical Hacking Techniques and Practices_1

1ETHICAL HACKING AND DEFENCE Executive SummaryThe report is prepared for testing and attacking a victim machine using kali Linux. An ethicalprocess is followed for attacking the machine and gain the access of the system. The IT resourcesare tested with the principles and techniques used for gaining the access of the machinesconnected in the network. It is used for enhancing the security of the network and more time isspent in gaining the knowledge about ethical hacking and studying the techniques and the toolsused for gaining the access of the workstations. The introduction part defines the differentconcepts used for ethical a hacking and helps to increase knowledge about the management ofthe risks associated with the workstations and focus is given on the penetration testing.
Ethical Hacking Techniques and Practices_2

2ETHICAL HACKING AND DEFENCE Table of Contents1. Overview..........................................................................................................................32. Methodology....................................................................................................................32.1. Step#1: Reconnaissance............................................................................................32.2. Step#2: Scanning......................................................................................................32.3. Step#3: Gaining Access............................................................................................42.4. Step#4: Maintaining Access.....................................................................................42.5. Step#5: Clearing the Tracks......................................................................................43. Testing Log......................................................................................................................43.1. Flag 1........................................................................................................................43.2. Flag 2........................................................................................................................73.3. Flag 3........................................................................................................................83.4. Flag 4........................................................................................................................93.5. Flag 5......................................................................................................................114. Results and Recommendations......................................................................................115. Source/Instructions: PORT Scanner..............................................................................126. Source/Instruction: Password Cracker...........................................................................13Bibliography......................................................................................................................14Appendices........................................................................................................................16
Ethical Hacking Techniques and Practices_3

3ETHICAL HACKING AND DEFENCE 1. OverviewEthical hacking is also known as penetration testing or intrusion testing and it is done tocrack the password of a workstation and gain the access of the machine. The ethical hackingmethodology is used by the hackers to analyze the vulnerability of the workstations connected inthe network and its operating environment. The security of the computers are a major concern forthe government and the business during the growth of the internet and the problems associatedwith the organization is analyzed using ethical hacking for evaluation of the threat related withthe computer systems. The computer systems are attempted to break and individually neitherdamaging nor stealing the informations from the targeted system. The security of the targetedsystem are evaluated and the vulnerability are reported for increasing the security of the system. 2. Methodology2.1. Step#1: ReconnaissanceThe matching information are gained and more information are gathered from the targetsystem. Different tools can be used for gathering information and the gathering of informationare broken into different steps locating the network range, discovering the ports and the accesspoints, detection of the operating system, identification of the service and the ports and mappingof the network. Tools like NSlookup, Whois can be used for gathering the information.2.2. Step#2: ScanningThe system that are alive can be identified by scanning the network and the IP address ofthe system is evaluated. Different scanning tools are available and can be used for getting theport address and the IP address of the targeted machine.
Ethical Hacking Techniques and Practices_4

4ETHICAL HACKING AND DEFENCE 2.3. Step#3: Gaining AccessThe information from the scanning phase are used for gaining the access of the targetedsystem. The password in the system can be cracked using brute force attacks and accessing thepassword directory files. Keyloggers and spywares can also be used for getting the password ofthe targeted machine. 2.4. Step#4: Maintaining AccessBackdoors are created by the hacker for maintaining the access of the system anddifferent programs can be installed on the machine gather confidential data and control thesystem. The rootkit can be used for hiding the utilities that is accessed by the hacker. A kernelmode device driver _root_.sys contains in the rootkit and a program DEPLOY.EXE is used forrunning the rootkit files. This is used to hide the files from the list of directory.2.5. Step#5: Clearing the TracksThe activity performed by the hacker on the targeted machine is required to be covered inorder to avoid detection and continue in the access for a longer period of time. The log files arerequired to be deleted using the tunneling protocol or altering the log files.3. Testing Log3.1. Flag 1Command used for scanning the active host in the network:root@kali:~# nmap -sP 192.168.177.0/24The output of the command:Starting Nmap 7.50 ( https://nmap.org ) at 2017-10-21 19:32 AWST
Ethical Hacking Techniques and Practices_5

5ETHICAL HACKING AND DEFENCE MAC Address: 00:0C:29:15:14:71 (VMware)Nmap scan report for 192.168.177.159Nmap done: 256 IP addresses (4 hosts up) scanned in 6.28 secondsThe open ports of the targeted host is scanned using the following command:root@kali:~# masscan 192.168.177.159 --port 1-65535 --rate=10000The output of the command is Starting masscan 1.0.3 (http://bit.ly/14GZzcT) at 2017-10-21 11:54:21 GMT -- forced options: -sS -Pn -n --randomize-hosts -v --send-ethInitiating SYN Stealth ScanScanning 1 hosts [65535 ports/host]Discovered open port 110/tcp on 192.168.177.159 Discovered open port 3632/tcp on 192.168.177.159 Discovered open port 80/tcp on 192.168.177.159 Discovered open port 21/tcp on 192.168.177.159 Discovered open port 143/tcp on 192.168.177.159 Discovered open port 995/tcp on 192.168.177.159 Discovered open port 22/tcp on 192.168.177.159 Discovered open port 993/tcp on 192.168.177.159
Ethical Hacking Techniques and Practices_6

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents