Ethical Hacking and Defence: A Case Study
VerifiedAdded on 2023/06/04
|19
|1954
|321
AI Summary
This report discusses ethical hacking and defence through a case study. It covers five flags, including web server, web shells, password cracking, TCP port scanner, and basic Linux privilege escalations. The report provides detailed instructions and source code for each flag.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
0
Ethical Hacking and Defence
Ethical Hacking and Defence
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Executive Summary
Ethical hacking refers to a method to accurately analyses any organisation's data security
structure. It is observed that the IT professionals known as ethical hackers are increasing in
number and are gaining high status. These ethical hacker intentionally penetrate the security
systems for fixing the weak points. Here, the report completely deals with ethical hacking by
using a provided case study. The points determined from the case study displays five flags,
which are discussed briefly.
Ethical hacking refers to a method to accurately analyses any organisation's data security
structure. It is observed that the IT professionals known as ethical hackers are increasing in
number and are gaining high status. These ethical hacker intentionally penetrate the security
systems for fixing the weak points. Here, the report completely deals with ethical hacking by
using a provided case study. The points determined from the case study displays five flags,
which are discussed briefly.
Table of Contents
1. Purpose of the Project......................................................................................................1
2. Log Testing and the followed Methodology...................................................................1
1.1 Flag: 1- Web server...................................................................................................2
1.2 Flag: 2- Web Shells....................................................................................................3
1.3 Flag: 3- Password cracker........................................................................................4
1.4 Flag: 4- TCP port scanner – NMAP......................................................................10
1.5 Flag: 5- Privilege......................................................................................................12
3. Result and Conclusion....................................................................................................12
4. Source Code.....................................................................................................................12
4.1 NMAP – TCP port Scanner....................................................................................12
4.2 Password Cracker...................................................................................................13
5. Completion instructions.................................................................................................13
References...............................................................................................................................14
1. Purpose of the Project......................................................................................................1
2. Log Testing and the followed Methodology...................................................................1
1.1 Flag: 1- Web server...................................................................................................2
1.2 Flag: 2- Web Shells....................................................................................................3
1.3 Flag: 3- Password cracker........................................................................................4
1.4 Flag: 4- TCP port scanner – NMAP......................................................................10
1.5 Flag: 5- Privilege......................................................................................................12
3. Result and Conclusion....................................................................................................12
4. Source Code.....................................................................................................................12
4.1 NMAP – TCP port Scanner....................................................................................12
4.2 Password Cracker...................................................................................................13
5. Completion instructions.................................................................................................13
References...............................................................................................................................14
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1. Purpose of the Project
The ethical hacking concept will be reflected in this report, for a case study. The first
thing which the users will needs includes, system infiltration and get the root level privileges
an. Five flags will be discussed briefly in this report in terms of web server, web shell,
password cracker , TCP port scanner and privileges
2. Log Testing and the followed Methodology
Let’s begin the process by installing the Virtual machine followed by the case study on a
virtual machine. The below screen shot represents the same process.
1
The ethical hacking concept will be reflected in this report, for a case study. The first
thing which the users will needs includes, system infiltration and get the root level privileges
an. Five flags will be discussed briefly in this report in terms of web server, web shell,
password cracker , TCP port scanner and privileges
2. Log Testing and the followed Methodology
Let’s begin the process by installing the Virtual machine followed by the case study on a
virtual machine. The below screen shot represents the same process.
1
1.1 Flag: 1- Web server
The web servers help in delivering the requested web pages for their clients. As it is
known that each web server contains domain name and IP Address, to help with
identification. The local web server setup is set by the server administrator. The web
browsers such as, chrome, Google, Firefox and so on are used by the clients for accessing the
web pages. The IP address or the URL will be entered on the web browser’s address bar
which delivers the request using the web server scripting (Delgado, 2018). Whereas, in Kali
Linux it is required to make changes in the web server setup, as Kali Linux pre-installs
apache2 webserver. This ensures that the attackers to utilize this web server for delivering the
web page which has malicious code. It is possible to trap such attackers with the help of
social engineering method like, Phishing. The below screen shot represents the web server
content ("Hack Like a Pro: How to Find Directories in Websites Using DirBuster", 2018).
/etc/init.d/apache2
The below screen shot represents the same.
Figure 1 Flag 1 web server contents
The web servers help in delivering the requested web pages for their clients. As it is
known that each web server contains domain name and IP Address, to help with
identification. The local web server setup is set by the server administrator. The web
browsers such as, chrome, Google, Firefox and so on are used by the clients for accessing the
web pages. The IP address or the URL will be entered on the web browser’s address bar
which delivers the request using the web server scripting (Delgado, 2018). Whereas, in Kali
Linux it is required to make changes in the web server setup, as Kali Linux pre-installs
apache2 webserver. This ensures that the attackers to utilize this web server for delivering the
web page which has malicious code. It is possible to trap such attackers with the help of
social engineering method like, Phishing. The below screen shot represents the web server
content ("Hack Like a Pro: How to Find Directories in Websites Using DirBuster", 2018).
/etc/init.d/apache2
The below screen shot represents the same.
Figure 1 Flag 1 web server contents
1.2 Flag: 2- Web Shells
The web shells refer to small programs which could be uploaded to the vulnerable
server. It can later be opened with the help of the web browsers, for providing a web based
interface that actually helps to run the system commands. The web server must have
supporting web shell script, for instance, for a php web server, a php web shell is required.
The web shells can be instantly setup and used but, it also contains certain drawbacks
such as, they do not have the interactive style of a terminal. Web shells provide a quick gui
interface to do common tasks such as the following ("backdoors-using-web-shells", 2018)
a) View files
b) Travel across directories
c) Execute MySql queries / commands
d) Execute shell commands
e) Download files
f) Upload files
g) Delete files
h) Permissions to directory/folders
i) Edit files
j) Bypass mod_security
The following screen shot represents it ("Kali Linux Cookbook", 2018).
The web shells refer to small programs which could be uploaded to the vulnerable
server. It can later be opened with the help of the web browsers, for providing a web based
interface that actually helps to run the system commands. The web server must have
supporting web shell script, for instance, for a php web server, a php web shell is required.
The web shells can be instantly setup and used but, it also contains certain drawbacks
such as, they do not have the interactive style of a terminal. Web shells provide a quick gui
interface to do common tasks such as the following ("backdoors-using-web-shells", 2018)
a) View files
b) Travel across directories
c) Execute MySql queries / commands
d) Execute shell commands
e) Download files
f) Upload files
g) Delete files
h) Permissions to directory/folders
i) Edit files
j) Bypass mod_security
The following screen shot represents it ("Kali Linux Cookbook", 2018).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Figure 2 Flag 2 Web shells
1.3 Flag: 3- Password cracker
The recent and best designed password crackers are used here such as, hashcat. It
concentrates on the versatility and speed, which helps in cracking various hashes, in
various methods, instantly ("Webshells", 2018).
Step 1- Opening Hashcat
Go to Applications -> Kali Linux -> Password Attacks -> Offline Attacks -> hashcat,
as represented in the below screen shot ("Cracking Passwords Using John the Ripper", 2018).
1.3 Flag: 3- Password cracker
The recent and best designed password crackers are used here such as, hashcat. It
concentrates on the versatility and speed, which helps in cracking various hashes, in
various methods, instantly ("Webshells", 2018).
Step 1- Opening Hashcat
Go to Applications -> Kali Linux -> Password Attacks -> Offline Attacks -> hashcat,
as represented in the below screen shot ("Cracking Passwords Using John the Ripper", 2018).
Figure 3 Flag 3 Password Cracker
The help screen is opened as the hashcat menu item is clicked ("Hack Like a Pro: How to
Crack Passwords, Part 3 (Using Hashcat)", 2018).
Figure 4 Flag 3 Password Cracker
The help screen is opened as the hashcat menu item is clicked ("Hack Like a Pro: How to
Crack Passwords, Part 3 (Using Hashcat)", 2018).
Figure 4 Flag 3 Password Cracker
The basic hashcat syntax can be represented as follows:
kali > hashcat options hashfile mask|wordfiles|directories
Step 2- More Extensive Options
Initially, the hashcat allows the rules which permit us to apply the rules which are
specifically designed for using on the wordlist file ("What are web shells – Tutorial", 2018).
Figure 5 Flag 3 Password Cracker
The following shows the list of certain hash types which the hashcat could work with.
kali > hashcat options hashfile mask|wordfiles|directories
Step 2- More Extensive Options
Initially, the hashcat allows the rules which permit us to apply the rules which are
specifically designed for using on the wordlist file ("What are web shells – Tutorial", 2018).
Figure 5 Flag 3 Password Cracker
The following shows the list of certain hash types which the hashcat could work with.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Figure 6 Flag 3 Password Cracker
Step 3- Selecting Wordlist
A wordlist which are large in number in the web, is required for utilizing a simple
dictionary attack on certain Linux hashes. However, Kali has a built in wordlists which can
be used by typing the following,
kali > locate wordlist
Figure 7Flag 3 Password Cracker
Step 3- Selecting Wordlist
A wordlist which are large in number in the web, is required for utilizing a simple
dictionary attack on certain Linux hashes. However, Kali has a built in wordlists which can
be used by typing the following,
kali > locate wordlist
Figure 7Flag 3 Password Cracker
Figure 8Flag 3 Password Cracker
Step 4- Collect Hashes
Next, collect the hashes present in the Kali system. The collected hashes can be
viewed if the user is logged in as root. As the hashes are stored in “/etc/shadow file”, in the
Linux therefore type the following,
kali > tail /etc/shadow
Figure 9Flag 3 Password Cracker
Step 4- Collect Hashes
Next, collect the hashes present in the Kali system. The collected hashes can be
viewed if the user is logged in as root. As the hashes are stored in “/etc/shadow file”, in the
Linux therefore type the following,
kali > tail /etc/shadow
Figure 9Flag 3 Password Cracker
By entering the following, the file can be opened.
kali > more /etc/login.defs
Figure 10Flag 3 Password Cracker
Step 5- Hashes Cracking
Initially, separate the hashes in a different file and name it as, “hash.lst”.
kali > cp /etc/shadow hash.lst
It must be ensured that were copied again, which is done by entering the following,
more hash.lst
Figure 11Flag 3 Password Cracker
Figure 12 Flag 3 Password Cracker
The last step requires to begin cracking the hashes.
kali > hashcat -m 1800 -a 0 -o cracked.txt --remove hash.lst /usr/share/sqlmap/txt/wordlist.txt
kali > more /etc/login.defs
Figure 10Flag 3 Password Cracker
Step 5- Hashes Cracking
Initially, separate the hashes in a different file and name it as, “hash.lst”.
kali > cp /etc/shadow hash.lst
It must be ensured that were copied again, which is done by entering the following,
more hash.lst
Figure 11Flag 3 Password Cracker
Figure 12 Flag 3 Password Cracker
The last step requires to begin cracking the hashes.
kali > hashcat -m 1800 -a 0 -o cracked.txt --remove hash.lst /usr/share/sqlmap/txt/wordlist.txt
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Figure 13Flag 3 Password Cracker
Figure 14 Flag 3 Password Cracker
1.4 Flag: 4- TCP port scanner – NMAP
The Nmap in Kali Linux will be utilized for scanning to see the open ports. Whereas,
detection of the same takes place with the help of OS detection. In general, Network Mapper
(Nmap) refers to a tool which is an open source and is used to explore the network along with
auditing the security that is available in Kali Linux. However, the same facilities are provided
even by OSX, Windows, and various other UNIX platforms ("Hack Like a Pro: Advanced
Nmap for Reconnaissance", 2018). Zenmap is a GUI present in Nmap.
First, in Kali open the Nmap.
Figure 14 Flag 3 Password Cracker
1.4 Flag: 4- TCP port scanner – NMAP
The Nmap in Kali Linux will be utilized for scanning to see the open ports. Whereas,
detection of the same takes place with the help of OS detection. In general, Network Mapper
(Nmap) refers to a tool which is an open source and is used to explore the network along with
auditing the security that is available in Kali Linux. However, the same facilities are provided
even by OSX, Windows, and various other UNIX platforms ("Hack Like a Pro: Advanced
Nmap for Reconnaissance", 2018). Zenmap is a GUI present in Nmap.
First, in Kali open the Nmap.
Then, open a terminal and type “nmap”.
kali > nmap
This will show the help screen, exactly as represented below ("WMAP Web Scanner", 2018).
Figure 15Flag 4 Port Scanner
The results shows all the TCP ports, which are open on the target machine along with the
default service for the respective ports.
Figure 16 Flag 4 Port Scanner
kali > nmap
This will show the help screen, exactly as represented below ("WMAP Web Scanner", 2018).
Figure 15Flag 4 Port Scanner
The results shows all the TCP ports, which are open on the target machine along with the
default service for the respective ports.
Figure 16 Flag 4 Port Scanner
1.5 Flag: 5- Privilege
The below mentioned basic Linux privilege escalations are learnt:
Applications and Services, Operating System, Networking, Communication,
Confidential Information and users, file systems and finding the exploit code with its
preparation.
3. Result and Conclusion
The ethical hacking concept is dealt in this report for a case study. It is observed that
users need to attain the root level privileges and for system infiltration. As mentioned earlier,
the report has discussed briefly about the five flags, where the following are the purposes of
the flags- For evaluating the content of the web server, for learning web shells, for password
cracking, for recognizing the user filling incorrect password and to gain knowledge of basic
Linux privilege escalations.
4. Source Code
4.1 NMAP – TCP port Scanner
Open NMAP and type below command on terminal.
nmap -sT 192.168.1.1
Figure 17 Flag 4 Port Scanner
The below mentioned basic Linux privilege escalations are learnt:
Applications and Services, Operating System, Networking, Communication,
Confidential Information and users, file systems and finding the exploit code with its
preparation.
3. Result and Conclusion
The ethical hacking concept is dealt in this report for a case study. It is observed that
users need to attain the root level privileges and for system infiltration. As mentioned earlier,
the report has discussed briefly about the five flags, where the following are the purposes of
the flags- For evaluating the content of the web server, for learning web shells, for password
cracking, for recognizing the user filling incorrect password and to gain knowledge of basic
Linux privilege escalations.
4. Source Code
4.1 NMAP – TCP port Scanner
Open NMAP and type below command on terminal.
nmap -sT 192.168.1.1
Figure 17 Flag 4 Port Scanner
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4.2 Password Cracker
Go to Applications -> Kali Linux -> Password Attacks -> Offline Attacks -> hashcat.
kali > hashcat options hashfile mask|wordfiles|directories
kali > locate wordlist
kali > tail /etc/shadow
kali > more /etc/login.defs
kali > cp /etc/shadow hash.lst
more hash.lst
kali > hashcat -m 1800 -a 0 -o cracked.txt --remove hash.lst
/usr/share/sqlmap/txt/wordlist.txt
5. Completion instructions
Port Scanner
First, in Kali open the Nmap.
Then, open a terminal and type “nmap”.
kali > nmap
After, enter the below command on terminal.
nmap -sT 192.168.1.1
Password Cracker
Step 1- Opening Hashcat
Go to Applications -> Kali Linux -> Password Attacks -> Offline Attacks -> hashcat.
The basic hashcat syntax can be represented as follows:
kali > hashcat options hashfile mask|wordfiles|directories
Step 2- More Extensive Options
List of certain hash types which the hashcat could work with.
Step 3- Selecting Wordlist
kali > locate wordlist
Step 4- Collect Hashes
As the hashes are stored in “/etc/shadow file”, in the Linux therefore type the
following,
kali > tail /etc/shadow
Go to Applications -> Kali Linux -> Password Attacks -> Offline Attacks -> hashcat.
kali > hashcat options hashfile mask|wordfiles|directories
kali > locate wordlist
kali > tail /etc/shadow
kali > more /etc/login.defs
kali > cp /etc/shadow hash.lst
more hash.lst
kali > hashcat -m 1800 -a 0 -o cracked.txt --remove hash.lst
/usr/share/sqlmap/txt/wordlist.txt
5. Completion instructions
Port Scanner
First, in Kali open the Nmap.
Then, open a terminal and type “nmap”.
kali > nmap
After, enter the below command on terminal.
nmap -sT 192.168.1.1
Password Cracker
Step 1- Opening Hashcat
Go to Applications -> Kali Linux -> Password Attacks -> Offline Attacks -> hashcat.
The basic hashcat syntax can be represented as follows:
kali > hashcat options hashfile mask|wordfiles|directories
Step 2- More Extensive Options
List of certain hash types which the hashcat could work with.
Step 3- Selecting Wordlist
kali > locate wordlist
Step 4- Collect Hashes
As the hashes are stored in “/etc/shadow file”, in the Linux therefore type the
following,
kali > tail /etc/shadow
By entering the following, the file can be opened.
kali > more /etc/login.defs
Step 5- Hashes Cracking
kali > cp /etc/shadow hash.lst
more hash.lst
The last step requires to begin cracking the hashes.
kali > hashcat -m 1800 -a 0 -o cracked.txt --remove hash.lst
/usr/share/sqlmap/txt/wordlist.txt
References
Cracking Passwords Using John the Ripper. (2018). Retrieved from https://null-
byte.wonderhowto.com/forum/cracking-passwords-using-john-ripper-0181420/
kali > more /etc/login.defs
Step 5- Hashes Cracking
kali > cp /etc/shadow hash.lst
more hash.lst
The last step requires to begin cracking the hashes.
kali > hashcat -m 1800 -a 0 -o cracked.txt --remove hash.lst
/usr/share/sqlmap/txt/wordlist.txt
References
Cracking Passwords Using John the Ripper. (2018). Retrieved from https://null-
byte.wonderhowto.com/forum/cracking-passwords-using-john-ripper-0181420/
Delgado, C. (2018). How to list Directories and Files of a Website using DirBuster in Kali
Linux. Retrieved from https://ourcodeworld.com/articles/read/417/how-to-list-
directories-and-files-of-a-website-using-dirbuster-in-kali-linux
Hack Like a Pro: Advanced Nmap for Reconnaissance. (2018). Retrieved from https://null-
byte.wonderhowto.com/how-to/hack-like-pro-advanced-nmap-for-reconnaissance-
0151619/
Hack Like a Pro: How to Crack Passwords, Part 3 (Using Hashcat). (2018). Retrieved from
https://null-byte.wonderhowto.com/how-to/hack-like-pro-crack-passwords-part-3-using-
hashcat-0156543/
Hack Like a Pro: How to Find Directories in Websites Using DirBuster. (2018). Retrieved
from https://null-byte.wonderhowto.com/how-to/hack-like-pro-find-directories-websites-
using-dirbuster-0157593/
Kali Linux Cookbook. (2018). Retrieved from https://www.oreilly.com/library/view/kali-
linux-cookbook/9781783289592/ch04s05.html
Webshells. (2018). Retrieved from https://tools.kali.org/maintaining-access/webshells
What are web shells – Tutorial. (2018). Retrieved from https://www.binarytides.com/web-
shells-tutorial/
WMAP Web Scanner. (2018). Retrieved from
https://www.offensive-security.com/metasploit-unleashed/wmap-web-scanner/
Linux. Retrieved from https://ourcodeworld.com/articles/read/417/how-to-list-
directories-and-files-of-a-website-using-dirbuster-in-kali-linux
Hack Like a Pro: Advanced Nmap for Reconnaissance. (2018). Retrieved from https://null-
byte.wonderhowto.com/how-to/hack-like-pro-advanced-nmap-for-reconnaissance-
0151619/
Hack Like a Pro: How to Crack Passwords, Part 3 (Using Hashcat). (2018). Retrieved from
https://null-byte.wonderhowto.com/how-to/hack-like-pro-crack-passwords-part-3-using-
hashcat-0156543/
Hack Like a Pro: How to Find Directories in Websites Using DirBuster. (2018). Retrieved
from https://null-byte.wonderhowto.com/how-to/hack-like-pro-find-directories-websites-
using-dirbuster-0157593/
Kali Linux Cookbook. (2018). Retrieved from https://www.oreilly.com/library/view/kali-
linux-cookbook/9781783289592/ch04s05.html
Webshells. (2018). Retrieved from https://tools.kali.org/maintaining-access/webshells
What are web shells – Tutorial. (2018). Retrieved from https://www.binarytides.com/web-
shells-tutorial/
WMAP Web Scanner. (2018). Retrieved from
https://www.offensive-security.com/metasploit-unleashed/wmap-web-scanner/
1 out of 19
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.