Ethical Hacking and Defence: Log Testing, Methodologies and Five Flags
VerifiedAdded on 2023/06/04
|17
|1747
|274
AI Summary
This report describes the secure methods to be opted for security the system from the malicious accessing of the hackers. It explains log testing, defined methodologies and the five flags with the respective results. The report suggests tools for scanning the ports like the TCP port scanner as an effective tool. It also brings out the Linux privilege escalations.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
ETHICAL HACKING AND
DEFENCE
DEFENCE
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Executive Summary
Ethical hacking is a serious step that has to be taken for defence of a system and the network.
The following report’s target is to present a report which gives a through description on this
and has successfully completed the report. The report ensures to describe the log testing,
defined methodologies and the five flags with the respective results.
1
Ethical hacking is a serious step that has to be taken for defence of a system and the network.
The following report’s target is to present a report which gives a through description on this
and has successfully completed the report. The report ensures to describe the log testing,
defined methodologies and the five flags with the respective results.
1
Table of Contents
1 Target of the Project.........................................................................................................3
2 Defined Methodology and Log Testing...........................................................................3
Flag 1.....................................................................................................................................5
Flag 2.....................................................................................................................................7
Flag 3.....................................................................................................................................8
Flag 4...................................................................................................................................13
Flag 5...................................................................................................................................15
3 Result................................................................................................................................16
References...............................................................................................................................17
2
1 Target of the Project.........................................................................................................3
2 Defined Methodology and Log Testing...........................................................................3
Flag 1.....................................................................................................................................5
Flag 2.....................................................................................................................................7
Flag 3.....................................................................................................................................8
Flag 4...................................................................................................................................13
Flag 5...................................................................................................................................15
3 Result................................................................................................................................16
References...............................................................................................................................17
2
1 Target of the Project
Today, it is very much crucial for the users and the organizations to secure their
network, website, devices and system from the hackers. This report brings out the secure
methods to be opted for security the system from the malicious accessing of the hackers. The
report will ensure to describe the log testing, defined methodologies and the five flags with
the respective results.
2 Defined Methodology and Log Testing
Virtual machine installation is the very first thing which the user must do here which is
demonstrated in the following figure.
3
Today, it is very much crucial for the users and the organizations to secure their
network, website, devices and system from the hackers. This report brings out the secure
methods to be opted for security the system from the malicious accessing of the hackers. The
report will ensure to describe the log testing, defined methodologies and the five flags with
the respective results.
2 Defined Methodology and Log Testing
Virtual machine installation is the very first thing which the user must do here which is
demonstrated in the following figure.
3
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4
Flag 1
In general, web server could be defined as the server that contains the responsibility of
accepting the HTTP requests which comes from the web clients for serving the HTTP
responses. This basically has taken in a form of web pages which has static content along
with the dynamic content. The static content’s example can be as follows, pictures/images,
text and so on. Whereas, the dynamic content’s example can be the script (Ali, 2014).
This flag explains the usage of Apache Web server and its advantages. The first
important announcement to be made about apache is that it is a free open source. It is known
as a cross-platform that is robust as well as it is used by the small firms and also the big
organizations. Hence, the apache is wide spread the number of users have increased
significantly. Moreover, 50 percentage of the web servers utilize apache (Buchanan, 2014).
The next section will represent the web server content.
Apache httpd 2.4 default layout (apache.org source package):
Apache httpd 2.2 default layout (apache.org source package):
5
In general, web server could be defined as the server that contains the responsibility of
accepting the HTTP requests which comes from the web clients for serving the HTTP
responses. This basically has taken in a form of web pages which has static content along
with the dynamic content. The static content’s example can be as follows, pictures/images,
text and so on. Whereas, the dynamic content’s example can be the script (Ali, 2014).
This flag explains the usage of Apache Web server and its advantages. The first
important announcement to be made about apache is that it is a free open source. It is known
as a cross-platform that is robust as well as it is used by the small firms and also the big
organizations. Hence, the apache is wide spread the number of users have increased
significantly. Moreover, 50 percentage of the web servers utilize apache (Buchanan, 2014).
The next section will represent the web server content.
Apache httpd 2.4 default layout (apache.org source package):
Apache httpd 2.2 default layout (apache.org source package):
5
Apache httpd 2.0 default layout (apache.org source package):
Flag 2
Only on the web, the web shells can run and it contains no socket communication,
exactly like the reverse shells. The program called netcat is the web server has to be
connected with each other in a reverse shell that is present on hacker’s system. This is why
the web shells have instant set up and usage. Along with positive aspects it also contains
certain negative aspects, which is it lacks interactive terminal style. For dealing with
vulnerabilities, the web shells are utilized, as it carries out the process like arbitrary file
6
Flag 2
Only on the web, the web shells can run and it contains no socket communication,
exactly like the reverse shells. The program called netcat is the web server has to be
connected with each other in a reverse shell that is present on hacker’s system. This is why
the web shells have instant set up and usage. Along with positive aspects it also contains
certain negative aspects, which is it lacks interactive terminal style. For dealing with
vulnerabilities, the web shells are utilized, as it carries out the process like arbitrary file
6
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
upload and adding the remote file. When the web server encounters similar vulnerability, in
such situation the hacker would only upload look alike web shell, and it is opened from the
browser with a right path. It is believed that it will support in getting the interface to run any
arbitrary commands which are present in the system (Ethical hacking and countermeasures,
2017). Hence, the web shells uses the interpreter engine’s privileges for running.
The following figures illustrate the above explained facts.
Flag 3
Here, the hashcat is used.
Step: 1- Hashcat opening
Follow as below,
Thus, this will help the hashcat to be opened.
7
such situation the hacker would only upload look alike web shell, and it is opened from the
browser with a right path. It is believed that it will support in getting the interface to run any
arbitrary commands which are present in the system (Ethical hacking and countermeasures,
2017). Hence, the web shells uses the interpreter engine’s privileges for running.
The following figures illustrate the above explained facts.
Flag 3
Here, the hashcat is used.
Step: 1- Hashcat opening
Follow as below,
Thus, this will help the hashcat to be opened.
7
Follow the above shown steps to access the hashcat option from the help screen.
Follow the above basic hashcat’s syntax (Gillet, Fourn & Hennion, 2012).
8
Follow the above basic hashcat’s syntax (Gillet, Fourn & Hennion, 2012).
8
Step: 2- Additional Extensive Options
For applying to the wordlist file, there are supportive hashcat rules.
As mentioned in the following figure, the Hashcat types’ list is presented.
Step: 3- Selection of the Wordlist
Follow as follows,
In Kali system, this command will represent the built-in wordlist.
9
For applying to the wordlist file, there are supportive hashcat rules.
As mentioned in the following figure, the Hashcat types’ list is presented.
Step: 3- Selection of the Wordlist
Follow as follows,
In Kali system, this command will represent the built-in wordlist.
9
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Step 4 Grabbing Hashes
As mentioned, this step refers to grabbing the hashes available in the Kali system,
when logged in as the root user. However, the Linux system won’t have such a situation
because it has storage space in, /etc/shadow file (Hogan & Epping, 2015).
Type as follows, and grab the hashes which are available in the Kali system,
kali > more /etc/login.defs
10
As mentioned, this step refers to grabbing the hashes available in the Kali system,
when logged in as the root user. However, the Linux system won’t have such a situation
because it has storage space in, /etc/shadow file (Hogan & Epping, 2015).
Type as follows, and grab the hashes which are available in the Kali system,
kali > more /etc/login.defs
10
This command will help to open the file.
Step 5 Cracking the Hashes
First, segregate the hashes in a separate file and then name it as, hash.lst.
Further, type as mentioned below,
more hash.lst
Hence, the hash cracking is possible to do here.
11
Step 5 Cracking the Hashes
First, segregate the hashes in a separate file and then name it as, hash.lst.
Further, type as mentioned below,
more hash.lst
Hence, the hash cracking is possible to do here.
11
Flag 4
Nmap is not just a simple tool, it is the tool which is well-known as the network
sniffing tool and it has helped various users and several professionals in cyber security. The
one who thinks to use this tool, it is suggested to know the basic installation steps, including
the version and user manual locating (MAURUSHAT, 2019).
The following section lists the switches which could be used to enhance
the information in the form of result.
a) UDP Scan:-sU switch which adds the command line to just identify the
details of the UDP port.
For example: nmap -sU 192.168.1.10
12
Nmap is not just a simple tool, it is the tool which is well-known as the network
sniffing tool and it has helped various users and several professionals in cyber security. The
one who thinks to use this tool, it is suggested to know the basic installation steps, including
the version and user manual locating (MAURUSHAT, 2019).
The following section lists the switches which could be used to enhance
the information in the form of result.
a) UDP Scan:-sU switch which adds the command line to just identify the
details of the UDP port.
For example: nmap -sU 192.168.1.10
12
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
b) TCP Connect Scan: The results are identified by the regular scan
that belongs to TCP ports. But, when -sT is included in the command
it will add IP to the Targeted System’s log file.
For example: nmap -sT 192.168.1.10
c) TCP SYN Stealth: It is a scan that will send large number of requests
irrespective of any session being created, and it needs privileged
access.
For example: nmap -sS 192.168.1.10
d) TCP Fin: In SYN form the Packets will be sent. But, as -sF will be
included to the command, Fin packets are converted.
For example: nmap -sF 192.168.1.10
e) TCP Null: If without any flag the addition of -sN is done, then it will
send the packets to the system.
For example: nmap -sN 192.168.1.10
f) TCP Xmas: The switch –sX, helps to and it is a scan which helps to
send the packets namely, URG, PUSH, and FIN packets for the
system, for identifying the status of the port.
For example: nmap -sX 192.168.1.10
g) TCP Ack: -sA is the switch which is used to send the ACK
(Acknowledgement) package for the remote system, as it helps to
receive the details of the port.
For example: nmap -sA 192.168.1.10
In the kali Linux’s terminal, the following command helps to open Nmap, and the results are
displayed below.
13
that belongs to TCP ports. But, when -sT is included in the command
it will add IP to the Targeted System’s log file.
For example: nmap -sT 192.168.1.10
c) TCP SYN Stealth: It is a scan that will send large number of requests
irrespective of any session being created, and it needs privileged
access.
For example: nmap -sS 192.168.1.10
d) TCP Fin: In SYN form the Packets will be sent. But, as -sF will be
included to the command, Fin packets are converted.
For example: nmap -sF 192.168.1.10
e) TCP Null: If without any flag the addition of -sN is done, then it will
send the packets to the system.
For example: nmap -sN 192.168.1.10
f) TCP Xmas: The switch –sX, helps to and it is a scan which helps to
send the packets namely, URG, PUSH, and FIN packets for the
system, for identifying the status of the port.
For example: nmap -sX 192.168.1.10
g) TCP Ack: -sA is the switch which is used to send the ACK
(Acknowledgement) package for the remote system, as it helps to
receive the details of the port.
For example: nmap -sA 192.168.1.10
In the kali Linux’s terminal, the following command helps to open Nmap, and the results are
displayed below.
13
The result displays the open TCP ports on the target machine, plus the default service of the
ports (Nájera-Gutiérrez, 2016).
Flag 5
The Linux privilege escalations learnt in this cases study are as follows- Applications &
Services, File Systems, Preparation & Finding Exploit Code, operating System,
Communications & Networking, and the Confidential Information & Users
14
ports (Nájera-Gutiérrez, 2016).
Flag 5
The Linux privilege escalations learnt in this cases study are as follows- Applications &
Services, File Systems, Preparation & Finding Exploit Code, operating System,
Communications & Networking, and the Confidential Information & Users
14
3 Result
The report has accomplished what it stated in the beginning, as its objective i.e.,
ethical hacking and defence for securing the network, website, devices and system from the
hackers. The report also suggests some of the tools for scanning the ports like the TCP port
scanner as effective tool (Zimmer, 2013). Additionally, the report brings out the secure
methods to be opted for security the system from the malicious access of the hackers (Rule,
2011). The report has described the project which involves the log testing, defined
methodologies and the five flags with the respective results. The determined results states
that, the flags helps with the evaluation of the web server content, then to increase the
knowledge on web shells, password cracking technique, web shell, port scanner and mainly
the Linux privilege escalations. Here, the result displays the open TCP ports on the target
machine, along with the default service of the ports (Sak & Ram, 2016).
15
The report has accomplished what it stated in the beginning, as its objective i.e.,
ethical hacking and defence for securing the network, website, devices and system from the
hackers. The report also suggests some of the tools for scanning the ports like the TCP port
scanner as effective tool (Zimmer, 2013). Additionally, the report brings out the secure
methods to be opted for security the system from the malicious access of the hackers (Rule,
2011). The report has described the project which involves the log testing, defined
methodologies and the five flags with the respective results. The determined results states
that, the flags helps with the evaluation of the web server content, then to increase the
knowledge on web shells, password cracking technique, web shell, port scanner and mainly
the Linux privilege escalations. Here, the result displays the open TCP ports on the target
machine, along with the default service of the ports (Sak & Ram, 2016).
15
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
References
Ali, S. (2014). Kali Linux. [Place of publication not identified]: Packt Publishing.
Buchanan, C. (2014). Kali Linux CTF Blueprints. Birmingham: Packt Publishing.
Cengage Learning. (2017). Ethical hacking and countermeasures. Boston, MA.
Gillet, P., Fourn, E., & Hennion, R. (2012). VMware vSphere 5. St-Herblain: É d. ENI.
Hogan, C., & Epping, D. (2015). Essential virtual SAN. Upper Saddle River, NJ: Financial
Times/Prentice Hall.
MAURUSHAT, A. (2019). ETHICAL HACKING. [S.l.]: UNIV OF OTTAWA PRESS.
Nájera-Gutiérrez, G. (2016). Kali Linux web penetration testing cookbook. Birmingham, UK:
Packt Publishing.
Rule, D. (2011). How to Cheat at Configuring VmWare ESX Server. Burlington: Elsevier
Science.
Sak, B., & Ram, J. (2016). Mastering Kali Linux wireless pentesting. Birmingham, UK:
Packt Publishing.
Zimmer, D. (2013). VMware vSphere 5. Bonn: Galileo Press.
16
Ali, S. (2014). Kali Linux. [Place of publication not identified]: Packt Publishing.
Buchanan, C. (2014). Kali Linux CTF Blueprints. Birmingham: Packt Publishing.
Cengage Learning. (2017). Ethical hacking and countermeasures. Boston, MA.
Gillet, P., Fourn, E., & Hennion, R. (2012). VMware vSphere 5. St-Herblain: É d. ENI.
Hogan, C., & Epping, D. (2015). Essential virtual SAN. Upper Saddle River, NJ: Financial
Times/Prentice Hall.
MAURUSHAT, A. (2019). ETHICAL HACKING. [S.l.]: UNIV OF OTTAWA PRESS.
Nájera-Gutiérrez, G. (2016). Kali Linux web penetration testing cookbook. Birmingham, UK:
Packt Publishing.
Rule, D. (2011). How to Cheat at Configuring VmWare ESX Server. Burlington: Elsevier
Science.
Sak, B., & Ram, J. (2016). Mastering Kali Linux wireless pentesting. Birmingham, UK:
Packt Publishing.
Zimmer, D. (2013). VMware vSphere 5. Bonn: Galileo Press.
16
1 out of 17
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.