Ethical Hacking and Defence - TCP Port Scanning with Nmap
VerifiedAdded on 2023/06/03
|14
|3439
|108
AI Summary
This report explores ethical hacking and defence, focusing on TCP port scanning with Nmap. It explains the TCP three way handshake and how Nmap can be used to increase system speed and accuracy.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Ethical Hacking and Defence
STUDENT NAME:
STUDENT ID:
SUBMISSION DATE:
STUDENT NAME:
STUDENT ID:
SUBMISSION DATE:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
EXECUTIVE SUMMARY
In the field of computer networking, hacking is refers as a technical effort for manipulating the
connected systems and the network connection’s normal behavior. Here, it is the hacker who
carries out hacking. Thus, both hacking and hackers can be related to malicious programming
attacks on the networks and computers via, internet. On the other hand, ethical hacking make a
passing reference to White Hat Hacking or legal hacking, whereas the illegal hacking is
referenced to Black Hat Hacking. The purpose of this report is to infiltrate the given system and
get the root level privileges. Further, it is required to represent the five flag’s values and its
system compromises. This report outlines all the tests and attacks that run against the system,
with the respective results. Additionally, the basic TCP port scanner and the password cracker
required for the case study are represented.
In the field of computer networking, hacking is refers as a technical effort for manipulating the
connected systems and the network connection’s normal behavior. Here, it is the hacker who
carries out hacking. Thus, both hacking and hackers can be related to malicious programming
attacks on the networks and computers via, internet. On the other hand, ethical hacking make a
passing reference to White Hat Hacking or legal hacking, whereas the illegal hacking is
referenced to Black Hat Hacking. The purpose of this report is to infiltrate the given system and
get the root level privileges. Further, it is required to represent the five flag’s values and its
system compromises. This report outlines all the tests and attacks that run against the system,
with the respective results. Additionally, the basic TCP port scanner and the password cracker
required for the case study are represented.
Table of Contents
1. Introduction.......................................................................................................................................1
2. Defined Methodology and Testing Log............................................................................................1
Flag 1-Web Server.................................................................................................................................3
Flag 2- Web Shells.................................................................................................................................4
Flag 3- Password Cracker.....................................................................................................................5
Flag 4- TCP Port Scanner–Nmap.........................................................................................................7
Flag 5- Privileges..................................................................................................................................10
3. Results and Recommendations.......................................................................................................10
References................................................................................................................................................11
1. Introduction.......................................................................................................................................1
2. Defined Methodology and Testing Log............................................................................................1
Flag 1-Web Server.................................................................................................................................3
Flag 2- Web Shells.................................................................................................................................4
Flag 3- Password Cracker.....................................................................................................................5
Flag 4- TCP Port Scanner–Nmap.........................................................................................................7
Flag 5- Privileges..................................................................................................................................10
3. Results and Recommendations.......................................................................................................10
References................................................................................................................................................11
1. Introduction
Today’s computer networking field has a serious impact due to hacking, which refers as a
technical effort for manipulating the connected systems and the network connection’s normal
behavior (Mitchell, 2018). Here, it is the hacker who carries out such threatening attacks ("What
is Hacking?", 2018). Both, hacking and hackers can be related to malicious programming attacks
on the networks and computers via, internet. It is necessary to protect the computer to avoid
vulnerabilities or holes (Reddy, 2018). This can be done by installing a software which can be
trusted and by avoiding unknown emails. But, the hackers try everything possible to get access
of the victim's system ("Hacking - protect yourself against hackers", 2018). There are two types
of hacking ethical and non-ethical hacking (Gupta & Anand, 2017). Ethical hacking make a
passing reference to White Hat Hacking or legal hacking, whereas the illegal hacking is
referenced to Black Hat Hacking (Beaver, 2010).
The object of this refers to infiltrating the given system and to get the root level
privileges. Further, it is required to represent the five flag’s values and its system compromises.
This report also aims to outline all the tests and attacks that run against the system, with the
respective results. Later, the basic TCP port scanner and the password cracker required for the
case study will be represented.
2. Defined Methodology and Testing Log
This section of the report will help to process the following activities- Investigating steps
to successfully complete ethical hacking, gather case study related information from the Internet,
Network scanning and searching the vulnerabilities. Prior to starting ethical hacking, it is
necessary to learn the basic methodology, because it requires more than penetrating and patching
a system or network. Moreover, the techniques which are proved could effectively support as a
guide throughout the process of hacking and it will make sure to reach the appropriate
destination. The use of supportive methodology for meeting the goals of ethical hacking is what
differs when it comes to the professional and the amateur hacker. This even saves a lot of cost,
time and efforts (Beaver, 2010).
Ethical hacking is same as the beta testing software. The general steps for hacking or
penetration testing sticks to highly logical process such as, reconnaissance, exploitation,
elevation of the privilege, establishing persistence, extracting the data, covering the tracks and
1
Today’s computer networking field has a serious impact due to hacking, which refers as a
technical effort for manipulating the connected systems and the network connection’s normal
behavior (Mitchell, 2018). Here, it is the hacker who carries out such threatening attacks ("What
is Hacking?", 2018). Both, hacking and hackers can be related to malicious programming attacks
on the networks and computers via, internet. It is necessary to protect the computer to avoid
vulnerabilities or holes (Reddy, 2018). This can be done by installing a software which can be
trusted and by avoiding unknown emails. But, the hackers try everything possible to get access
of the victim's system ("Hacking - protect yourself against hackers", 2018). There are two types
of hacking ethical and non-ethical hacking (Gupta & Anand, 2017). Ethical hacking make a
passing reference to White Hat Hacking or legal hacking, whereas the illegal hacking is
referenced to Black Hat Hacking (Beaver, 2010).
The object of this refers to infiltrating the given system and to get the root level
privileges. Further, it is required to represent the five flag’s values and its system compromises.
This report also aims to outline all the tests and attacks that run against the system, with the
respective results. Later, the basic TCP port scanner and the password cracker required for the
case study will be represented.
2. Defined Methodology and Testing Log
This section of the report will help to process the following activities- Investigating steps
to successfully complete ethical hacking, gather case study related information from the Internet,
Network scanning and searching the vulnerabilities. Prior to starting ethical hacking, it is
necessary to learn the basic methodology, because it requires more than penetrating and patching
a system or network. Moreover, the techniques which are proved could effectively support as a
guide throughout the process of hacking and it will make sure to reach the appropriate
destination. The use of supportive methodology for meeting the goals of ethical hacking is what
differs when it comes to the professional and the amateur hacker. This even saves a lot of cost,
time and efforts (Beaver, 2010).
Ethical hacking is same as the beta testing software. The general steps for hacking or
penetration testing sticks to highly logical process such as, reconnaissance, exploitation,
elevation of the privilege, establishing persistence, extracting the data, covering the tracks and
1
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
finally wrapping up ("Basic Hacker Methodology - Steps to the Hacking Process", 2015)
(Farsole, Kashikar & Zunzunwala, 2010). Then here, start with the virtual machine’s
installation.
2
(Farsole, Kashikar & Zunzunwala, 2010). Then here, start with the virtual machine’s
installation.
2
Flag 1-Web Server
The principle reason for the web server suggests to show the content of the website. Its
capacities rely upon the website’s requests, and here the requests are acknowledged in case the
request is sent via URL of the browser or from the web address bar. This request is sent to view
the requested website’s page. This process occurs with the assistance of DNS (Domain Name
Server) which transforms the given URL into the IP address and coordinates to the individual
web server. The fundamental target seen here is to set up communication among different servers
accessible over the World Wide Web, and nowadays apache has turned as the exceedingly
utilized web server. The web server can confront different attacks like, Directory Traversal, DOS
assault, Phishing Attack, Misconfiguration assaults and Website Defacement. Resolving the
attacks with the help of a methodology needs, vulnerability scanning, password attack such as
the dictionary attack, the counter estimates such as daily updates and web server fixing,
protecting the configuration files, applications that are used for scanning and which always run
on the web server, utilizing secure conventions, introducing antivirus and daily maintaining its
updates, then comes the OS and software updates (Just, Coffman, Coriale & Conley, 2016).
3
The principle reason for the web server suggests to show the content of the website. Its
capacities rely upon the website’s requests, and here the requests are acknowledged in case the
request is sent via URL of the browser or from the web address bar. This request is sent to view
the requested website’s page. This process occurs with the assistance of DNS (Domain Name
Server) which transforms the given URL into the IP address and coordinates to the individual
web server. The fundamental target seen here is to set up communication among different servers
accessible over the World Wide Web, and nowadays apache has turned as the exceedingly
utilized web server. The web server can confront different attacks like, Directory Traversal, DOS
assault, Phishing Attack, Misconfiguration assaults and Website Defacement. Resolving the
attacks with the help of a methodology needs, vulnerability scanning, password attack such as
the dictionary attack, the counter estimates such as daily updates and web server fixing,
protecting the configuration files, applications that are used for scanning and which always run
on the web server, utilizing secure conventions, introducing antivirus and daily maintaining its
updates, then comes the OS and software updates (Just, Coffman, Coriale & Conley, 2016).
3
Flag 2- Web Shells
The web shells are used by the attackers for hurting the exploited people, by using the
malicious content or script, to heighten and maintain trustworthy access on the compromised
web application. The web shell lacks ability to attack the remote vulnerabilities. The web shell’s
administration for the general advantages incorporates the limitations in terms of web shell
ordered execution, code execution database count and the accessing the records of IP address.
Pivoting Attack’s Launch
Penetration test can be used for pivoting when needed, to get access of the system. It
proceeds with whatever is left in the system in order to proceed with pivoting test of the
framework. It is conceivable to get to them for using it to continue pivoting. Here, the report
shows five essentially used tests that supports in analyzing the entrance of pivoting for sending
the SSH local port forwarding, SSH local port, Net cat transfers and terrible proxy HTTP of the
moderately troublesome. Then, to follow back the attack to its actual source.
Steady Remote Access
Here, the web shell's subtle elements are clarified. The web shells could be used for
getting the entrance which is unapproved and this could even direct to contain a substantial
system. In such a circumstance, the attacker may be left vulnerable while attempting to get to the
important server. Yet, the attackers won't stop here, they will do everything possible to get the
access. In any case, it is necessitated that the attackers must be in a radar state to be protected,
while experimenting with their endeavors and also to improve the results. The most famously
known web shells utilizes the password approval, to guarantee that the attacker is exchanging the
web shell’s methodologies. Certain parts of the web-shell has circuitous access and it enables the
attackers to remotely gain access and power the server as and when required. There exists certain
web shells which utilizes the password approval and also contains different techniques.
Comparative procedures help to alter the HTTP header, particularly the qualities and the IP
addresses are dealt well. The web shells contain code which can recognize the code and square
web files. In this way, it brings about dismissing the server which has web application facility.
4
The web shells are used by the attackers for hurting the exploited people, by using the
malicious content or script, to heighten and maintain trustworthy access on the compromised
web application. The web shell lacks ability to attack the remote vulnerabilities. The web shell’s
administration for the general advantages incorporates the limitations in terms of web shell
ordered execution, code execution database count and the accessing the records of IP address.
Pivoting Attack’s Launch
Penetration test can be used for pivoting when needed, to get access of the system. It
proceeds with whatever is left in the system in order to proceed with pivoting test of the
framework. It is conceivable to get to them for using it to continue pivoting. Here, the report
shows five essentially used tests that supports in analyzing the entrance of pivoting for sending
the SSH local port forwarding, SSH local port, Net cat transfers and terrible proxy HTTP of the
moderately troublesome. Then, to follow back the attack to its actual source.
Steady Remote Access
Here, the web shell's subtle elements are clarified. The web shells could be used for
getting the entrance which is unapproved and this could even direct to contain a substantial
system. In such a circumstance, the attacker may be left vulnerable while attempting to get to the
important server. Yet, the attackers won't stop here, they will do everything possible to get the
access. In any case, it is necessitated that the attackers must be in a radar state to be protected,
while experimenting with their endeavors and also to improve the results. The most famously
known web shells utilizes the password approval, to guarantee that the attacker is exchanging the
web shell’s methodologies. Certain parts of the web-shell has circuitous access and it enables the
attackers to remotely gain access and power the server as and when required. There exists certain
web shells which utilizes the password approval and also contains different techniques.
Comparative procedures help to alter the HTTP header, particularly the qualities and the IP
addresses are dealt well. The web shells contain code which can recognize the code and square
web files. In this way, it brings about dismissing the server which has web application facility.
4
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Zombie
The botnet denotes a system of arranged frameworks which the attacker controls, either
for his very own need or for renting to alternate culprits. Making the servers part of the botnet is
the other use of the web shells. The web shell is related with C&C server i.e., direction and
control server, which takes the directions for executing the guidelines. For the circulated refusal
of-benefit (DDoS) attacks, a setup is masterminded that needs high data transmission. In such a
circumstance, the attacker won't have any enthusiasm to take or damage the framework’s
information, when the deployment of web shell occurs. Or maybe, it utilizes the necessary assets,
whenever needed. The web server connected to internet could be affected by zombie which is
endangered with the attacker, then again, the Trojan horse or similar PC infection could be used
to conduct mischievous activities.
Privilege Escalations
The web sell functions the server based on the permissions that are misconfigured. Here,
it is required that the authorizations should be restricted. By using the web-shell, the attacker’s
attempt will be to play privilege escalation attack. It is noted that the nearby vulnerabilities of the
system are misused with the suspicion of the root privileges. However, in the OS like the Linux
and the rest UNIX-based OS contains, super-user. The can be ease in the process, if the attacker
contains root account. The web shell server is misconfigured and it restricts the web server with
customer authorization. The web shells could use the neighborhood vulnerabilities from the
framework to acknowledge the UNIX, dependent on the dealing with the super-customer.
Framework which incorporates the removing customers, examining messages, taking passwords
and anything is possible from that point. When we have a constrained shell it is valuable to
heighten the privileges of the shell (Engebretson, 2011).
Flag 3- Password Cracker
At the end, the customer can revise the password as it's a claim to fame of getting the
offered access to the framework which could affirmation the systems for the anchored access.
For example, the creation of Chanel marker, her the quality of the password are used, while
setting the passwords. The quality of the mystery secret phrase is spoken to in the accompanying
picture, where it has each and every passwords that are recorded. It is then conceivable to store
the hashes in the database we can take a gander at the mystery enter hashed in the database. By
5
The botnet denotes a system of arranged frameworks which the attacker controls, either
for his very own need or for renting to alternate culprits. Making the servers part of the botnet is
the other use of the web shells. The web shell is related with C&C server i.e., direction and
control server, which takes the directions for executing the guidelines. For the circulated refusal
of-benefit (DDoS) attacks, a setup is masterminded that needs high data transmission. In such a
circumstance, the attacker won't have any enthusiasm to take or damage the framework’s
information, when the deployment of web shell occurs. Or maybe, it utilizes the necessary assets,
whenever needed. The web server connected to internet could be affected by zombie which is
endangered with the attacker, then again, the Trojan horse or similar PC infection could be used
to conduct mischievous activities.
Privilege Escalations
The web sell functions the server based on the permissions that are misconfigured. Here,
it is required that the authorizations should be restricted. By using the web-shell, the attacker’s
attempt will be to play privilege escalation attack. It is noted that the nearby vulnerabilities of the
system are misused with the suspicion of the root privileges. However, in the OS like the Linux
and the rest UNIX-based OS contains, super-user. The can be ease in the process, if the attacker
contains root account. The web shell server is misconfigured and it restricts the web server with
customer authorization. The web shells could use the neighborhood vulnerabilities from the
framework to acknowledge the UNIX, dependent on the dealing with the super-customer.
Framework which incorporates the removing customers, examining messages, taking passwords
and anything is possible from that point. When we have a constrained shell it is valuable to
heighten the privileges of the shell (Engebretson, 2011).
Flag 3- Password Cracker
At the end, the customer can revise the password as it's a claim to fame of getting the
offered access to the framework which could affirmation the systems for the anchored access.
For example, the creation of Chanel marker, her the quality of the password are used, while
setting the passwords. The quality of the mystery secret phrase is spoken to in the accompanying
picture, where it has each and every passwords that are recorded. It is then conceivable to store
the hashes in the database we can take a gander at the mystery enter hashed in the database. By
5
then, it is needed the mystery secret word key, if a match is found and the database of the
password splitting framework. The web shell is seen Deobfuscating here. Then, preg_replace
comprises of 3 contentions such as, regex, subject of the substitution and it contains the modifier
which can get everything in the substitution, because of PHP code. These lines resemble the
accompanying code, preg_replace ("/.*/", eval("\x65\x76\x61… \x29\x3B"), ".");
Second parameter could without much of a stretch access the entire PHP code. This is by
uprightness of these declarations we can break courses of action to translate the PHP, and the
character of the hexadecimal documentation. An example includes, \x65 would be an e since it
says so in the ASCII table. Physically changing over this string would be a dash of work, so we
let PHP to do the rest.
Echo "\x65\x76\x61… \x29\x3B";
Verification of Bypassing
Thus, $auth_pass is present in the web shell validation’s first code.
MD5 achieves over the posted pass parameter, and it screens $auth_pass. The Plain
MD5s are fundamentally not to a great degree secure technique for putting away the passwords.
In particular, the MD5 gives occasional access and registers hashes nearly in billions, for each
and every second and it endeavors to spare the intensity of the password. On the other hand, the
MD5 totals for a few, frail passwords is starting now on the web and can be identified by the
lively Google look. Our product build has picked an extremely pleasant puzzled password. There
is another approach to manage the access of the web shell, when the source code is present. As it
should be clear in the code it sets a particular treat when you get the password right. It checks the
6
password splitting framework. The web shell is seen Deobfuscating here. Then, preg_replace
comprises of 3 contentions such as, regex, subject of the substitution and it contains the modifier
which can get everything in the substitution, because of PHP code. These lines resemble the
accompanying code, preg_replace ("/.*/", eval("\x65\x76\x61… \x29\x3B"), ".");
Second parameter could without much of a stretch access the entire PHP code. This is by
uprightness of these declarations we can break courses of action to translate the PHP, and the
character of the hexadecimal documentation. An example includes, \x65 would be an e since it
says so in the ASCII table. Physically changing over this string would be a dash of work, so we
let PHP to do the rest.
Echo "\x65\x76\x61… \x29\x3B";
Verification of Bypassing
Thus, $auth_pass is present in the web shell validation’s first code.
MD5 achieves over the posted pass parameter, and it screens $auth_pass. The Plain
MD5s are fundamentally not to a great degree secure technique for putting away the passwords.
In particular, the MD5 gives occasional access and registers hashes nearly in billions, for each
and every second and it endeavors to spare the intensity of the password. On the other hand, the
MD5 totals for a few, frail passwords is starting now on the web and can be identified by the
lively Google look. Our product build has picked an extremely pleasant puzzled password. There
is another approach to manage the access of the web shell, when the source code is present. As it
should be clear in the code it sets a particular treat when you get the password right. It checks the
6
treat and if it is wrong, then it considers wsoLogin to show the login page and leaves the
substance. If not the web shell code will continue.
Flag 4- TCP Port Scanner–Nmap
The web interface denotes the Nmap tool. This tool is a mainstream to execute
with suitable parameters so as to increase system’s speed as well as the accuracy. Every
single port is scanned. Then, it sends the packets that listens to the answers and at last it
completes scanning the port, thus the process is referred as 'SYN scan, which sends every
single address of the port to the packet of TCP SYN. The inventory UDP ports is utilized
to help Nmap with UDP filter, - sU alternative is initiated. It is conceivable to join TCP
scan such as SYN scan (- sS), to check run time of the protocol. The focused ports
consists of UDP scan and sends UDP packets to the scanned port.
TCP Three Way Handshake
7
substance. If not the web shell code will continue.
Flag 4- TCP Port Scanner–Nmap
The web interface denotes the Nmap tool. This tool is a mainstream to execute
with suitable parameters so as to increase system’s speed as well as the accuracy. Every
single port is scanned. Then, it sends the packets that listens to the answers and at last it
completes scanning the port, thus the process is referred as 'SYN scan, which sends every
single address of the port to the packet of TCP SYN. The inventory UDP ports is utilized
to help Nmap with UDP filter, - sU alternative is initiated. It is conceivable to join TCP
scan such as SYN scan (- sS), to check run time of the protocol. The focused ports
consists of UDP scan and sends UDP packets to the scanned port.
TCP Three Way Handshake
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
To know sweep, strength is needed to resuscitate the hypothesis of TCP three way
handshake. This helps to convey the commencement of TCP connection. It is seen that
the TCP/IP network connection is useful and sets up communication with the three-way
handshake technique, which could be used by the local host/client and server. The TCP
three way handshake needs the server and the customer to have genuine information
communication, to start trading SYN and ACK packets. Henceforth, to establish
connection, the TCP uses this method as it builds up the connection of SYN. It is set up
when the customer sends the open dynamic SYN for the server. For example, A is set for
the customers which has a sequenced number of section that could be utilized by the
customers. When user A gets the packet, the ACK is sent to server B. Lastly, the ACK is
sent to server B and TCP connection is structured. Where the user A requires connection
set up with B server, there the SYN will be sent by the user A to the server B and as
server B gets this, it promptly advances it to user A which receives the SYN-ACK ("TCP
3-Way Handshake (SYN,SYN-ACK,ACK)", 2018).
TCP Scanning
TCP scanning comprises of the following:
a) Open port: The user A sends the SYN to server B, and next the server B responds
with SYN-ACK.
b) Filtered port: The user A sends the SYN to the server B, however it will not
receive any kind of reaction or ICMP port inaccessible blunder message.
8
handshake. This helps to convey the commencement of TCP connection. It is seen that
the TCP/IP network connection is useful and sets up communication with the three-way
handshake technique, which could be used by the local host/client and server. The TCP
three way handshake needs the server and the customer to have genuine information
communication, to start trading SYN and ACK packets. Henceforth, to establish
connection, the TCP uses this method as it builds up the connection of SYN. It is set up
when the customer sends the open dynamic SYN for the server. For example, A is set for
the customers which has a sequenced number of section that could be utilized by the
customers. When user A gets the packet, the ACK is sent to server B. Lastly, the ACK is
sent to server B and TCP connection is structured. Where the user A requires connection
set up with B server, there the SYN will be sent by the user A to the server B and as
server B gets this, it promptly advances it to user A which receives the SYN-ACK ("TCP
3-Way Handshake (SYN,SYN-ACK,ACK)", 2018).
TCP Scanning
TCP scanning comprises of the following:
a) Open port: The user A sends the SYN to server B, and next the server B responds
with SYN-ACK.
b) Filtered port: The user A sends the SYN to the server B, however it will not
receive any kind of reaction or ICMP port inaccessible blunder message.
8
c) Shut port: The user A sends the SYN to the server B. Next, server B responds
with RST-ACK (Reset-Acknowledgment).
The - sS parameter will be set regardless of the type of output.
To decide if the ports are open or not, the TCP port is used, where this is identified
as follows- When the port is open it sends SYN to the port. Next, with a SYN/ACK, it
reacts to the target machine. When the port is shut it requires resetting or RST the port.
This reflects SYN scan’s understanding, where the inactive system might be used as
vulnerable to identify the traffic of IP ID. Nonetheless, the next tests assurances to
9
with RST-ACK (Reset-Acknowledgment).
The - sS parameter will be set regardless of the type of output.
To decide if the ports are open or not, the TCP port is used, where this is identified
as follows- When the port is open it sends SYN to the port. Next, with a SYN/ACK, it
reacts to the target machine. When the port is shut it requires resetting or RST the port.
This reflects SYN scan’s understanding, where the inactive system might be used as
vulnerable to identify the traffic of IP ID. Nonetheless, the next tests assurances to
9
demonstrate promising results, where the Nmap of the zombie parodies the four parcels
which originates from the target machine. Zombie's capacity exhibits fine testing in this
section, and it ensures that there is increment in the number of IP IDs. For the attackers,
it hinders the parcels that are spoofed with a different IP ID arrangement counter, for
each host that builds system communication.
Flag 5- Privileges
The OS, Application and service, File system, communication, networking,
confidential information, preparing and identifying the exploit code are the learnt basic
Linux privileges which contains high benefits for the organization that implements such
knowledge.
3. Results and Recommendations
The concept of hacking is known from this report. Additionally, the difference
between the legal and illegal hacking is understood clearly. The observation shows that
hacking is a technical effort for manipulating the connected systems and the network
connection’s normal behavior. Hence, both hacking as well as hackers could be related to
the malicious programming attacks on the networks and computers via, internet. The
demand of hiring the ethical hackers in the organization is increasing. The report meets
its purpose of infiltrating the given system and gets the root level privileges. Next, it
presents the five flag’s values and its system compromises. The report has outlined all the
tests and attacks which run against the system, with the respective results. On the other
hand, the basic TCP port scanner and the password cracker required for the case study are
represented.
At last, the privileges available in Linux are learnt such as, Application and
service, operating system, file system, computer networking, communication, confidential
information, preparing exploit code, and identifying the exploit code. Also, here the TCP
three way handshake method is studied and implemented.
10
which originates from the target machine. Zombie's capacity exhibits fine testing in this
section, and it ensures that there is increment in the number of IP IDs. For the attackers,
it hinders the parcels that are spoofed with a different IP ID arrangement counter, for
each host that builds system communication.
Flag 5- Privileges
The OS, Application and service, File system, communication, networking,
confidential information, preparing and identifying the exploit code are the learnt basic
Linux privileges which contains high benefits for the organization that implements such
knowledge.
3. Results and Recommendations
The concept of hacking is known from this report. Additionally, the difference
between the legal and illegal hacking is understood clearly. The observation shows that
hacking is a technical effort for manipulating the connected systems and the network
connection’s normal behavior. Hence, both hacking as well as hackers could be related to
the malicious programming attacks on the networks and computers via, internet. The
demand of hiring the ethical hackers in the organization is increasing. The report meets
its purpose of infiltrating the given system and gets the root level privileges. Next, it
presents the five flag’s values and its system compromises. The report has outlined all the
tests and attacks which run against the system, with the respective results. On the other
hand, the basic TCP port scanner and the password cracker required for the case study are
represented.
At last, the privileges available in Linux are learnt such as, Application and
service, operating system, file system, computer networking, communication, confidential
information, preparing exploit code, and identifying the exploit code. Also, here the TCP
three way handshake method is studied and implemented.
10
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
References
Basic Hacker Methodology - Steps to the Hacking Process. (2015). Retrieved from
https://hackmethod.com/hacker-methodology/
Beaver, K. (2010). Hacking For Dummies (3rd ed.). John Wiley & Sons.
Engebretson, P. (2011). The Basics of Hacking and Penetration Testing. Network
Security, 2011(12), 4. doi: 10.1016/s1353-4858(11)70127-1
Farsole, A., Kashikar, A., & Zunzunwala, A. (2010). Ethical Hacking. International Journal Of
Computer Applications, 1(10), 14-20. doi: 10.5120/229-380
Gupta, A., & Anand, A. (2017). Ethical Hacking and Hacking Attacks. International Journal Of
Engineering And Computer Science. doi: 10.18535/ijecs/v6i4.42
Hacking - protect yourself against hackers. (2018). Retrieved from https://www.avast.com/c-
hacker
Just, P., Coffman, K., Coriale, D., & Conley, T. (2016). Watch Out for Web Server Hacking.
Retrieved from https://www.delcor.com/resources/blog/watch-out-for-web-server-hacking
Mitchell, B. (2018). Do You Have What It Takes to Become a Computer Hacker?. Retrieved
from https://www.lifewire.com/definition-of-hacking-817991
Reddy, P. (2018). Cyber Security and Ethical Hacking. International Journal For Research In
Applied Science And Engineering Technology, 6(6), 1770-1774. doi:
10.22214/ijraset.2018.6261
TCP 3-Way Handshake (SYN,SYN-ACK,ACK). (2018). Retrieved from
https://www.inetdaemon.com/tutorials/internet/tcp/3-way_handshake.shtml
What is Hacking?. (2018). Retrieved from https://whatismyipaddress.com/hacking
11
Basic Hacker Methodology - Steps to the Hacking Process. (2015). Retrieved from
https://hackmethod.com/hacker-methodology/
Beaver, K. (2010). Hacking For Dummies (3rd ed.). John Wiley & Sons.
Engebretson, P. (2011). The Basics of Hacking and Penetration Testing. Network
Security, 2011(12), 4. doi: 10.1016/s1353-4858(11)70127-1
Farsole, A., Kashikar, A., & Zunzunwala, A. (2010). Ethical Hacking. International Journal Of
Computer Applications, 1(10), 14-20. doi: 10.5120/229-380
Gupta, A., & Anand, A. (2017). Ethical Hacking and Hacking Attacks. International Journal Of
Engineering And Computer Science. doi: 10.18535/ijecs/v6i4.42
Hacking - protect yourself against hackers. (2018). Retrieved from https://www.avast.com/c-
hacker
Just, P., Coffman, K., Coriale, D., & Conley, T. (2016). Watch Out for Web Server Hacking.
Retrieved from https://www.delcor.com/resources/blog/watch-out-for-web-server-hacking
Mitchell, B. (2018). Do You Have What It Takes to Become a Computer Hacker?. Retrieved
from https://www.lifewire.com/definition-of-hacking-817991
Reddy, P. (2018). Cyber Security and Ethical Hacking. International Journal For Research In
Applied Science And Engineering Technology, 6(6), 1770-1774. doi:
10.22214/ijraset.2018.6261
TCP 3-Way Handshake (SYN,SYN-ACK,ACK). (2018). Retrieved from
https://www.inetdaemon.com/tutorials/internet/tcp/3-way_handshake.shtml
What is Hacking?. (2018). Retrieved from https://whatismyipaddress.com/hacking
11
1 out of 14
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.