Ethical Hacking and Defense: Case Study Analysis
VerifiedAdded on 2023/06/05
|11
|2129
|440
AI Summary
This report provides a detailed analysis of ethical hacking and defense with a case study. It covers five flags including web server, web shells, password cracking, TCP port scanner, and Linux privilege escalation.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Ethical Hacking and Defense
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Executive Summary
This project is used to create the report for ethical hacking and defence with the given
case study. Here, user requires to penetrate the given system and achieve the root level
privileges. Generally, this project is divided into five flags. These flags are used to provide
the effective ethical and hacking defence information in detail. These five flags are needs to
analysed and discussed in detail. Each flag needs to identify and determine the user and
admin credential information. Also, crack the password by using the password cracking tool
and determine the TCP port by using the TCP port scanner tool.
This project is used to create the report for ethical hacking and defence with the given
case study. Here, user requires to penetrate the given system and achieve the root level
privileges. Generally, this project is divided into five flags. These flags are used to provide
the effective ethical and hacking defence information in detail. These five flags are needs to
analysed and discussed in detail. Each flag needs to identify and determine the user and
admin credential information. Also, crack the password by using the password cracking tool
and determine the TCP port by using the TCP port scanner tool.
Table of Contents
1 Project Description...........................................................................................................3
2 Defined methodology and Log Testing...........................................................................3
Flag 1- Web Server...............................................................................................................4
Flag 2- Web Shells................................................................................................................4
Flag 3- Crack Password.......................................................................................................6
Flag 4- TCP port scanner – NMAP....................................................................................7
Flag 5- Privilege....................................................................................................................9
3 Result..................................................................................................................................9
4 References........................................................................................................................10
1 Project Description...........................................................................................................3
2 Defined methodology and Log Testing...........................................................................3
Flag 1- Web Server...............................................................................................................4
Flag 2- Web Shells................................................................................................................4
Flag 3- Crack Password.......................................................................................................6
Flag 4- TCP port scanner – NMAP....................................................................................7
Flag 5- Privilege....................................................................................................................9
3 Result..................................................................................................................................9
4 References........................................................................................................................10
1 Project Description
Main objective of this project is to make the report for ethical hacking and defence with
the given case study. The area cover in this report includes as follows- The user requires to
penetrate the given system and achieve the root level privileges. Generally, this project is
divided into five flags, where the first flag needs to examine the content of the web server, to
determine the username and password for the admin. The flag is required to know about the
web shells. The third flagsrequires to crack the password. The fourth flags requires
determining the user entered the wrong password on the system, where the TCP port scanner
is used. The fifth flag is required to learn the basic escalation of Linux privilege. It also
defines the methodology and testing of the log.
2 Defined methodology and LogTesting
Here, the user quires to install the Virtual machine and also installs the provided case
study on the virtual machine. This process is demonstrated below("An Introduction to Web-
shells | Acunetix", 2018).
Main objective of this project is to make the report for ethical hacking and defence with
the given case study. The area cover in this report includes as follows- The user requires to
penetrate the given system and achieve the root level privileges. Generally, this project is
divided into five flags, where the first flag needs to examine the content of the web server, to
determine the username and password for the admin. The flag is required to know about the
web shells. The third flagsrequires to crack the password. The fourth flags requires
determining the user entered the wrong password on the system, where the TCP port scanner
is used. The fifth flag is required to learn the basic escalation of Linux privilege. It also
defines the methodology and testing of the log.
2 Defined methodology and LogTesting
Here, the user quires to install the Virtual machine and also installs the provided case
study on the virtual machine. This process is demonstrated below("An Introduction to Web-
shells | Acunetix", 2018).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Flag 1- Web Server
Generally, the web server needs to store the contents in a specific HTML reports which
is related to web server resources such as textual styles, pictures, recordings, java scripts
documents and CSS templates. These documents are saved exclusively in the PC, anyway it's
unquestionably useful to store them all on a submitted web server that is reliably running
continuously when connected with the Internet, and then it has comparative IP address
continually and is stored by an untouchable provider("Basic Linux Privilege Escalation",
2018).
Flag 2-Web Shells
In cybercrime, the web shells are generally the neglected factor and it doesn’t grasp the
attention level of phishing or malware. But, the web shells that are effectively engineered are
now delivering highly presentable andrefined toolkits for various crimes, along with the
facilities to crack the password, DDoSelevating the privileges,phishing, then the investigation
of network and spamming, which is not only offered by the web based user interface, but it
also accepts the commands for the botnet. With just a click, various shells provide botnet
creation, which launches the standalone processes that either establish connection with the
Generally, the web server needs to store the contents in a specific HTML reports which
is related to web server resources such as textual styles, pictures, recordings, java scripts
documents and CSS templates. These documents are saved exclusively in the PC, anyway it's
unquestionably useful to store them all on a submitted web server that is reliably running
continuously when connected with the Internet, and then it has comparative IP address
continually and is stored by an untouchable provider("Basic Linux Privilege Escalation",
2018).
Flag 2-Web Shells
In cybercrime, the web shells are generally the neglected factor and it doesn’t grasp the
attention level of phishing or malware. But, the web shells that are effectively engineered are
now delivering highly presentable andrefined toolkits for various crimes, along with the
facilities to crack the password, DDoSelevating the privileges,phishing, then the investigation
of network and spamming, which is not only offered by the web based user interface, but it
also accepts the commands for the botnet. With just a click, various shells provide botnet
creation, which launches the standalone processes that either establish connection with the
command and control server or by insecure TCP connectionit listen to the commands.For
finding potentially exploitable services, some let to perform the port scan, whereas others let
the fraudsters to schedule the DoS (denial of service) attacks. There exists shells which are
committed to sendbulk spam emails, then they test the credentials that are stolen against the
famous websites (For example, PayPal, Amazon and so on.), password cracking and defacing
the websitesautomatically. Where so many powerful features exists, it is unsurprising that
how the web shells that are famous are involved with the cyber criminals.A web-shell is a
noxious substance used by an aggressor with the reason to uplift and keep up steady access
on a starting negotiated web application. Web-shells can't strike or experience remote
incapability, so it is constantly the second step of atrap. The attacker can abuse the general
vulnerabilities (Bock, 2016).
Zombie
The web-shell or aberrant access is related with a C&C server from which it can take
bearings on what rules to execute. This setup is typically used in DDoS attacks, which require
clearing proportions of transmission limit. For this circumstance, the aggressor does not have
any eagerness for harming, or taking anything off-of the structure whereupon the web shell
was passed on. Or maybe, they will fundamentally use its advantages for at whatever point is
required (Cengage Learning, 2017).
Propelling and Pivoting Attacks
A web-shell can be used for pivoting inside or outside the framework. The attacker
should need to screen the framework development on the structure, check the internal
framework to discover live has, and list firewalls and switches inside the framework. This
methodology can take days, even months, commonly in light of the way that an assailant
regularly attempts to remain under the radar, and draw negligible proportion of thought
possible. Once an attacker has decided access, they can serenely make their moves
("Circumventing authentication of a webshell", 2018).
Consistent Remote Access
A web-shell generally contains anindirect access which empowers an attacker to
remotely get to and possibly, control a server at whatever point. This would save the assailant
the trouble of manhandling a weakness each time access to the exchanged off server is
required. An attacker may similarly settle the shortcoming themselves, remembering the
ultimate objective to ensure that no one else will mishandle that frailty. In this way, the
aggressor can remain under the radar and avoid any coordinated effort with an executive,
while so far getting a comparative result.
finding potentially exploitable services, some let to perform the port scan, whereas others let
the fraudsters to schedule the DoS (denial of service) attacks. There exists shells which are
committed to sendbulk spam emails, then they test the credentials that are stolen against the
famous websites (For example, PayPal, Amazon and so on.), password cracking and defacing
the websitesautomatically. Where so many powerful features exists, it is unsurprising that
how the web shells that are famous are involved with the cyber criminals.A web-shell is a
noxious substance used by an aggressor with the reason to uplift and keep up steady access
on a starting negotiated web application. Web-shells can't strike or experience remote
incapability, so it is constantly the second step of atrap. The attacker can abuse the general
vulnerabilities (Bock, 2016).
Zombie
The web-shell or aberrant access is related with a C&C server from which it can take
bearings on what rules to execute. This setup is typically used in DDoS attacks, which require
clearing proportions of transmission limit. For this circumstance, the aggressor does not have
any eagerness for harming, or taking anything off-of the structure whereupon the web shell
was passed on. Or maybe, they will fundamentally use its advantages for at whatever point is
required (Cengage Learning, 2017).
Propelling and Pivoting Attacks
A web-shell can be used for pivoting inside or outside the framework. The attacker
should need to screen the framework development on the structure, check the internal
framework to discover live has, and list firewalls and switches inside the framework. This
methodology can take days, even months, commonly in light of the way that an assailant
regularly attempts to remain under the radar, and draw negligible proportion of thought
possible. Once an attacker has decided access, they can serenely make their moves
("Circumventing authentication of a webshell", 2018).
Consistent Remote Access
A web-shell generally contains anindirect access which empowers an attacker to
remotely get to and possibly, control a server at whatever point. This would save the assailant
the trouble of manhandling a weakness each time access to the exchanged off server is
required. An attacker may similarly settle the shortcoming themselves, remembering the
ultimate objective to ensure that no one else will mishandle that frailty. In this way, the
aggressor can remain under the radar and avoid any coordinated effort with an executive,
while so far getting a comparative result.
Escalation of Privileges
Until the server is misconfigured, the web-shell keeps running the web server, with
the permission of the user that are limited. With the help of the web-shell, the attacker could
possibly try to conduct privilege escalation attacks,where the system is exploited with local
vulnerabilities for assuming it as the root privileges, which in Linux and other UNIX-based
operating systems, refers to ‘super-user.’
By accessing the root account, the attacker could do anything in the system. It can include
installation of the software, the attacker could even change the permissions, then he/ she
could even add or remove the users, passwords could be stolen, the emails could be read and
so on.
Flag 3- Crack Password
Exactly when a webpage is hacked, the assailant routinely leaves an auxiliary section or
web shell to have the ability to successfully get to the website later on. These are frequently
confused to avoid recognizable proof, and need confirmation so simply the attacker can get to
the site. In this post I am going to deobfuscate a web shell and show how the affirmation can
be evaded when you have the source code yet not the mystery word(Engebretson, 2013).
Deobfuscating the web shell
The preg_replace has three disputes, the regex, the substitution and the subject. Since
the regex has the e modifier, it will evaluate anything in the substitution as PHP code. This
refers to going with the code("What are web shells – Tutorial", 2018):
Physically changing over this string would be a touch of work, so we let PHP do it:
Bypassing check
The $auth_pass in the main code starting suggested where, there would be an approval
on the web shell. The course of action of $auth_pass, 32 hexadecimal characters, suggest that
it is a MD5 of the plaintext mystery word. As the wellspring of the web shell is present, it is
possible to carry out the following(Ethical hacking and countermeasures, 2017):
Until the server is misconfigured, the web-shell keeps running the web server, with
the permission of the user that are limited. With the help of the web-shell, the attacker could
possibly try to conduct privilege escalation attacks,where the system is exploited with local
vulnerabilities for assuming it as the root privileges, which in Linux and other UNIX-based
operating systems, refers to ‘super-user.’
By accessing the root account, the attacker could do anything in the system. It can include
installation of the software, the attacker could even change the permissions, then he/ she
could even add or remove the users, passwords could be stolen, the emails could be read and
so on.
Flag 3- Crack Password
Exactly when a webpage is hacked, the assailant routinely leaves an auxiliary section or
web shell to have the ability to successfully get to the website later on. These are frequently
confused to avoid recognizable proof, and need confirmation so simply the attacker can get to
the site. In this post I am going to deobfuscate a web shell and show how the affirmation can
be evaded when you have the source code yet not the mystery word(Engebretson, 2013).
Deobfuscating the web shell
The preg_replace has three disputes, the regex, the substitution and the subject. Since
the regex has the e modifier, it will evaluate anything in the substitution as PHP code. This
refers to going with the code("What are web shells – Tutorial", 2018):
Physically changing over this string would be a touch of work, so we let PHP do it:
Bypassing check
The $auth_pass in the main code starting suggested where, there would be an approval
on the web shell. The course of action of $auth_pass, 32 hexadecimal characters, suggest that
it is a MD5 of the plaintext mystery word. As the wellspring of the web shell is present, it is
possible to carry out the following(Ethical hacking and countermeasures, 2017):
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Updates
Split a few passwords,
Hash Password
64a113a4ccc22cffb9d2f75b8c19e333 cmonqwe123#@!
9e4bf26d87b7e8b6b66b0a2305f67184 lex1312
Flag 4- TCP port scanner – NMAP
Port checking is a technique used to perceive if a port on the target is either open or
closed; the port can be open when there is an organization that utilizesa specific port to talk
with various systems. This is the inspiration driving whywhen a port is open it is possible to
over the long haul perceive what kind of organization uses it by sending phenomenally made
packages to the target. When we know the target IP address we can dispatch the port
checking ambush. Obviously,when no decision is picked, Nmap runs a TCP SYN Scan
generally called Stealth Scan("Port Scanning with Nmap", 2018).Regardless of whether this
kind of scan is the default one, the "- sS" parameter we can be used to set it up the pursued
with the objective’s IP address ("TCP Port Scan with Nmap | Pentest-Tools.com", 2018):
Split a few passwords,
Hash Password
64a113a4ccc22cffb9d2f75b8c19e333 cmonqwe123#@!
9e4bf26d87b7e8b6b66b0a2305f67184 lex1312
Flag 4- TCP port scanner – NMAP
Port checking is a technique used to perceive if a port on the target is either open or
closed; the port can be open when there is an organization that utilizesa specific port to talk
with various systems. This is the inspiration driving whywhen a port is open it is possible to
over the long haul perceive what kind of organization uses it by sending phenomenally made
packages to the target. When we know the target IP address we can dispatch the port
checking ambush. Obviously,when no decision is picked, Nmap runs a TCP SYN Scan
generally called Stealth Scan("Port Scanning with Nmap", 2018).Regardless of whether this
kind of scan is the default one, the "- sS" parameter we can be used to set it up the pursued
with the objective’s IP address ("TCP Port Scan with Nmap | Pentest-Tools.com", 2018):
TCP connect scan
TCP connect scan is the default TCP filter compose when SYN examine isn't a
choice. This is the situation when a client does not have simple packet benefits. Rather than
composing simple packets as most other scan composes do, Nmap asks the basic working
framework to set up an association with the objective machine and port by issuing the
interface framework call. This is a similar abnormal state framework call that internet
browsers, P2P customers, and most other system empowered applications use to set up an
association. It is a piece of a programming interface known as the Berkeley Sockets API. As
opposed to peruse crude bundle reactions off the wire, Nmap utilizes this API to acquire
status data on every association endeavour.
TCP connect scan is the default TCP filter compose when SYN examine isn't a
choice. This is the situation when a client does not have simple packet benefits. Rather than
composing simple packets as most other scan composes do, Nmap asks the basic working
framework to set up an association with the objective machine and port by issuing the
interface framework call. This is a similar abnormal state framework call that internet
browsers, P2P customers, and most other system empowered applications use to set up an
association. It is a piece of a programming interface known as the Berkeley Sockets API. As
opposed to peruse crude bundle reactions off the wire, Nmap utilizes this API to acquire
status data on every association endeavour.
Flag 5- Privilege
In the fifth flag, the basic Linux privilege escalation such as Operating System,
Applications & Services, Communications & Networking, Confidential Information & Users,
File Systems and Preparation & Finding Exploit Codeare learnt ("UDP Port Scan with Nmap
| Pentest-Tools.com", 2018).
3 Result
The primary objective of this project is to make the report for ethical hacking and
defence with the given case study. Here, user requires to penetrate the given system and
achieve the root level privileges. Generally, this project is divided into five flags. From the
discussion it is observed that, the first flag effectivelysurvey the web server content, to
determine the username and password for the admin. The second flag is required to know
about the web shells. The third flag successfully crack the password. The fourth flags
successfully determined the user entered the wrong password on the system, where the TCP
port scanner is used. The fifth flag is used for learning the basic escalation of Linux privilege.
In future, we can crack the password by using the ncrack tool, because this tool provides
effective password cracking facility.
In the fifth flag, the basic Linux privilege escalation such as Operating System,
Applications & Services, Communications & Networking, Confidential Information & Users,
File Systems and Preparation & Finding Exploit Codeare learnt ("UDP Port Scan with Nmap
| Pentest-Tools.com", 2018).
3 Result
The primary objective of this project is to make the report for ethical hacking and
defence with the given case study. Here, user requires to penetrate the given system and
achieve the root level privileges. Generally, this project is divided into five flags. From the
discussion it is observed that, the first flag effectivelysurvey the web server content, to
determine the username and password for the admin. The second flag is required to know
about the web shells. The third flag successfully crack the password. The fourth flags
successfully determined the user entered the wrong password on the system, where the TCP
port scanner is used. The fifth flag is used for learning the basic escalation of Linux privilege.
In future, we can crack the password by using the ncrack tool, because this tool provides
effective password cracking facility.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4 References
An Introduction to Web-shells | Acunetix. (2018). Retrieved from
https://www.acunetix.com/websitesecurity/introduction-web-shells/
Basic Linux Privilege Escalation. (2018). Retrieved from
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
Bock, L. (2016). Ethical Hacking: Overview. [Carpinteria, Calif.]: Lynda.com.
Cengage Learning. (2017). Ethical hacking and countermeasures. Boston, MA.
Circumventing authentication of a webshell. (2018). Retrieved from
https://www.sjoerdlangkemper.nl/2016/02/04/circumventing-authentication-of-a-
webshell/
Engebretson, P. (2013). The basics of hacking and penetration testing. Waltham, MA:
Syngress/Elsevier.
Port Scanning with Nmap. (2018). Retrieved from
https://spreadsecurity.github.io/2016/10/23/port-scanning-with-nmap.html
TCP Port Scan with Nmap | Pentest-Tools.com. (2018). Retrieved from https://pentest-
tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap
UDP Port Scan with Nmap | Pentest-Tools.com. (2018). Retrieved from https://pentest-
tools.com/network-vulnerability-scanning/udp-port-scanner-online-nmap
What are web shells – Tutorial. (2018). Retrieved from https://www.binarytides.com/web-
shells-tutorial/
An Introduction to Web-shells | Acunetix. (2018). Retrieved from
https://www.acunetix.com/websitesecurity/introduction-web-shells/
Basic Linux Privilege Escalation. (2018). Retrieved from
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
Bock, L. (2016). Ethical Hacking: Overview. [Carpinteria, Calif.]: Lynda.com.
Cengage Learning. (2017). Ethical hacking and countermeasures. Boston, MA.
Circumventing authentication of a webshell. (2018). Retrieved from
https://www.sjoerdlangkemper.nl/2016/02/04/circumventing-authentication-of-a-
webshell/
Engebretson, P. (2013). The basics of hacking and penetration testing. Waltham, MA:
Syngress/Elsevier.
Port Scanning with Nmap. (2018). Retrieved from
https://spreadsecurity.github.io/2016/10/23/port-scanning-with-nmap.html
TCP Port Scan with Nmap | Pentest-Tools.com. (2018). Retrieved from https://pentest-
tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap
UDP Port Scan with Nmap | Pentest-Tools.com. (2018). Retrieved from https://pentest-
tools.com/network-vulnerability-scanning/udp-port-scanner-online-nmap
What are web shells – Tutorial. (2018). Retrieved from https://www.binarytides.com/web-
shells-tutorial/
1 out of 11
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.