Ethical Hacking: Methodology, Tools and Penetration Testing
Verified
Added on 2023/06/13
|17
|1703
|348
AI Summary
This article explores the scope of ethical hacking, including methodology, tools, and penetration testing. It investigates weaknesses in virtual machines and countermeasures. The article also covers Nmap, Tomcat, SSL, Keystore, Tshark, and more.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Table of Contents 1.Introduction.................................................................................................................................2 2.Scanning.......................................................................................................................................2 Findings................................................................................................................................................3 3.Penetrating the Desktop............................................................................................................10 4.Cracking the passwords............................................................................................................11 5.Conclusion..................................................................................................................................11 6.References..................................................................................................................................12 1
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1.Introduction Scope of ethcal hacking will be investigated. Ethical issues will be studied and the legal issues will be discussed. Methodology and the penetrating tools will be studied and investaigated. One system penetration test will be done in a virtual machine. The weeknesses of the virtual machine will be investigated. Penetration tests will be done. Suitable counter measures will be investigated. 2.VM Scanning 2
Do the necessary technical tasks and opened the VM in virtual box. VM Workstation was slow. Got the VM working 3
Got the IP address of the VM Opened settings. Selected setwork settings. IT address of the VM is noted down. This VM can be accessed using this IP address now. The vm can be accessed in remote mode too. Direct console access also possible, Opened IFCONFIG command in terminal. Noted down the IP. Ips are matching. NAT option is selected so that the IP address can communicate with the external world. 4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Later stage of this work , Bridged adapter is used. 5
DHCP setting is selected for IP assignment. Set the DNS server. If the DHCP server is able to provide this DNS SERVER details then this need not be set manually. 6
Changed IP address is noted down now. PINGED the DNS server and got the following results. 7
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
In windows OS , opened the PING in run window. PING command is used and the response is shown below. 8
IP address of the VM and the host details are shwon below. The host breach and attacking can be investigated with the help of the following tools. NMAP, TOMCAT , NGREP , SSL , KEYSTORE , TCPDUMP and TSHARK 9
3.Penetrating the Desktop The following procedures are used. Reconnaissance The black hat hacking is learning from different sources that targets a buisness. It is perfomed in the operations such as internet searches,social engineering,non-intrusive network scan,dumpster diving and domain name management. This phase are difficult to hacker and defend against. Scanning The network weekness can be open port ,open services,malicious applications,week security of data transfer and worst LAN and WAN equipment. Using scanning activity , The attacker understands the the week points to get the data easily. Prevention of the information The unexpected port needs to shutdwon. Imporatant data and the only approved devices should be allowed. Patching and LAN/WAN security will be maintained properly. End to End process can be used to monitor so the so the information securely transferd. Gaining access The attacker get access to the resources. It gain some position of access to one or more network connectivity devices. security managers try to access the unauthorized user entering the network to access the information. The security managers may monitor the domain and local admin access to the server. If the highley important data and keys may be hacked. The network security may be week so it can be easily attacked and the sensitivity information may be lost. If the encryption key is good it can't decrypted by the hacker. 10
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Maintaing Access The attacker get a access permission to enter the network. This part is very critical to findout the attacker's vulnerability to detection. The intrusions can be detected using the device IDS and IPS. Covering tracks The attackers get the information and hide the intrusion because they can visit the victims in the future. The unusual activity and unexpected behaviour of the system can be tracked. The security team already will be having some knoweledge about how the hacker hack the victims so they can try to prevent. The tools are tested in order for the project to be analyzed. The tools’ analysis is utilized in the breach in Digital Forensics. Their brief descriptions are found below. Nmap Nmap, preferred by many worldwide, is an online port scanner that hosts security tools. It can scan your network servers as well as your devices from an independent source or from outside your firewall. It supports the operations of the functioning frameworks.Nmap is more compatible and faster on Linux but can also be used on Windows framework. With Linux frameworks, it offers users easier and better access to security apparatus options. Steps for using Nmap in Linux Step-1: Operating system Installation Step-2: Ubuntu Installation Step-3: Nmap Installation from source Nmap scan categories, as shown in the next picture, is primarily needed. 11
Python code for the execution of the Nmap scan is executed.(Stark State College - North Canton, Ohio, 2018). 12
Tomcat Tomcat is a software that is an open source implementation of the Java Servlet.It responds to the requests of webpages in a web browser accessed by the user.It is used in web servers such as Apache software as a standard tool in providing static pages and delivering requests of webpages and dynamic servlet. The following are the steps in using Tomcat web server (Jahankhani, 2010). oInstall Java oUnzip Tomcat oDownload Eclipse oSay Eclipse about Tomcat oTest the server oAdjust Eclipse preferences SSL Secure Sockets Layer (SSL) is a standard security technology for establishing an encrypted links between a server and a client—typically a web server (website) and a browser, or a mail server and a mail client (e.g., Outlook), keeping all information exchanged in between remain private and secure.SSL, considered to be the standard, is preferred and used by many websites that hosts online transactions done by customers. To utilized SSL links, a user needs to acquire an SSL certificate. A series of tasks to be finished are prompt when a user enables SSL on his/ her server.These tasks are usually about the user identity and the web server used.Cryptographic keys, such as private and public keys, are utilized by the web servers. SSL protocols remain hidden from the customers. It depends on the search engines or internet providers to show the key indicator to their users. Clicking on the lock symbol gives user access to the SSL certificate and information.Companies granted with SSL certificates have legal accountability. 13
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Keystore A Java Keystore is a container for authorization certificates or public key certificates, and is often used by Java-based applications for encryption, authentication, and serving over HTTPS. Its entries are protected by a keystore password. A keystore entry is identified by an alias, and it consists of keys and certificates that form a trust chain. A Java Keytool is a key and a certificate management tool that is used to manipulate Java Keystores, and is included with Java. Tshark Also called Network Protocol Analyzer, Tshark gives users sends and reads packet information in between networks based on the file of the last saved shot.It either prints or writs the decoded packets into a file. Portpoof The system containing the data and the scripts are nowwritable because ofthe protection of portpoof. 4.PEN TESTING a wen server 14
This is the setup used in the pen testing. It is a standardsetup so I used the same setup Installed akali linux after downloading the source fromhttps://www.kali.org/ Used the following command to install the pen testing FW and do pen testing qvm-create --proxy --label=purple --template fedora-25-minimal Pentesting-FW qvm-prefs -s Pentesting-FW netvm sys-firewall qvm-prefs -s kali-test netvm Pentesting-FW qvm-prefs -s vuln-server netvm Pentesting-FW 15
qvm-create --proxy --label=purple --template fedora-25-minimal Pentesting-FW qvm-prefs -s Pentesting-FW netvm none Firewall setting. sudo iptables -I FORWARD 2 -s 10.137.4.19 -d 10.137.4.20 -j ACCEPT sudo iptables -I FORWARD 2 -s 10.137.4.20 -d 10.137.4.19 -j ACCEPT 5.Conclusion Scope of ethcal hacking is investigated. Ethical issues are studied and the legal issues are discussed. Methodology and the penetrating tools are studied and investaigated. One system penetration test is done in a virtual machine. The weeknesses of the virtual machine is investigated. Penetration tests is done. Suitable counter measures are investigated. 6.References Advances in Digital Forensics 9. (2016). BEAVER, K. (2018).HACKING FOR DUMMIES. [S.l.]: JOHN WILEY. Gogolin, G. (2013).Digital forensics explained. Boca Raton, FL: CRC Press. Haines, B., Schearer, M., & Thornton, F. (2008).Kismet hacking. Burlington, MA: Syngress Publishing, Inc. Holt, T., Bossler, A., & Seigfried-Spellar, K.Cybercrime and digital forensics. Jahankhani, H. (2010).Handbook of electronic security and digital forensics. New Jersey: World Scientific. Long, J. (2005).Google hacking for penetration testers. Rockland, Mass.: Syngress. 16
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Marshall, A. (2009).Digital Forensics. Chichester: John Wiley & Sons. Pollitt, M., & Shenoi, S. (2010).Advances in digital forensics. New York: Springer/International Federation for Information Processing. Ray, I., & Shenoi, S. (2011).Advances in digital forensics IV. New York: Springer. 17