Ethical Hacking: Methodology, Tools and Penetration Testing
VerifiedAdded on  2023/06/13
|17
|1703
|348
AI Summary
This article explores the scope of ethical hacking, including methodology, tools, and penetration testing. It investigates weaknesses in virtual machines and countermeasures. The article also covers Nmap, Tomcat, SSL, Keystore, Tshark, and more.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Table of Contents
1. Introduction.................................................................................................................................2
2. Scanning.......................................................................................................................................2
Findings................................................................................................................................................3
3. Penetrating the Desktop............................................................................................................10
4. Cracking the passwords............................................................................................................11
5. Conclusion..................................................................................................................................11
6. References..................................................................................................................................12
1
1. Introduction.................................................................................................................................2
2. Scanning.......................................................................................................................................2
Findings................................................................................................................................................3
3. Penetrating the Desktop............................................................................................................10
4. Cracking the passwords............................................................................................................11
5. Conclusion..................................................................................................................................11
6. References..................................................................................................................................12
1
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1. Introduction
Scope of ethcal hacking will be investigated. Ethical issues will be studied and the legal
issues will be discussed. Methodology and the penetrating tools will be studied and
investaigated. One system penetration test will be done in a virtual machine. The weeknesses
of the virtual machine will be investigated. Penetration tests will be done. Suitable counter
measures will be investigated.
2. VM Scanning
2
Scope of ethcal hacking will be investigated. Ethical issues will be studied and the legal
issues will be discussed. Methodology and the penetrating tools will be studied and
investaigated. One system penetration test will be done in a virtual machine. The weeknesses
of the virtual machine will be investigated. Penetration tests will be done. Suitable counter
measures will be investigated.
2. VM Scanning
2
Do the necessary technical tasks and opened the VM in virtual box. VM Workstation was slow.
Got the VM working
3
Got the VM working
3
Got the IP address of the VM
Opened settings. Selected setwork settings. IT address of the VM is noted down. This VM can be
accessed using this IP address now. The vm can be accessed in remote mode too. Direct console
access also possible,
Opened IFCONFIG command in terminal. Noted down the IP. Ips are matching.
NAT option is selected so that the IP address can communicate with the external world.
4
Opened settings. Selected setwork settings. IT address of the VM is noted down. This VM can be
accessed using this IP address now. The vm can be accessed in remote mode too. Direct console
access also possible,
Opened IFCONFIG command in terminal. Noted down the IP. Ips are matching.
NAT option is selected so that the IP address can communicate with the external world.
4
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Later stage of this work , Bridged adapter is used.
5
5
DHCP setting is selected for IP assignment.
Set the DNS server. If the DHCP server is able to provide this DNS SERVER details then this need not
be set manually.
6
Set the DNS server. If the DHCP server is able to provide this DNS SERVER details then this need not
be set manually.
6
Changed IP address is noted down now.
PINGED the DNS server and got the following results.
7
PINGED the DNS server and got the following results.
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
In windows OS , opened the PING in run window.
PING command is used and the response is shown below.
8
PING command is used and the response is shown below.
8
IP address of the VM and the host details are shwon below.
The host breach and attacking can be investigated with the help of the following tools.
NMAP, TOMCAT , NGREP , SSL , KEYSTORE , TCPDUMP and TSHARK
9
The host breach and attacking can be investigated with the help of the following tools.
NMAP, TOMCAT , NGREP , SSL , KEYSTORE , TCPDUMP and TSHARK
9
3. Penetrating the Desktop
The following procedures are used.
Reconnaissance
The black hat hacking is learning from different sources that targets a buisness. It is perfomed
in the operations such as internet searches,social engineering,non-intrusive network
scan,dumpster diving and domain name management. This phase are difficult to hacker and
defend against.
Scanning
The network weekness can be open port ,open services,malicious applications,week security
of data transfer and worst LAN and WAN equipment. Using scanning activity , The attacker
understands the the week points to get the data easily.
Prevention of the information
The unexpected port needs to shutdwon. Imporatant data and the only approved devices
should be allowed. Patching and LAN/WAN security will be maintained properly. End to
End process can be used to monitor so the so the information securely transferd.
Gaining access
The attacker get access to the resources. It gain some position of access to one or more
network connectivity devices. security managers try to access the unauthorized user entering
the network to access the information. The security managers may monitor the domain and
local admin access to the server. If the highley important data and keys may be hacked. The
network security may be week so it can be easily attacked and the sensitivity information
may be lost. If the encryption key is good it can't decrypted by the hacker.
10
The following procedures are used.
Reconnaissance
The black hat hacking is learning from different sources that targets a buisness. It is perfomed
in the operations such as internet searches,social engineering,non-intrusive network
scan,dumpster diving and domain name management. This phase are difficult to hacker and
defend against.
Scanning
The network weekness can be open port ,open services,malicious applications,week security
of data transfer and worst LAN and WAN equipment. Using scanning activity , The attacker
understands the the week points to get the data easily.
Prevention of the information
The unexpected port needs to shutdwon. Imporatant data and the only approved devices
should be allowed. Patching and LAN/WAN security will be maintained properly. End to
End process can be used to monitor so the so the information securely transferd.
Gaining access
The attacker get access to the resources. It gain some position of access to one or more
network connectivity devices. security managers try to access the unauthorized user entering
the network to access the information. The security managers may monitor the domain and
local admin access to the server. If the highley important data and keys may be hacked. The
network security may be week so it can be easily attacked and the sensitivity information
may be lost. If the encryption key is good it can't decrypted by the hacker.
10
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Maintaing Access
The attacker get a access permission to enter the network. This part is very critical to findout
the attacker's vulnerability to detection. The intrusions can be detected using the device IDS
and IPS.
Covering tracks
The attackers get the information and hide the intrusion because they can visit the victims in
the future. The unusual activity and unexpected behaviour of the system can be tracked. The
security team already will be having some knoweledge about how the hacker hack the victims
so they can try to prevent.
The tools are tested in order for the project to be analyzed. The tools’ analysis is utilized in the
breach in Digital Forensics. Their brief descriptions are found below.
Nmap
Nmap, preferred by many worldwide, is an online port scanner that hosts security
tools. It can scan your network servers as well as your devices from an independent source or
from outside your firewall.
It supports the operations of the functioning frameworks. Nmap is more compatible
and faster on Linux but can also be used on Windows framework. With Linux frameworks, it
offers users easier and better access to security apparatus options.
Steps for using Nmap in Linux
Step-1: Operating system Installation
Step-2: Ubuntu Installation
Step-3: Nmap Installation from source
Nmap scan categories, as shown in the next picture, is primarily needed.
11
The attacker get a access permission to enter the network. This part is very critical to findout
the attacker's vulnerability to detection. The intrusions can be detected using the device IDS
and IPS.
Covering tracks
The attackers get the information and hide the intrusion because they can visit the victims in
the future. The unusual activity and unexpected behaviour of the system can be tracked. The
security team already will be having some knoweledge about how the hacker hack the victims
so they can try to prevent.
The tools are tested in order for the project to be analyzed. The tools’ analysis is utilized in the
breach in Digital Forensics. Their brief descriptions are found below.
Nmap
Nmap, preferred by many worldwide, is an online port scanner that hosts security
tools. It can scan your network servers as well as your devices from an independent source or
from outside your firewall.
It supports the operations of the functioning frameworks. Nmap is more compatible
and faster on Linux but can also be used on Windows framework. With Linux frameworks, it
offers users easier and better access to security apparatus options.
Steps for using Nmap in Linux
Step-1: Operating system Installation
Step-2: Ubuntu Installation
Step-3: Nmap Installation from source
Nmap scan categories, as shown in the next picture, is primarily needed.
11
Python code for the execution of the Nmap scan is executed. (Stark State College -
North Canton, Ohio, 2018).
12
North Canton, Ohio, 2018).
12
Tomcat
Tomcat is a software that is an open source implementation of the Java Servlet. It
responds to the requests of webpages in a web browser accessed by the user. It is used in
web servers such as Apache software as a standard tool in providing static pages and
delivering requests of webpages and dynamic servlet.
The following are the steps in using Tomcat web server (Jahankhani, 2010).
o Install Java
o Unzip Tomcat
o Download Eclipse
o Say Eclipse about Tomcat
o Test the server
o Adjust Eclipse preferences
SSL
Secure Sockets Layer (SSL) is a standard security technology for establishing an
encrypted links between a server and a client—typically a web server (website) and a
browser, or a mail server and a mail client (e.g., Outlook), keeping all information exchanged
in between remain private and secure. SSL, considered to be the standard, is preferred and
used by many websites that hosts online transactions done by customers.
To utilized SSL links, a user needs to acquire an SSL certificate. A series of tasks to
be finished are prompt when a user enables SSL on his/ her server. These tasks are usually
about the user identity and the web server used. Cryptographic keys, such as private and
public keys, are utilized by the web servers.
SSL protocols remain hidden from the customers. It depends on the search engines or
internet providers to show the key indicator to their users. Clicking on the lock symbol gives
user access to the SSL certificate and information. Companies granted with SSL certificates
have legal accountability.
13
Tomcat is a software that is an open source implementation of the Java Servlet. It
responds to the requests of webpages in a web browser accessed by the user. It is used in
web servers such as Apache software as a standard tool in providing static pages and
delivering requests of webpages and dynamic servlet.
The following are the steps in using Tomcat web server (Jahankhani, 2010).
o Install Java
o Unzip Tomcat
o Download Eclipse
o Say Eclipse about Tomcat
o Test the server
o Adjust Eclipse preferences
SSL
Secure Sockets Layer (SSL) is a standard security technology for establishing an
encrypted links between a server and a client—typically a web server (website) and a
browser, or a mail server and a mail client (e.g., Outlook), keeping all information exchanged
in between remain private and secure. SSL, considered to be the standard, is preferred and
used by many websites that hosts online transactions done by customers.
To utilized SSL links, a user needs to acquire an SSL certificate. A series of tasks to
be finished are prompt when a user enables SSL on his/ her server. These tasks are usually
about the user identity and the web server used. Cryptographic keys, such as private and
public keys, are utilized by the web servers.
SSL protocols remain hidden from the customers. It depends on the search engines or
internet providers to show the key indicator to their users. Clicking on the lock symbol gives
user access to the SSL certificate and information. Companies granted with SSL certificates
have legal accountability.
13
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Keystore
A Java Keystore is a container for authorization certificates or public key certificates,
and is often used by Java-based applications for encryption, authentication, and serving over
HTTPS. Its entries are protected by a keystore password. A keystore entry is identified by an
alias, and it consists of keys and certificates that form a trust chain. A Java Keytool is a key
and a certificate management tool that is used to manipulate Java Keystores, and is included
with Java.
Tshark
Also called Network Protocol Analyzer, Tshark gives users sends and reads packet
information in between networks based on the file of the last saved shot. It either prints or
writs the decoded packets into a file.
Portpoof
The system containing the data and the scripts are now writable because of the
protection of portpoof.
4. PEN TESTING a wen server
14
A Java Keystore is a container for authorization certificates or public key certificates,
and is often used by Java-based applications for encryption, authentication, and serving over
HTTPS. Its entries are protected by a keystore password. A keystore entry is identified by an
alias, and it consists of keys and certificates that form a trust chain. A Java Keytool is a key
and a certificate management tool that is used to manipulate Java Keystores, and is included
with Java.
Tshark
Also called Network Protocol Analyzer, Tshark gives users sends and reads packet
information in between networks based on the file of the last saved shot. It either prints or
writs the decoded packets into a file.
Portpoof
The system containing the data and the scripts are now writable because of the
protection of portpoof.
4. PEN TESTING a wen server
14
This is the setup used in the pen testing. It is a standardsetup so I used the same setup
Installed akali linux after downloading the source from https://www.kali.org/
Used the following command to install the pen testing FW and do pen testing
qvm-create --proxy --label=purple --template fedora-25-minimal Pentesting-FW
qvm-prefs -s Pentesting-FW netvm sys-firewall
qvm-prefs -s kali-test netvm Pentesting-FW
qvm-prefs -s vuln-server netvm Pentesting-FW
15
Installed akali linux after downloading the source from https://www.kali.org/
Used the following command to install the pen testing FW and do pen testing
qvm-create --proxy --label=purple --template fedora-25-minimal Pentesting-FW
qvm-prefs -s Pentesting-FW netvm sys-firewall
qvm-prefs -s kali-test netvm Pentesting-FW
qvm-prefs -s vuln-server netvm Pentesting-FW
15
qvm-create --proxy --label=purple --template fedora-25-minimal Pentesting-FW
qvm-prefs -s Pentesting-FW netvm none
Firewall setting.
sudo iptables -I FORWARD 2 -s 10.137.4.19 -d 10.137.4.20 -j ACCEPT
sudo iptables -I FORWARD 2 -s 10.137.4.20 -d 10.137.4.19 -j ACCEPT
5. Conclusion
Scope of ethcal hacking is investigated. Ethical issues are studied and the legal issues are
discussed. Methodology and the penetrating tools are studied and investaigated. One system
penetration test is done in a virtual machine. The weeknesses of the virtual machine is
investigated. Penetration tests is done. Suitable counter measures are investigated.
6. References
Advances in Digital Forensics 9. (2016).
BEAVER, K. (2018). HACKING FOR DUMMIES. [S.l.]: JOHN WILEY.
Gogolin, G. (2013). Digital forensics explained. Boca Raton, FL: CRC Press.
Haines, B., Schearer, M., & Thornton, F. (2008). Kismet hacking. Burlington, MA: Syngress
Publishing, Inc.
Holt, T., Bossler, A., & Seigfried-Spellar, K. Cybercrime and digital forensics.
Jahankhani, H. (2010). Handbook of electronic security and digital forensics. New Jersey:
World Scientific.
Long, J. (2005). Google hacking for penetration testers. Rockland, Mass.: Syngress.
16
qvm-prefs -s Pentesting-FW netvm none
Firewall setting.
sudo iptables -I FORWARD 2 -s 10.137.4.19 -d 10.137.4.20 -j ACCEPT
sudo iptables -I FORWARD 2 -s 10.137.4.20 -d 10.137.4.19 -j ACCEPT
5. Conclusion
Scope of ethcal hacking is investigated. Ethical issues are studied and the legal issues are
discussed. Methodology and the penetrating tools are studied and investaigated. One system
penetration test is done in a virtual machine. The weeknesses of the virtual machine is
investigated. Penetration tests is done. Suitable counter measures are investigated.
6. References
Advances in Digital Forensics 9. (2016).
BEAVER, K. (2018). HACKING FOR DUMMIES. [S.l.]: JOHN WILEY.
Gogolin, G. (2013). Digital forensics explained. Boca Raton, FL: CRC Press.
Haines, B., Schearer, M., & Thornton, F. (2008). Kismet hacking. Burlington, MA: Syngress
Publishing, Inc.
Holt, T., Bossler, A., & Seigfried-Spellar, K. Cybercrime and digital forensics.
Jahankhani, H. (2010). Handbook of electronic security and digital forensics. New Jersey:
World Scientific.
Long, J. (2005). Google hacking for penetration testers. Rockland, Mass.: Syngress.
16
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Marshall, A. (2009). Digital Forensics. Chichester: John Wiley & Sons.
Pollitt, M., & Shenoi, S. (2010). Advances in digital forensics. New York:
Springer/International Federation for Information Processing.
Ray, I., & Shenoi, S. (2011). Advances in digital forensics IV. New York: Springer.
17
Pollitt, M., & Shenoi, S. (2010). Advances in digital forensics. New York:
Springer/International Federation for Information Processing.
Ray, I., & Shenoi, S. (2011). Advances in digital forensics IV. New York: Springer.
17
1 out of 17
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.