Ethical Hacking: Web Shell, Apache, Nmap, Linux Privilege Escalation
VerifiedAdded on 2023/06/04
|18
|1965
|111
AI Summary
This report discusses ethical hacking with a case study of a virtual machine. It explains and discusses important details about the five flags, followed by Apache server, Nmap, and much more. Each flag is explained clearly with steps and instructions, where it will mention about the flags usage, it's impact and the tool it uses to conduct various processes.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Ethical Hacking
1
1
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Executive Summary
This report gives information related to web shell and related to ethical hacking. The virtual
machine case study is used throughout this report. This report explains and discusses
important details about the five flags, followed by Apache server, Nmap and much more.
Each flag is explained clearly with steps and instructions, where it will mention about the
flags usage, it's impact and the tool it uses to conduct various processes.
2
This report gives information related to web shell and related to ethical hacking. The virtual
machine case study is used throughout this report. This report explains and discusses
important details about the five flags, followed by Apache server, Nmap and much more.
Each flag is explained clearly with steps and instructions, where it will mention about the
flags usage, it's impact and the tool it uses to conduct various processes.
2
Table of Contents
1 Goal of the Project............................................................................................................1
2 Defined methodology and Testing Log...........................................................................1
Flag 1)....................................................................................................................................2
Flag 2)....................................................................................................................................4
Flag 3)....................................................................................................................................5
Flag 4)..................................................................................................................................11
Flag 5)..................................................................................................................................13
3 Results and Recommendations......................................................................................13
3
1 Goal of the Project............................................................................................................1
2 Defined methodology and Testing Log...........................................................................1
Flag 1)....................................................................................................................................2
Flag 2)....................................................................................................................................4
Flag 3)....................................................................................................................................5
Flag 4)..................................................................................................................................11
Flag 5)..................................................................................................................................13
3 Results and Recommendations......................................................................................13
3
1 Aim of the Project
This is the project which discussed about ethical hacking. To proceed this a case study
which is already provided. There are certain things which the user has to have for infiltrating
the system which is given. Moreover, it is requested to get the root level privileges. This
report will mainly talk about five flags. These five flags are completed using the provided
case study of virtual machine. Each flag will be explained clearly, where it will mention
about the flags usage, it's impact and the tool it uses to conduct various processes. Therefore,
here the flags will be analysed and discussed in detail.
2 Defined methodology and Testing Log
The testing log process starts with the installation of Virtual machine. This looks exactly
as illustrated in the following image (Allen, Heriyanto & Ali, 2014).
4
This is the project which discussed about ethical hacking. To proceed this a case study
which is already provided. There are certain things which the user has to have for infiltrating
the system which is given. Moreover, it is requested to get the root level privileges. This
report will mainly talk about five flags. These five flags are completed using the provided
case study of virtual machine. Each flag will be explained clearly, where it will mention
about the flags usage, it's impact and the tool it uses to conduct various processes. Therefore,
here the flags will be analysed and discussed in detail.
2 Defined methodology and Testing Log
The testing log process starts with the installation of Virtual machine. This looks exactly
as illustrated in the following image (Allen, Heriyanto & Ali, 2014).
4
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Flag 1
Here, let us get to know about Apache. It refers to a web server which is supports most of the
major platforms. The Apache server is stored in the operating system's different directory.
This is because of it's efforts for finding the file's whenever required (Buchanan, 2014).
Hence, for identifying the apache configuration file there exists certain methods which can
swiftly locate and complete the process with ease. It gives the details of Apache installation's
5
Here, let us get to know about Apache. It refers to a web server which is supports most of the
major platforms. The Apache server is stored in the operating system's different directory.
This is because of it's efforts for finding the file's whenever required (Buchanan, 2014).
Hence, for identifying the apache configuration file there exists certain methods which can
swiftly locate and complete the process with ease. It gives the details of Apache installation's
5
directory structure for all the major platforms or the OSes. The following indicates the web
server content.
The following table indicates the Apache httpd 2.4 default layout (apache.org source
package):
The following table denotes the Apache httpd 2.2 default layout (apache.org source
package):
6
server content.
The following table indicates the Apache httpd 2.4 default layout (apache.org source
package):
The following table denotes the Apache httpd 2.2 default layout (apache.org source
package):
6
The following table represents the layout of Apache httpd 2.0 default layout (apache.org
source package):
Flag 2
The flag 2 introduces the web shells are small programs or scripts which can be
uploaded to the vulnerable server and it can be opened from the browser, to provide a web
based interface to run the system commands. Generally, the web shells are the backdoors
which run from the browser (Eliot, 2016). The suitable or supporting programming language is
used for the web server's, web shell script. Here, php language is utilixed. The web shells
provides a quick graphical user interface for performing the following activities:
Travelling across the directories, viewing the files, editing the files, downloading the files,
deleting the files, uploading the files, executing MySQL queries or the commands, bypassing
the mod_security, giving permissions to the directory/folders and executing the shell
commands.
c99 web shell
The other web shell we are going to introduce here is, c99. This specific web shell for pho is
so popular and it is just due to it's supportive and effective features. (Engebretson, 2013).
Certain powerful features include, file browsing, uploading, deleting, executing commands,
viewing the system details, viewing all the running processes, running the php code etc.
7
source package):
Flag 2
The flag 2 introduces the web shells are small programs or scripts which can be
uploaded to the vulnerable server and it can be opened from the browser, to provide a web
based interface to run the system commands. Generally, the web shells are the backdoors
which run from the browser (Eliot, 2016). The suitable or supporting programming language is
used for the web server's, web shell script. Here, php language is utilixed. The web shells
provides a quick graphical user interface for performing the following activities:
Travelling across the directories, viewing the files, editing the files, downloading the files,
deleting the files, uploading the files, executing MySQL queries or the commands, bypassing
the mod_security, giving permissions to the directory/folders and executing the shell
commands.
c99 web shell
The other web shell we are going to introduce here is, c99. This specific web shell for pho is
so popular and it is just due to it's supportive and effective features. (Engebretson, 2013).
Certain powerful features include, file browsing, uploading, deleting, executing commands,
viewing the system details, viewing all the running processes, running the php code etc.
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
The following screenshot represents c99 web shell.
Flag 3
In flag 3, hashcat will be discussed because at present it is the finest password
cracker available.
Step – 1 Open Hashcat
For opening hashcat the following instructions must be followed (Ethical hacking and
countermeasures, 2017):
8
Flag 3
In flag 3, hashcat will be discussed because at present it is the finest password
cracker available.
Step – 1 Open Hashcat
For opening hashcat the following instructions must be followed (Ethical hacking and
countermeasures, 2017):
8
Applications -> Kali Linux -> Password Attacks -> Offline Attacks -> hashcat
Go to the menu item of hashcat, it will open the help screen.
The above screen displays the basic hashcat syntax, as follows,
kali > hashcat options hashfile mask|wordfiles|directories
9
Go to the menu item of hashcat, it will open the help screen.
The above screen displays the basic hashcat syntax, as follows,
kali > hashcat options hashfile mask|wordfiles|directories
9
Step 2 More Extensive Options
Hashcat begins by enabling the rules which could be applicable for the designed rules, for
using our wordlist file.
10
Hashcat begins by enabling the rules which could be applicable for the designed rules, for
using our wordlist file.
10
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Step 3 Choose Your Wordlist
Type the below instruction for finding the built in wordlists present in Kali system (Halton &
Weaver, 2016):
kali > locate wordlist
11
Type the below instruction for finding the built in wordlists present in Kali system (Halton &
Weaver, 2016):
kali > locate wordlist
11
Step 4 Grab the Hashes
Here, on the Kali system grab all the hashes. It is required to view the hashes for grabbing
them and this possible when the user is logged in as the root. But, the difference in Linux
system is that the hashes will be stored in the following directory,
/etc/shadow file
Hence, type as shown below.
kali > tail /etc/shadow
12
Here, on the Kali system grab all the hashes. It is required to view the hashes for grabbing
them and this possible when the user is logged in as the root. But, the difference in Linux
system is that the hashes will be stored in the following directory,
/etc/shadow file
Hence, type as shown below.
kali > tail /etc/shadow
12
Type the following to open the file,
kali > more /etc/login.defs
Step 5 Crack the Hashes
Separate the hashes in a different file and name it, hash.lst.
kali > cp /etc/shadow hash.lst
Thn type the following ("Kali Linux – Assuring Security by Penetration Testing", 2014):
more hash.lst
The last step helps to begin cracking the hashes, as follows:
kali > hashcat -m 1800 -a 0 -o cracked.txt --remove hash.lst /usr/share/sqlmap/txt/wordlist.txt
13
kali > more /etc/login.defs
Step 5 Crack the Hashes
Separate the hashes in a different file and name it, hash.lst.
kali > cp /etc/shadow hash.lst
Thn type the following ("Kali Linux – Assuring Security by Penetration Testing", 2014):
more hash.lst
The last step helps to begin cracking the hashes, as follows:
kali > hashcat -m 1800 -a 0 -o cracked.txt --remove hash.lst /usr/share/sqlmap/txt/wordlist.txt
13
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Flag 4)
Nmap is …
Flexible: It supports various advanced techniques for mapping the networks which
contains the following, IP filters, firewalls, routers, and various obstacles. It also
contains multiple port scanning techniques such as TCP and UDP. Then it helps with
detecting the operation system, detecting the version, ping sweeps etc.
Powerful: It is utilized for scanning large networks.
Portable: It is supported by various operating systems such as, Linux, Microsoft
Windows, OpenBSD, FreeBSD, Solaris, IRIX, Amiga, P-UX, NetBSD, Mac OS X, H
Sun OS, etc (Loh-Hagan, n.d.).
Easy: It's advanced features helps to provide easy usage.
14
Nmap is …
Flexible: It supports various advanced techniques for mapping the networks which
contains the following, IP filters, firewalls, routers, and various obstacles. It also
contains multiple port scanning techniques such as TCP and UDP. Then it helps with
detecting the operation system, detecting the version, ping sweeps etc.
Powerful: It is utilized for scanning large networks.
Portable: It is supported by various operating systems such as, Linux, Microsoft
Windows, OpenBSD, FreeBSD, Solaris, IRIX, Amiga, P-UX, NetBSD, Mac OS X, H
Sun OS, etc (Loh-Hagan, n.d.).
Easy: It's advanced features helps to provide easy usage.
14
Free: It aims in helping the users to secure their Network and got providing advanced
tool for the administrators, auditors and the hackers with an advanced tool for
exploring their networks. Thus, it can be downloaded for free from the internet.
Well Documented: it has worked on documentation of the related whitepapers,
tutorials, and book (McPhee, 2017).
Supported: It has a community to help the users with queries and help for both the
developers and the users. The community's interaction takes place on the Nmap
mailing lists, where several bug reports along with questions will be sent for the
nmap-dev list once the guidelines are read. It is suggested to that the users must
subscribe to the low-traffic nmap-hackers announcement list, for updates. Nmap is
also available on Facebook and Twitter. It even carries out real-time chat, for which
the users has to join #nmap channel present on Freenode or EFNet.
Acclaimed: It has been awarded with several awards along with, “Information
Security Product of the Year” by Linux Journal, Info World and Codetalker Digest.
Popular: It is popular and large number of users download it, regularly because it
contains various operating systems such as, Redhat Linux, Debian Linux, Gentoo,
FreeBSD, OpenBSD and much more (Nájera-Gutiérrez, n.d.).
in Kali, follow the below instructions to open Nmap.
Open terminal
Type Nmap.
kali > Nmap
This represents the help screen.
15
tool for the administrators, auditors and the hackers with an advanced tool for
exploring their networks. Thus, it can be downloaded for free from the internet.
Well Documented: it has worked on documentation of the related whitepapers,
tutorials, and book (McPhee, 2017).
Supported: It has a community to help the users with queries and help for both the
developers and the users. The community's interaction takes place on the Nmap
mailing lists, where several bug reports along with questions will be sent for the
nmap-dev list once the guidelines are read. It is suggested to that the users must
subscribe to the low-traffic nmap-hackers announcement list, for updates. Nmap is
also available on Facebook and Twitter. It even carries out real-time chat, for which
the users has to join #nmap channel present on Freenode or EFNet.
Acclaimed: It has been awarded with several awards along with, “Information
Security Product of the Year” by Linux Journal, Info World and Codetalker Digest.
Popular: It is popular and large number of users download it, regularly because it
contains various operating systems such as, Redhat Linux, Debian Linux, Gentoo,
FreeBSD, OpenBSD and much more (Nájera-Gutiérrez, n.d.).
in Kali, follow the below instructions to open Nmap.
Open terminal
Type Nmap.
kali > Nmap
This represents the help screen.
15
The results look as illustrated in the following screenshot. The screenshot displys all the TCP
ports which are possibly open for the moment on our target machine. Along with the open
ports it even displays the default service for the related port.
16
ports which are possibly open for the moment on our target machine. Along with the open
ports it even displays the default service for the related port.
16
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Flag 5
The following includes the basic Linux privilege escalation on which knowledge is
gained (Oriyano, 2017):
Basics of operating System
Basics of Confidential Information along with user involvement.
Basics of applications and Services
Basics of Communications as well as Networking.
Basics of File Systems
Code Preparation
Identifying the Exploit Code
3 Results and Recommendations
The details of ethical hacking are discussed successfully in this report. The user proceeds
the case study on virtual machine. The report also represents the things which are needed for
infiltrating the system with root level privileges for the already provided system. This report
has mainly focussed on the five flags which relate to the case study of virtual machine.The
very first flag helps in web server content examining. To do this it requires identifying the
username and password of the admin. The next flag helps to learn about the web shells which
has significant role. Then comes the third flag and it determined to help in cracking the
password with the help of the web shell. Whereas, the fourth flag helps in finding out any
mistakes from the user while entering the password on the system. To do this it needs
scanning and hence the TCP port scanner tool is utilized. Finally, the last flag works on
learning the basic Linux privilege escalations to help the required process.
Henceforth, each flag is explained clearly, where it has specified about the usage of the
flags, it's influence and the tools used for conducting various processes for instance port
scanning, password cracking and so on.
17
The following includes the basic Linux privilege escalation on which knowledge is
gained (Oriyano, 2017):
Basics of operating System
Basics of Confidential Information along with user involvement.
Basics of applications and Services
Basics of Communications as well as Networking.
Basics of File Systems
Code Preparation
Identifying the Exploit Code
3 Results and Recommendations
The details of ethical hacking are discussed successfully in this report. The user proceeds
the case study on virtual machine. The report also represents the things which are needed for
infiltrating the system with root level privileges for the already provided system. This report
has mainly focussed on the five flags which relate to the case study of virtual machine.The
very first flag helps in web server content examining. To do this it requires identifying the
username and password of the admin. The next flag helps to learn about the web shells which
has significant role. Then comes the third flag and it determined to help in cracking the
password with the help of the web shell. Whereas, the fourth flag helps in finding out any
mistakes from the user while entering the password on the system. To do this it needs
scanning and hence the TCP port scanner tool is utilized. Finally, the last flag works on
learning the basic Linux privilege escalations to help the required process.
Henceforth, each flag is explained clearly, where it has specified about the usage of the
flags, it's influence and the tools used for conducting various processes for instance port
scanning, password cracking and so on.
17
References
Allen, L., Heriyanto, T., & Ali, S. (2014). Kali Linux - assuring security by penetration
testing. Birmingham, UK: Packt Pub.
Buchanan, C. (2014). Kali LInux CTF blueprints. Birmingham, UK: Packt Pub.
Cengage Learning. (2017). Ethical hacking and countermeasures. Boston, MA.
Eliot, G. (2016). The Mill on the Floss. Dinslaken: Anboco.
Engebretson, P. (2013). The basics of hacking and penetration testing. Waltham, MA:
Syngress/Elsevier.
Halton, W., & Weaver, B. (2016). Kali Linux 2. Birmingham, UK: Packt Publishing.
Kali Linux – Assuring Security by Penetration Testing. (2014). Network Security, 2014(8), 4.
doi: 10.1016/s1353-4858(14)70077-7
Loh-Hagan, V. Ethical hacker.
McPhee, M. (2017). Mastering Kali Linux for Web Penetration Testing. Birmingham: Packt
Publishing.
Nájera-Gutiérrez, G. Kali Linux web penetration testing cookbook.
Oriyano, S. (2017). Kali Linux Wireless Penetration Testing Cookbook. Birmingham: Packt
Publishing.
18
Allen, L., Heriyanto, T., & Ali, S. (2014). Kali Linux - assuring security by penetration
testing. Birmingham, UK: Packt Pub.
Buchanan, C. (2014). Kali LInux CTF blueprints. Birmingham, UK: Packt Pub.
Cengage Learning. (2017). Ethical hacking and countermeasures. Boston, MA.
Eliot, G. (2016). The Mill on the Floss. Dinslaken: Anboco.
Engebretson, P. (2013). The basics of hacking and penetration testing. Waltham, MA:
Syngress/Elsevier.
Halton, W., & Weaver, B. (2016). Kali Linux 2. Birmingham, UK: Packt Publishing.
Kali Linux – Assuring Security by Penetration Testing. (2014). Network Security, 2014(8), 4.
doi: 10.1016/s1353-4858(14)70077-7
Loh-Hagan, V. Ethical hacker.
McPhee, M. (2017). Mastering Kali Linux for Web Penetration Testing. Birmingham: Packt
Publishing.
Nájera-Gutiérrez, G. Kali Linux web penetration testing cookbook.
Oriyano, S. (2017). Kali Linux Wireless Penetration Testing Cookbook. Birmingham: Packt
Publishing.
18
1 out of 18
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.