Ethical Hacking: Learning Summary
VerifiedAdded on 2022/12/28
|8
|1902
|1
AI Summary
This document provides a summary of the practical and theoretical knowledge acquired in ethical hacking, specifically in the field of penetration testing and vulnerability assessment. It covers various tasks and activities undertaken during the study, including scanning protocols, identifying vulnerabilities, and exploiting system loopholes. The document emphasizes the importance of ethical hacking in ensuring cybersecurity and preventing attacks on network systems.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Ethical Homework 1
Ethical Hacking: Learning Summary
DEAKIN UNIVERSITY
ETHICAL HACKING
On Track Submission
Task 8.1P Pentest report- Group Task
submitted by:
Ameer Hussain Mohamed Shibly
Tutor:
Rahul Ramdas
Group Members
1. Bomori Brian Boaz Omori
2. Sfrehman Syed Faiq Ur Rehman
3. Ahmohame Ameer Hussain Mohamed Shibly
Ethical Hacking: Learning Summary
DEAKIN UNIVERSITY
ETHICAL HACKING
On Track Submission
Task 8.1P Pentest report- Group Task
submitted by:
Ameer Hussain Mohamed Shibly
Tutor:
Rahul Ramdas
Group Members
1. Bomori Brian Boaz Omori
2. Sfrehman Syed Faiq Ur Rehman
3. Ahmohame Ameer Hussain Mohamed Shibly
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Ethical Homework 2
Introduction
Penetration testing, also called ethical hacking is a widely known cyber security practice
that is used to actively evaluate and assess the security of a network and information systems.
The objective of the activity is to identify loopholes and vulnerabilities (system weaknesses) that
could easily become hackers’ gateway. As a legal activity that is taken out as a long term
organizational operational maintenance, ethical hackers simulate system/network attacks from
attackers’ perspectives (Shivayogimath, 2014). At the advent of technology advancements, and
the increase in sophistication and magnitude of attacks on the other hand, makes ethical hacking
and other security control practices’ knowledge a must-have for all security experts. The main
purpose of this paper is to present a summary of both practical and theoretical knowledge that we
have acquired after learning about the different concepts and approaches of legally penetrating
into systems. We start by describing ethical hacking as an authorized activity, its impacts and
advantages. The sections that follow present the learning outcomes achieved from each of the
twelve tasks undertaken during the study.
Assessment
The practical based activities from task 1 helped us recover a lost admin password by
making a match directly by two inputs and two string constant. An AND operation was done and
the username auto-filled. The challenge required logging in with a provided username, using a
true statement to check whether the database is vulnerable to sql injection (‘or 1=1--) and
viewing a source code by capturing specific packets. This activity helped us use the WEBGOAT
application to bypass security measures and access the required information. After successfully
capturing source code, this task enabled us to use sqlmap to inject a new user into the system.
Introduction
Penetration testing, also called ethical hacking is a widely known cyber security practice
that is used to actively evaluate and assess the security of a network and information systems.
The objective of the activity is to identify loopholes and vulnerabilities (system weaknesses) that
could easily become hackers’ gateway. As a legal activity that is taken out as a long term
organizational operational maintenance, ethical hackers simulate system/network attacks from
attackers’ perspectives (Shivayogimath, 2014). At the advent of technology advancements, and
the increase in sophistication and magnitude of attacks on the other hand, makes ethical hacking
and other security control practices’ knowledge a must-have for all security experts. The main
purpose of this paper is to present a summary of both practical and theoretical knowledge that we
have acquired after learning about the different concepts and approaches of legally penetrating
into systems. We start by describing ethical hacking as an authorized activity, its impacts and
advantages. The sections that follow present the learning outcomes achieved from each of the
twelve tasks undertaken during the study.
Assessment
The practical based activities from task 1 helped us recover a lost admin password by
making a match directly by two inputs and two string constant. An AND operation was done and
the username auto-filled. The challenge required logging in with a provided username, using a
true statement to check whether the database is vulnerable to sql injection (‘or 1=1--) and
viewing a source code by capturing specific packets. This activity helped us use the WEBGOAT
application to bypass security measures and access the required information. After successfully
capturing source code, this task enabled us to use sqlmap to inject a new user into the system.
Ethical Homework 3
The tasks in this module included scanning the Internet Message Access Protocol
(IMAP), scanning mysql versions running on different host machines, scanning User datagram
protocol sweep, telnet version, and cert. Through these activities, IMAP, a simple banner
grabber for IMAP servers that is configured by running the RHOSTs and RTHREADS values
was scanned using the OWASP Broken Web Applications Project. This started by launching the
Metaspoilt application (application that helps find system security issues, verify vulnerabilities,
mitigations and manage security assessments) by running the myfconsole command. The set
RHOSTS command was run to the IP of the OWASB BWA machine to make it the host. Upon
successful completion of the task, the IMAP scan against the OWASP BWA machine was a
successful banner grab.
The activities in this module also helped us learn how to scan a network and determine
the MySQL version that a database is running on. The mysql_version command was used in this
case to scan a range of hosts to determine the version in question. The results indicated that the
OWASP BWA was not running any MySQL database. The udp_sweep scan was used to help
identify commonly available UDP services. The telnet_version was used to successfully scan the
subnet and finger print operational telnet servers. Finally, the tests in this module allowed the
team to cover a subnet and check whether server certificates are expired or not.
Blind SQL injection doesn’t provide direct query outputs on the page. We, therefore,
provided the database with a series of true and false questions to determine the solutions
considering that we had to extract 32 characters within a limit of 128. Since we were required to
extract an MD5 hash, and to make our option more viable, we ignored some printable characters
because hexadecimals are characterized by limited charset of 16 characters. ASCII characters
can be represented by 8 bits. Using 1 as a TRUE and 0 as FALSE required 8 queries to extract a
The tasks in this module included scanning the Internet Message Access Protocol
(IMAP), scanning mysql versions running on different host machines, scanning User datagram
protocol sweep, telnet version, and cert. Through these activities, IMAP, a simple banner
grabber for IMAP servers that is configured by running the RHOSTs and RTHREADS values
was scanned using the OWASP Broken Web Applications Project. This started by launching the
Metaspoilt application (application that helps find system security issues, verify vulnerabilities,
mitigations and manage security assessments) by running the myfconsole command. The set
RHOSTS command was run to the IP of the OWASB BWA machine to make it the host. Upon
successful completion of the task, the IMAP scan against the OWASP BWA machine was a
successful banner grab.
The activities in this module also helped us learn how to scan a network and determine
the MySQL version that a database is running on. The mysql_version command was used in this
case to scan a range of hosts to determine the version in question. The results indicated that the
OWASP BWA was not running any MySQL database. The udp_sweep scan was used to help
identify commonly available UDP services. The telnet_version was used to successfully scan the
subnet and finger print operational telnet servers. Finally, the tests in this module allowed the
team to cover a subnet and check whether server certificates are expired or not.
Blind SQL injection doesn’t provide direct query outputs on the page. We, therefore,
provided the database with a series of true and false questions to determine the solutions
considering that we had to extract 32 characters within a limit of 128. Since we were required to
extract an MD5 hash, and to make our option more viable, we ignored some printable characters
because hexadecimals are characterized by limited charset of 16 characters. ASCII characters
can be represented by 8 bits. Using 1 as a TRUE and 0 as FALSE required 8 queries to extract a
Ethical Homework 4
single character of this MD5 hash. solution would be to come up with a MySQL payload to
convert each character of the hash to binary and subsequently extract the last 4 bits (1 or 0) one
by one, making it 4 bits x32 (characters in MD5) = 128 (queries). The payload executes inside
two nested loops. The outer loop iterates 32 times varying ‘X’ from 1 to 32. This loop is the
length of the MD5 hash. The inner loop iterates 4 times for each character extracting 4 bits one at
time varying ‘y’ in this payload from 1 to 4. The Conv() function in the payload converts the
base of either a number or a character. Conv(‘a’, 16, 2) converts ‘a’ base 16 (Hexadecimal) to
base 2 (Binary). MySQL tends to ignore the first zeros returned by the Conv() function.
Lpad(‘a’, 4, ‘0’) ensures we have 4 bits exactly by restoring the ignored zero.
Through this task, we successfully identified publicly disclosed directories using the Burb
Proxy tool. This tool is normally used to crack web applications and has multiple features and
tools that enable attack on a web application. To discover these directories, the Burb needs to be
configured to use a manually set proxy for all protocols, web sites interception point be turned
off and left run on the background.
After the spidering process is completed, all the directories and their contents were
gathered and the attacker now can decide on his areas of interest and completes his desired
activities. Different languages of developing applications have their own unique ways of
organization of their files, on analyzing the contents the files in the directory of the Mutillidae
application, the language which has been used in its development can be known.
To access the pictures, one ought to login and access them. Burbsuite was to intercept the
traffic, I will login to the site using credentials that I was registered with, and tries to order for
the picture. From the Picture details. The URL for the picture is shown and is showing the path
where the pictures are stored, hence from these information the path to the pictures folder has
single character of this MD5 hash. solution would be to come up with a MySQL payload to
convert each character of the hash to binary and subsequently extract the last 4 bits (1 or 0) one
by one, making it 4 bits x32 (characters in MD5) = 128 (queries). The payload executes inside
two nested loops. The outer loop iterates 32 times varying ‘X’ from 1 to 32. This loop is the
length of the MD5 hash. The inner loop iterates 4 times for each character extracting 4 bits one at
time varying ‘y’ in this payload from 1 to 4. The Conv() function in the payload converts the
base of either a number or a character. Conv(‘a’, 16, 2) converts ‘a’ base 16 (Hexadecimal) to
base 2 (Binary). MySQL tends to ignore the first zeros returned by the Conv() function.
Lpad(‘a’, 4, ‘0’) ensures we have 4 bits exactly by restoring the ignored zero.
Through this task, we successfully identified publicly disclosed directories using the Burb
Proxy tool. This tool is normally used to crack web applications and has multiple features and
tools that enable attack on a web application. To discover these directories, the Burb needs to be
configured to use a manually set proxy for all protocols, web sites interception point be turned
off and left run on the background.
After the spidering process is completed, all the directories and their contents were
gathered and the attacker now can decide on his areas of interest and completes his desired
activities. Different languages of developing applications have their own unique ways of
organization of their files, on analyzing the contents the files in the directory of the Mutillidae
application, the language which has been used in its development can be known.
To access the pictures, one ought to login and access them. Burbsuite was to intercept the
traffic, I will login to the site using credentials that I was registered with, and tries to order for
the picture. From the Picture details. The URL for the picture is shown and is showing the path
where the pictures are stored, hence from these information the path to the pictures folder has
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Ethical Homework 5
been identified/ so an attacker can now browse to that directory and access all the pictures
without paying for them.
The assessment tasks also enabled us to navigate into the directory using the URL link
http://192,16.12../192.156.12 (F). First we needed to ensure that Burb suite is started, and tried
to login as admin and the traffic is generated and the directory for admin Login will be caught in
the Burbsuite and this is where the information pertaining to admin users are stored .Also the
form actions when they are submitted, from Burbsuite one can identify and be able to get data
pertaining to admin users. Scanner can also be used to access the data of admin users hence the
data can now be used in unauthorized sites.
To exploit vulnerabilities of a network with access of only ip address, we can be able to
find vulnerabilities by the name by executing command: Search vsftpd on the hacker machine.
And we can find the location of exploitation i.e. found to be: use
exploit/unix/ftp/vsftpd_234_backdoor and other options can be found by running show options
from the terminal search.
Reflection
Penetration testers must follow certain methodologies to successfully identify system
loopholes, threats and vulnerabilities facing organizations’ digital systems/infrastructures. They
must also use universally accepted tools and follow standardized procedure to identify corrective
measures for the identified threats (Jimenez & Lopez, 2016). The tests have serious
consequences on computer and network systems. If badly conducted, they may cause total
shutdown and/or death of the systems, traffic congestions and at times system crashing. At the
extreme cases, the tests can cause the attacks that they are meant to prevent. As such, following
been identified/ so an attacker can now browse to that directory and access all the pictures
without paying for them.
The assessment tasks also enabled us to navigate into the directory using the URL link
http://192,16.12../192.156.12 (F). First we needed to ensure that Burb suite is started, and tried
to login as admin and the traffic is generated and the directory for admin Login will be caught in
the Burbsuite and this is where the information pertaining to admin users are stored .Also the
form actions when they are submitted, from Burbsuite one can identify and be able to get data
pertaining to admin users. Scanner can also be used to access the data of admin users hence the
data can now be used in unauthorized sites.
To exploit vulnerabilities of a network with access of only ip address, we can be able to
find vulnerabilities by the name by executing command: Search vsftpd on the hacker machine.
And we can find the location of exploitation i.e. found to be: use
exploit/unix/ftp/vsftpd_234_backdoor and other options can be found by running show options
from the terminal search.
Reflection
Penetration testers must follow certain methodologies to successfully identify system
loopholes, threats and vulnerabilities facing organizations’ digital systems/infrastructures. They
must also use universally accepted tools and follow standardized procedure to identify corrective
measures for the identified threats (Jimenez & Lopez, 2016). The tests have serious
consequences on computer and network systems. If badly conducted, they may cause total
shutdown and/or death of the systems, traffic congestions and at times system crashing. At the
extreme cases, the tests can cause the attacks that they are meant to prevent. As such, following
Ethical Homework 6
the correct methodologies, and having organizational consent have a direct impact in the success
of the activity.
For various reasons, network and system penetration testing is increasingly becoming a
complicated activity. Internal networks have much of their access rights given to legitimate
users, along with high privilege levels that are located outside the firewall. Connections to the
public internet exponentially increases chances of attacks.
Depending on organizational security needs, penetration testing can either be external or
internal. Internal penetration tests are used to unmask risks and vulnerabilities that emanate from
within the organization such as effects of disgruntled employees’ activities and is conducted by
connecting to the organizational local area network infrastructure. External hacking on the other
hand is used to reveal possible actions and efects of hackers’ activities should they gain access
and/or control of the network system (Denis, et al., 2016). The threats identified using this
method are inherent to the public internet.
Based on system knowledge that security experts have on the systems- a penetration
testing can described as being black, white or gray testing. The white testing is in other terms
described as the complete knowledge testing since the testers are supplied with all information
regarding the system. Under black box testing, the testers have no knowledge about the system
while with the gray testing, testers usually simulate employee activities from the internal network
side.
Conclusion
Cybersecurity awareness is a concern for all organizations that mind their reputation and
customer trust. Failure to mitigate, and prevent attaks has dealt many organizations devastating
the correct methodologies, and having organizational consent have a direct impact in the success
of the activity.
For various reasons, network and system penetration testing is increasingly becoming a
complicated activity. Internal networks have much of their access rights given to legitimate
users, along with high privilege levels that are located outside the firewall. Connections to the
public internet exponentially increases chances of attacks.
Depending on organizational security needs, penetration testing can either be external or
internal. Internal penetration tests are used to unmask risks and vulnerabilities that emanate from
within the organization such as effects of disgruntled employees’ activities and is conducted by
connecting to the organizational local area network infrastructure. External hacking on the other
hand is used to reveal possible actions and efects of hackers’ activities should they gain access
and/or control of the network system (Denis, et al., 2016). The threats identified using this
method are inherent to the public internet.
Based on system knowledge that security experts have on the systems- a penetration
testing can described as being black, white or gray testing. The white testing is in other terms
described as the complete knowledge testing since the testers are supplied with all information
regarding the system. Under black box testing, the testers have no knowledge about the system
while with the gray testing, testers usually simulate employee activities from the internal network
side.
Conclusion
Cybersecurity awareness is a concern for all organizations that mind their reputation and
customer trust. Failure to mitigate, and prevent attaks has dealt many organizations devastating
Ethical Homework 7
blows. As such, ethical hacking helps organizations avoid financial implications, data loss and
damages to their reputation. It also helps organizations audit their systems for compliance with
design standards such as HIPAA, GLBA and PCI DSS, thus avoiding hefty fines that may
accompany non-compliance. False positives given by automated scanners are identified through
pen testing, thus helping organizations prioritize and plan for remedy actions.
blows. As such, ethical hacking helps organizations avoid financial implications, data loss and
damages to their reputation. It also helps organizations audit their systems for compliance with
design standards such as HIPAA, GLBA and PCI DSS, thus avoiding hefty fines that may
accompany non-compliance. False positives given by automated scanners are identified through
pen testing, thus helping organizations prioritize and plan for remedy actions.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Ethical Homework 8
Bibliography
Denis, M., Zena, C. & Thaier, H., 2016. Penetration testing: Concepts, attack methods, and defense
strategies. s.l., IEEE.
Jimenez, D. & Lopez, R. E., 2016. Pentesting on web applications using ethical-hacking. s.l., IEEE, pp. 1-6.
Shivayogimath, C. N., 2014. An overview of network penetration testing. International Journal of
Research in Engineering and Technology, 3(7), pp. 408-413.
Bibliography
Denis, M., Zena, C. & Thaier, H., 2016. Penetration testing: Concepts, attack methods, and defense
strategies. s.l., IEEE.
Jimenez, D. & Lopez, R. E., 2016. Pentesting on web applications using ethical-hacking. s.l., IEEE, pp. 1-6.
Shivayogimath, C. N., 2014. An overview of network penetration testing. International Journal of
Research in Engineering and Technology, 3(7), pp. 408-413.
1 out of 8
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.