Ethical Hacking: Learning Summary
Added on 2022-12-28
8 Pages1902 Words1 Views
Ethical Homework 1
Ethical Hacking: Learning Summary
DEAKIN UNIVERSITY
ETHICAL HACKING
On Track Submission
Task 8.1P Pentest report- Group Task
submitted by:
Ameer Hussain Mohamed Shibly
Tutor:
Rahul Ramdas
Group Members
1. Bomori Brian Boaz Omori
2. Sfrehman Syed Faiq Ur Rehman
3. Ahmohame Ameer Hussain Mohamed Shibly
Ethical Hacking: Learning Summary
DEAKIN UNIVERSITY
ETHICAL HACKING
On Track Submission
Task 8.1P Pentest report- Group Task
submitted by:
Ameer Hussain Mohamed Shibly
Tutor:
Rahul Ramdas
Group Members
1. Bomori Brian Boaz Omori
2. Sfrehman Syed Faiq Ur Rehman
3. Ahmohame Ameer Hussain Mohamed Shibly
Ethical Homework 2
Introduction
Penetration testing, also called ethical hacking is a widely known cyber security practice
that is used to actively evaluate and assess the security of a network and information systems.
The objective of the activity is to identify loopholes and vulnerabilities (system weaknesses) that
could easily become hackers’ gateway. As a legal activity that is taken out as a long term
organizational operational maintenance, ethical hackers simulate system/network attacks from
attackers’ perspectives (Shivayogimath, 2014). At the advent of technology advancements,
and the increase in sophistication and magnitude of attacks on the other hand, makes ethical
hacking and other security control practices’ knowledge a must-have for all security experts. The
main purpose of this paper is to present a summary of both practical and theoretical knowledge
that we have acquired after learning about the different concepts and approaches of legally
penetrating into systems. We start by describing ethical hacking as an authorized activity, its
impacts and advantages. The sections that follow present the learning outcomes achieved from
each of the twelve tasks undertaken during the study.
Assessment
The practical based activities from task 1 helped us recover a lost admin password by
making a match directly by two inputs and two string constant. An AND operation was done and
the username auto-filled. The challenge required logging in with a provided username, using a
true statement to check whether the database is vulnerable to sql injection (‘or 1=1--) and
viewing a source code by capturing specific packets. This activity helped us use the WEBGOAT
application to bypass security measures and access the required information. After successfully
capturing source code, this task enabled us to use sqlmap to inject a new user into the system.
Introduction
Penetration testing, also called ethical hacking is a widely known cyber security practice
that is used to actively evaluate and assess the security of a network and information systems.
The objective of the activity is to identify loopholes and vulnerabilities (system weaknesses) that
could easily become hackers’ gateway. As a legal activity that is taken out as a long term
organizational operational maintenance, ethical hackers simulate system/network attacks from
attackers’ perspectives (Shivayogimath, 2014). At the advent of technology advancements,
and the increase in sophistication and magnitude of attacks on the other hand, makes ethical
hacking and other security control practices’ knowledge a must-have for all security experts. The
main purpose of this paper is to present a summary of both practical and theoretical knowledge
that we have acquired after learning about the different concepts and approaches of legally
penetrating into systems. We start by describing ethical hacking as an authorized activity, its
impacts and advantages. The sections that follow present the learning outcomes achieved from
each of the twelve tasks undertaken during the study.
Assessment
The practical based activities from task 1 helped us recover a lost admin password by
making a match directly by two inputs and two string constant. An AND operation was done and
the username auto-filled. The challenge required logging in with a provided username, using a
true statement to check whether the database is vulnerable to sql injection (‘or 1=1--) and
viewing a source code by capturing specific packets. This activity helped us use the WEBGOAT
application to bypass security measures and access the required information. After successfully
capturing source code, this task enabled us to use sqlmap to inject a new user into the system.
Ethical Homework 3
The tasks in this module included scanning the Internet Message Access Protocol
(IMAP), scanning mysql versions running on different host machines, scanning User datagram
protocol sweep, telnet version, and cert. Through these activities, IMAP, a simple banner
grabber for IMAP servers that is configured by running the RHOSTs and RTHREADS values
was scanned using the OWASP Broken Web Applications Project. This started by launching the
Metaspoilt application (application that helps find system security issues, verify vulnerabilities,
mitigations and manage security assessments) by running the myfconsole command. The set
RHOSTS command was run to the IP of the OWASB BWA machine to make it the host. Upon
successful completion of the task, the IMAP scan against the OWASP BWA machine was a
successful banner grab.
The activities in this module also helped us learn how to scan a network and determine
the MySQL version that a database is running on. The mysql_version command was used in this
case to scan a range of hosts to determine the version in question. The results indicated that the
OWASP BWA was not running any MySQL database. The udp_sweep scan was used to help
identify commonly available UDP services. The telnet_version was used to successfully scan the
subnet and finger print operational telnet servers. Finally, the tests in this module allowed the
team to cover a subnet and check whether server certificates are expired or not.
Blind SQL injection doesn’t provide direct query outputs on the page. We, therefore,
provided the database with a series of true and false questions to determine the solutions
considering that we had to extract 32 characters within a limit of 128. Since we were required to
extract an MD5 hash, and to make our option more viable, we ignored some printable characters
because hexadecimals are characterized by limited charset of 16 characters. ASCII characters
can be represented by 8 bits. Using 1 as a TRUE and 0 as FALSE required 8 queries to extract a
The tasks in this module included scanning the Internet Message Access Protocol
(IMAP), scanning mysql versions running on different host machines, scanning User datagram
protocol sweep, telnet version, and cert. Through these activities, IMAP, a simple banner
grabber for IMAP servers that is configured by running the RHOSTs and RTHREADS values
was scanned using the OWASP Broken Web Applications Project. This started by launching the
Metaspoilt application (application that helps find system security issues, verify vulnerabilities,
mitigations and manage security assessments) by running the myfconsole command. The set
RHOSTS command was run to the IP of the OWASB BWA machine to make it the host. Upon
successful completion of the task, the IMAP scan against the OWASP BWA machine was a
successful banner grab.
The activities in this module also helped us learn how to scan a network and determine
the MySQL version that a database is running on. The mysql_version command was used in this
case to scan a range of hosts to determine the version in question. The results indicated that the
OWASP BWA was not running any MySQL database. The udp_sweep scan was used to help
identify commonly available UDP services. The telnet_version was used to successfully scan the
subnet and finger print operational telnet servers. Finally, the tests in this module allowed the
team to cover a subnet and check whether server certificates are expired or not.
Blind SQL injection doesn’t provide direct query outputs on the page. We, therefore,
provided the database with a series of true and false questions to determine the solutions
considering that we had to extract 32 characters within a limit of 128. Since we were required to
extract an MD5 hash, and to make our option more viable, we ignored some printable characters
because hexadecimals are characterized by limited charset of 16 characters. ASCII characters
can be represented by 8 bits. Using 1 as a TRUE and 0 as FALSE required 8 queries to extract a
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Ethical Hacking: Introduction, Pen Testing Approach, Results and Findingslg...
|7
|1139
|93
Network Vulnerability And Penetration Testing Assignmentlg...
|6
|1145
|23
Analysis of Security Vulnerability of WidgetsInc Virtual Machine Imagelg...
|23
|3636
|97
Ethical Hacking & Countermeasures Report 2022lg...
|25
|3747
|46
Computer Securitylg...
|18
|3268
|86
Reflective Critical Analysis | Web Application Securitylg...
|5
|1203
|10