Delivery in day(s): 4
CSI5208 Ethical Hacking And Defense Assignment
The main Objective of this project report is to make the ethical hacking and defence of the root level privileges. The reports it include as the follow of area is cover by the user requires to the infiltrate to the given system to achieve the root level privileges in the given case study. Usually, this projects is divided in the five types of flags, where first step of the flag is define survey can be process on content of the web server, The admin pages of the webserver that contains the username and password of the root level privileges(Anthony J. Masys., 2015). The third flag is determine the password cracking is the process of attempting to gain unauthorized access to restricted systems using the common passwords. The password cracking is the techniques to achieve to involve either comparing passwords against word of the algorithms can used to generate the passwords. In the fourth flags is examine to determine the admin page the user can enter the wrong password on the information system that we can used the TCP scanner. The fifth flag is required to learn the basics of the escalation of Linux privilege. The ethical hacking and defence that can follows the some methodology and log of the testing on the web server.
Defined methodology and LogTesting
The log testing of the user quires that can install the virtual machine and once install the successfully after then process of the ethical hacking of the webserver can be used. The action demonstrated is given below ("An Introduction to Web-shells | Acunetix", 2018).
Flag 1- Web Server
Generally, the web server needs to store the contents in a specific HTML reports which is related to web server resources such as textual styles, pictures, recordings, java scripts documents and CSS templates. The web users can then establish their authenticated, encrypted channels with a trusted co-server, which then can act as a trusted third party in the browser-server interaction(Conway & Cordingley, 2015). If the data is send across a network in clear text, an attacker can capture the data packets and use a sniffer to read the data but the data is not secure of the webserver("Basic Linux Privilege Escalation", 2018). You must perform checks on the web server for vulnerabilities, misconfigurations, unpatched security flaws, and improper authentication with external systems ("Privilege Escalation - Linux · pentestbook", 2018).
Flag 2-Web Shells
It should be ensured that the web shells are never overlooked in the cybercrime perspective. Moreover, never try to attract the attention of both phishing and malware.
The installation could be performed in various methods and some of the standard techniques are mentioned below:
1. In the software of the server, exploit the vulnerability.
2. Getadministrator portal’s access.
3. Take benefit of host which is configured inappropriately.
The web shell of the aggressor that can used by substance of noxious in which the reason of steady access on a starting negotiated web application. The second steps of the trap of the web shells cannot be the incapability of remote experience of the web server. The general vulnerabilities of the attacker that can used for the example of SQL implantation, RFI, FTP, or even used for XSS to used objective exchange of the planning strike in the execution of the web shells, tally of database, code of execution and finally record organization. Infected web servers can be either Internet facing or internal to the network, where the web shell is used to pivot further to internal hosts.
The server of the web shells that can make the part of botnet. A botnet of the system is exchanging and arrangement of the aggressor control to use for the lease in the web server guilty parties(Gupta & Anand, 2016). To execute the web shell to using the C&C server of the access used for DDoS attacks proportions of the clearing limits of transmission.
Consistent Remote Access
The empower of the web-shell that access to generally contains the attacker to remotely get to and possibly, viewpoint on the server. The remote access that can effectively ensure of the sensitive resources be they located on the authentication platforms of the fully automated workflows, and broad range of from factors and the authentication methods that can be deployed side by side expectations of the assurance levels of the web server configuration(ROWLEY, 2016). To keep sensitive data safe while simultaneously enabling workers, organizations need to deploy secure remote access solutions of the comparative result.
Flag 3- Crack Password
The purpose of password cracking might be to help a user recover a forgotten password (installing an entirely new password is less of a security risk, but it involves System Administration privileges), to gain unauthorized access to a system, or as a preventive measure by system administrators to check for easily crack able passwords. On a file-by-file basis, password cracking is utilized to gain access to digital business evidence for which a judge has allowed access but the particular file's access is will be found in any cracking dictionary.
Deobfuscating the web shell
The preg_repace that can used for the regex, and disputes of the subject. That can modifier and evaluating the process of PHP code. There are follows and refer with the code of the webserver’s(Prodromou, 2017):
Physically changing over this string would be a touch of work, so we let PHP do it:
The $auth_pass in the main code starting suggested where, there would be an approval on the web shell. The course of action of $auth_pass, 32 hexadecimal characters, suggest that it is a MD5 of the plaintext mystery word. As the wellspring of the web shell is present, it is possible to carry out the following(Ethical Hacking and Countermeasures + Hands-on Ethical Hacking and Network Defense, 3rd Ed, 2016):
Flag 4 –NMAP TCP port scanner
There are several types of scans which are just allowed for the users who are privileged, as they usually send and receive the raw packets that needs root access on the Unix systems("A Quick Port Scanning Tutorial", 2018). On Windows, it is suggested to use the administrator account despite Nmap works for the users who has no priviledge and this can happen at times on the platform where Npcap already is loaded into the Operating System. Today, the computers can be purchased at reasonable cost but it was not same during 1997. Moreover, the use of internet has increased drastically and also has become a basic need, which allows people to have direct Internet access and utilize the Unix desktop systems (which has Linux as well as Mac OS X) as prevalent. The Nmap’s Windows version is currently available, which lets to run on all the desktops. Due to these reasons, the users contain low level requirement for running the Nmap from the limited shared shell accounts. It can be stated as lucky because the privileged options gives high power and flexibility for Nmap("Open Port Scanning and OS Detection with Nmap in Kali Linux", 2015).
The TCP port techniques that can be used for the web interface for the well-known Nmap, which is executed with the proper parameters in order to provide speed and accuracy. The scanning is done by sending packets to each port and listening for replies. The utilized scanning technique is called the "SYN scan" packets to each port. Fortunately, Nmap can help inventory UDP ports. UDP scan is activated with the -sU option. It can be combined with a TCP scan type such as SYN scan (-sS) to check both protocols during the same run. UDP scan works by sending a UDP packet to every targeted port of IP address.("Port Scanning with Nmap", 2018).The objective’s IP address Regardless of whether this kind of output is the default one, the "- sS" parameter we can be used to set it up the pursued with the Nmap server.
Flag 5- Privilege
The Operating system of the Linux privilege that can be used to the various types of web server likewise Networking and communications, users & Confidential Information, Services & Applications, Finding Exploit code are learnt & preparation of the file system.
The idea of testing the security of a system by trying to break into it is not new. The structure of the framework can be individual is testing his or her skill at martial arts by sparring with a partner, evaluation by testing under attack from the web server(Simpson, 2016). Use every possible security measures like Honey pots, Intrusion Detection Systems, Firewalls etc. Every time make our password strong by making it harder and longer to be cracked. The final and foremost thing should be to try ethical hacking and defence at regular intervals. Now we can see what we can do against hacking or to protect ourselves from hacking. From the discussion it is observed that, the first flag needs to examine the content of the web server, to determine the username and password for the admin. The flag is required to know about the web shells. The third flags requires to crack the password. The Linux privileges, we can crack the password by using the crack tool, because this tool provides effective password cracking facility.
1. A Quick Port Scanning Tutorial. (2018). Retrieved from https://nmap.org/book/port-scanning-tutorial.html
2. An Introduction to Web-shells | Acunetix. (2018). Retrieved from https://www.acunetix.com/websitesecurity/introduction-web-shells/
3. Anthony J. Massy. (2015). Networks and Network Technology Analysis for Defence and Security. Berlin: Springer
4. International Publishing.Basic Linux Privilege Escalation. (2018). Retrieved from https://marcostolosa.github.io/basic-linux-privescal.html
5. Cengage Learning Ptr. (2016). Ethical Hacking and Countermeasures + Hands-on Ethical Hacking and Network Defense, 3rd Ed.
6. Cengage Learning Ptr. (2016). Ethical Hacking and Countermeasures + Hands-on Ethical Hacking and Network Defense, 3rd Ed.
7. Conway, R., & Cordingley, J. (2015). Code hacking. Hingham, Mass.: Charles River Media.
8. Engebretson, P. (2013). The basics of hacking and penetration testing. Waltham, MA: Syngress/Elsevier.
9. Gupta, A., & Anand, A. (2016). Ethical Hacking and Hacking Attacks. International Journal Of Engineering And Computer Science. doi: 10.18535/ijecs/v6i4.42
10. Open Port Scanning and OS Detection with Nmap in Kali Linux. (2015). Retrieved from https://www.hackingtutorials.org/scanning-tutorials/port-scanning-and-os-detection-with-nmap/
11. Privilege Escalation - Linux · pentestbook. (2018). Retrieved from https://chryzsh.gitbooks.io/pentestbook/privilege_escalation_-_linux.html
12. Prodromou, A. (2017). An Introduction to Web-Shells, Part 1. Retrieved from https://dzone.com/articles/an-introduction-to-web-shells-part-1
13. ROWLEY, C. (2016). ZOMBIE. [S.l.]: ARCHWAY PUBLISHING.
14. Simpson, M. (2016). Hands-on ethical hacking and network defense. [Place of publication not identified]: Cengage Learning