CSI5208 Ethical Hacking And Defense Oz Assignment

CSI5208 Ethical Hacking And Defense Oz Assignment

CSI5208 Ethical Hacking And Defense Oz Assignment

Project Description

Main objective of this project is to make the report for ethical hacking and defence with the given case study. The area cover in this report includes as follows- The user requires to penetrate the given system and achieve the root level privileges. Generally, this project is divided into five flags, where the first flag needs to examine the content of the web server, to determine the username and password for the admin. The flag is required to know about the web shells. The third flags require to crack the password. The fourth flags require determining the user entered the wrong password on the system, where the TCP port scanner is used. The fifth flag is required to learn the basic escalation of Linux privilege. It also defines the research methodology and testing of the log.

Defined methodology and Log Testing

Here, the user quires to install the Virtual machine and also installs the provided case study on the virtual machine. This process is demonstrated below ("An Introduction to Web-shells | Acunetix", 2018).

 Flag 1- Web Server

Generally, the web server needs to store the contents in a specific HTML reports which is related to web server resources such as textual styles, pictures, recordings, java scripts documents and CSS templates. These documents are saved exclusively in the PC, anyway it's unquestionably useful to store them all on a submitted web server that is reliably running continuously when connected with the Internet, then it has comparative IP address continually and is stored by an untouchable provider ("Basic Linux Privilege Escalation", 2018).

 Flag 2- Web Shells

A web-shell is a noxious substance used by an aggressor with the reason to uplift and keep up steady access on a starting negotiated web application. Web-shells can't strike or experience remote incapability, so it is constantly the second step of a trap. The attacker can abuse the general vulnerabilities. The best example is, SQL implantation, RFI, FTP, or even use XSS as a part of a social planning strike with a particular true objective to exchange the malignant substance. The typical handiness fuses it, anyway it isn't limited to web shell execution, database tally, code execution, and record organization (Bock, 2016).

Zombie

Another use of web-shells is to make servers part of a botnet. A botnet is an arrangement of exchanged off systems that an aggressor would control, either to use themselves, or to lease to various guilty parties. The web-shell or aberrant access is related with a C&C server from which it can take bearings on what rules to execute. This setup is typically used in DDoS attacks, which require clearing proportions of transmission limit. For this circumstance, the aggressor does not have any eagerness for harming, or taking anything off-of the structure whereupon the web shell was passed on. Or maybe, they will fundamentally use its advantages for at whatever point is required.

Propelling and Pivoting Attacks

A web-shell can be used for pivoting inside or outside the framework. The attacker should need to screen the framework development on the structure, check the internal framework to discover live has, and list firewalls and switches inside the framework. This methodology can take days, even months, commonly in light of the way that an assailant regularly attempts to remain under the radar, and draw negligible proportion of thought possible. Once an attacker has decided access, they can serenely make their moves. The exchanged off structure can in like manner be used to strike or scope centers around that stay outside the framework ("Circumventing authentication of a webshell", 2018).

Consistent Remote Access

A web-shell generally contains an indirect access which empowers an attacker to remotely get to and possibly, control a server at whatever point. This would save the assailant the trouble of manhandling a weakness each time access to the exchanged off server is required. An attacker may similarly settle the shortcoming themselves, remembering the ultimate objective to ensure that no one else will mishandle that frailty. In this way, the aggressor can remain under the radar and avoid any coordinated effort with an executive, while so far getting a comparative result.

Flag 3- Crack Password

Exactly when a webpage is hacked, the assailant routinely leaves an auxiliary section or web shell to have the ability to successfully get to the website later on. These are frequently confused to avoid recognizable proof and need confirmation so simply the attacker can get to the site. In this post, I am going to deobfuscate a web shell and show how the affirmation can be evaded when you have the source code yet not the mystery word (Engebretson, 2013).

Deobfuscating the web shell

The preg_replace has three disputes, the regex, the substitution and the subject. Since the regex has the e modifier, it will evaluate anything in the substitution as PHP code. This refers to going with the code ("What are web shells – Tutorial", 2018)

Physically changing over this string would be a touch of work, so we let PHP do it:

Bypassing check

The $auth_pass in the main code starting suggested where, there would be an approval on the web shell. The course of action of $auth_pass, 32 hexadecimal characters, suggest that it is a MD5 of the plaintext mystery word. As the wellspring of the web shell is present, it is possible to carry out the following (Ethical hacking and countermeasures, 2017):

Updates

Split a few passwords,

Hash Password

64a113a4ccc22cffb9d2f75b8c19e333 cmonqwe123#@!

9e4bf26d87b7e8b6b66b0a2305f67184 lex1312

Flag 4- TCP port scanner – NMAP

Port checking is a technique used to perceive if a port on the target is either open or closed; the port can be open when there is an organization that utilizes a specific port to talk with various systems. This is the inspiration driving why when a port is open it is possible to over the long haul perceive what kind of organization behaviour uses it by sending phenomenally made packages to the target. When we know the target IP address we can dispatch the port checking ambush. Obviously, when no decision is picked, Nmap runs a TCP SYN Scan generally called Stealth Scan ("Port Scanning with Nmap", 2018).

To measure this kind of scope it has a tendency to be useful to restore the TCP 3-way handshake speculation which addresses the way in which a TCP affiliation starts:

Regardless of whether this kind of output is the default one, the "- sS" parameter we can be used to set it up the pursued with the objective’s IP address ("TCP Port Scan with Nmap | Pentest-Tools.com", 2018)

Flag 5- Privilege

In the fifth flag, the basic Linux privilege escalation such as Operating System, Applications & Services, Communications & Networking, Confidential Information & Users, File Systems and Preparation & Finding Exploit Code are learnt ("UDP Port Scan with Nmap | Pentest-Tools.com", 2018).

Result

The primary objective of this project is to make the report for ethical hacking and defence with the given case study. Here, user requires to penetrate the given system analysis and achieve the root level privileges. Generally, this project is divided into five flags. From the discussion it is observed that, the first flag needs to examine the content of the web server, to determine the username and password for the admin. The flag is required to know about the web shells. The third flags requires to crack the password. The fourth flags requires determining the user entered the wrong password on the system, where the TCP port scanner is used. The fifth flag is required to learn the basic escalation of Linux privilege. In future, we can crack the password by using the ncrack tool, because this tool provides effective password cracking facility.

References

1. An Introduction to Web-shells | Acunetix. (2018). Retrieved from https://www.acunetix.com/websitesecurity/introduction-web-shells/
2. Basic Linux Privilege Escalation. (2018). Retrieved from https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
3. Bock, L. (2016). Ethical Hacking: Overview. [Carpinteria, Calif.]: Lynda.com.
4. Cengage Learning. (2017). Ethical hacking and countermeasures. Boston, MA.
5. Circumventing authentication of a webshell. (2018). Retrieved from https://www.sjoerdlangkemper.nl/2016/02/04/circumventing-authentication-of-a-webshell/
6. Engebretson, P. (2013). The basics of hacking and penetration testing. Waltham, MA: Syngress/Elsevier.
7. Port Scanning with Nmap. (2018). Retrieved from https://spreadsecurity.github.io/2016/10/23/port-scanning-with-nmap.html
8. TCP Port Scan with Nmap | Pentest-Tools.com. (2018). Retrieved from https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap
9. UDP Port Scan with Nmap | Pentest-Tools.com. (2018). Retrieved from https://pentest-tools.com/network-vulnerability-scanning/udp-port-scanner-online-nmap
10. What are web shells – Tutorial. (2018). Retrieved from https://www.binarytides.com/web-shells-tutoria