Csi5208 The Methodology During Hacking Assessment Answers

You are to infiltrate the provided system and attain root level privileges. Additionally there are five flags, these flags are represented as values and are awarded at each point of system compromise. Look for them in home directories, web pages etc.

You are to write a report outlining each test / attack run against the system and the result. You must follow a process, which should be defined prior to the commencement of testing. Your report should include the flags as well as any credentials you uncover as part of your hacking endeavours.

Note: You must compromise the system over the network, local, physical or other attacks requiring direct interaction with the target system are not valid for the purposes of the assignment.

Today’s world of business and technology has been constantly demanding high security, so the organizations find it compulsory to hire the ethical hackers to secure their network and their systems connected over the internet. Hiring ethical hackers has become compulsory, due to the existence of the illegal hackers who misuse the information of the victims and cause serious threats by selling the confidential information to the third party. Here, the report tries to present the outcomes of the tests and the attacks which are against the system. The user also presents the basic TCP port scanner as well as the password cracker that is necessary for the respective case study. 

The objective to meet are clear i.e., the user has to infiltrate the provided system and also has to get the privileges of the root level. The other objective is to show the values of the five flags with their compromises. However, the report targets to outline each of the tests and attacks which run against the system, including their results. Further, the representation of basic TCP port scanner as well as the password cracker for the case study will take place.

This part of the report gives a brief about the methodology that might suit this project and support the processes to be conducted. The below listed steps are the common steps that are necessary to be considered, they are:

• Investigating steps for effectively finishing ethical hacking.
• Collecting information with respect to the case study, using internet.
• Scanning the network.
• Vulnerabilities searching.

The methodology section is a critical thing, as the best suitable methodology can help to meet the set goals or objectives.  It is always important to learn the necessary basics related to the methodology to be implemented, for ethical hacking. Moreover, learning such basics must be considered as the primary step. Moreover, it saves efforts, time and money. Then, the techniques which will be implemented must be considered as the next important thing to learn. Because, the technique has a specific process which will provide guidelines during hacking and will ensure to reach the targeted goal.

For selecting the methodology it is necessary to know the attack's anatomy, such as:

1. Reconnaissance,
2. Port scanning
3. Trying to gain access.
4. Maintain access
5. Covering the tracks.

The scope of ethical hacking process involves:

1. Testing particular systems.
2. Identifying the risks.
3. Preparing schedule and timeline for testing.
4. Collecting and exploring knowledge related to the systems that are tested earlier.
5. After discovering the vulnerability, what has to be done?
6. Providing the deliverables, such as security assessment report and outlining the identified vulnerabilities.

For this methodology, it is essential to begin with the installation of the virtual machine.  

Today people live in the security era and here it is necessary to secure all their belongings based on various security locks, which are distinctive for the security of the systems. People indiscreetly leave their data and virtual products open where anyone can access it and this can be a serious threat. The condition of security on the web is terrible and deteriorating.

The response to such a situation is named as Ethical Hacking, as it tries to build security insurance with the identification and fixing called as system’s security vulnerabilities which are possessed by third party. Ethical hacking is an evaluation to test and check IT environment for conceivable powerless connections and vulnerabilities. On the other hand, it depicts the way towards hacking a system based on ethical terms and good intension. However, it is possible for the hackers to utilize the hacked system for later use (Lakshmi S & Basarkod, 2015).

After hacking, the hackers do the following:

• They patch the security hole, where the other hackers won’t be able to intrude.
• They clear the logs and then hide themselves.
• They start installation of rootkit or the backdoor.

The hacker utilizes the SQL script injection for accessing the data from the web application, and the web server is served as a means to display the web content. The content is displayed based on the user requests. This works as follows- if the user uses the URL for request, the user’s request is accepted and is sent to the internet, then it searches the web page and provides to the user.

Here, the DNS (Domain Name Server) supports a lot, as it plays the role of converting the given URL into IP address, which in return directs to the requested web server. The establishment of communication with different severs over the internet is the purpose here. It is the fact that the web server has the capacity to withstand different types of attacks such as, Directory Traversal, DOS attack, Website Defacement, Phishing Attack and Misconfiguration attacks. Flag 1 output is shown below.

The web shells signifies the backdoor or the Remote Access Trojan (RAT). This means that the attacker could have interaction with the web server. The other important thing to know about the web shells is that it varies in terms of size i.e., it can have few bytes or thousands bytes of file or image ("Understanding web shells", n.d.).

On the web server, the web shell could be placed in various ways as follows:

1. While exploiting the vulnerable web application
2. While exploiting file uploading.
3. While exploiting poor or the misconfigured web server
4. With the help of the compromised user.

• Constant Remote Access

The web shell's points of interest are clarified in this part. In general, the web shells could be used for acquiring the entrance which is unapproved and this could even direct to have involve with the vast system. In such a circumstance, the attacker may be left vulnerable while attempting to get to the fundamental server. The attackers will not stop here at any cost, instead they will make efforts to get the access and enter in to the system or a network. Nonetheless, it is necessitated that, the attackers must be in a radar state to be sheltered, while experimenting with their endeavors and to show signs of improvement results.

The prominently known web shells utilize the mystery password approval, to guarantee that the attacker is exchanging the methodologies of web shell. Certain parts of the web-shell has peculiar access and it enables the attackers to remotely gain access and power the server, as and when required. There exists certain web shells which utilizes the mystery key approval and different methodologies. Comparative techniques help to redo the HTTP header, particularly the qualities and the IP addresses are dealt well. The web shells contain code which can recognize the code and square web files. Subsequently, it brings about dismissing the server, which has the office of web application.

• Pivoting Attack’s Launch

The penetration test is mainly used to pivot as and when needed, for getting through the system, to get access of the system and this continues with the rest of the system so as to continue framework’s pivoting test. This report describes five basic tests that supports to examine the access of pivoting to forward the Net cat relays, SSH local port forwarding, SSH local port, bad proxy HTTP of the relatively difficult and for following the attack back to its source.

• Privilege Escalations

Based on the permission of the user, the web shell will run unless there is misconfigured server with certain limitations. With the usage of web-shell, the attackers attempt to play out the benefit acceleration assaults where the framework's nearby vulnerabilities are misused with the presumption of the root benefits. Whereas, in the Linux and the other UNIX-based OS has the 'super-client'. In the event that the attackers have the entrance of the root account, they could do anything to harm the framework of an individual. For example, programming establishment, authorization changes, getting to and perusing the messages, secret key burglary, expansion and expulsion of clients and so on (Engebretson, 2011).

• Zombie

If the attackers has no interest of stealing or harming the data present in the system, then it means that the web shell deployment has taken place. Instead, the attacker will use the necessary resources whenever required. The web server has a strong connection with internet, and this is where the zombie can be injected and is compromised with the hacker. Flag 2 output is shown below.

The passwords can be cracked with the help of the below listed methods ("Password Cracking", 2018):

• Rainbow Tables
• Dictionary Attacks
• Brute Force
• Guessing
• Salting technique
• Benchmarking

The strength of the password is very important for security purpose. Hence, the password should be strong and unique, in case a matching password is identified from the database of the secret password cracking system, the password will be cracked ("Password Cracking Hacking Tools - Recommended Hacker Tools 2017", 2018).

Open the Hashcat by using the below steps.Open the help screen by clicking on the hashcat menu item.Basic hashcat syntax is represented below.

Step 2 Additional Extensive Options

The hashcat supports the rules which actually allows us to implement the exclusively designed rules, for implementing on our system’s wordlist file.

Hashcat can work with the following hash types.

Step 3 Wordlist selection

In Kali system, the built-in wordlists can be found when the following is typed:

Step 4 Grabbing Hashes

There is a place where the storage of hashes is present.

The location is as follows: /etc/shadow file.

Thus, type the following,

File can be opened when the following is typed:

Step 5 Crack the Hashes

Here, it is required to segregate the hashes in separate file which is here named as, hash.lst.Then, type the following, for ensuring whether they are copied or 

It is observed that, the scanning tools help to complete the ethical hacking process. Basically, the scanning tool sends a message which requests to open the connection with a system, on a specific port ("4.2 TCP Port Scanning", 2018).

Some of the port scanners are listed below:

• Nmap
• Angry IP Scanner
• Superscan
• Nikto
• Autoscan
• Unicornscan

Among the above mentioned port scanners, Nmap is selected for this project. Because, Nmap tool is the popular web interface that helps in executing the appropriate parameters in order to increase speed as well as the accuracy of the system or the network. Here, the TCP port scanner is used to scan all the ports, which sends the packets and hears the replies for completing scanning the ports. The SYN scan is used for this purpose, which sends address of the ports to the TCP SYN packet ("Port Scanning Techniques", 2018). The Nmap is supported by the inventory UDP ports ("4.2 TCP Port Scanning", 2018).

TCP Three Way Handshake

The TCP three-way handshake stands for, Transmission Control Protocol where additionally it is also called as the TCP-handshake; three message handshake or potentially SYN-SYN-ACK. It is a strategy which the TCP utilizes to set up the TCP/IP connection across the Internet Protocol based network. The TCP three way handshaking is a strategy which is frequently referred to, "SYN-SYN-ACK" as three messages i.e., SYN, SYN-ACK, ACK which TCP transmits and starts the session of TCP among a couple of PCs.

The TCP handshaking system is composed with a goal, which states that two PCs endeavor to impart could arrange the parameters of the network TCP socket connection prior to information transmitting. The best example includes, SSH and HTTP internet browser demands. This TCP three way handshake process is additionally composed so that the two closures can start and arrange separate TCP socket connection. Having the capacity to arrange various TCP attachment associations in the two headings in the meantime permits a solitary physical network interface, for example, ethernet, to be multiplexed to exchange different surges of TCP information at the same time.

TCP Scan 

The TCP scanning follows the below mentioned actions ("4.2 TCP Port Scanning", 2018):

• Open port: The user named as A will send SYN to the server named as B, then the server B with react to SYN-ACK;
• Closed port: The user named as A will send SYN to the server named as B and then server B reacts with RST-ACK (Reset-Acknowledgment);
• Filtered port: The user named as A will send SYN to the server named as B, but no reaction will be found or no ICMP port inaccessible blunder message will be received.

By typing the below command on terminal to open NMAP on kali Linux As shown in the below screenshot, the help screen will be displayed as a result of the above step.The below mentioned screenshot denotes the results, which displays each TCP port which is open on the target machine. Moreover, it also displays the port’s default service.

The below mentioned list demonstrates the areas learnt from the basic Linux privilege:

1. Application and service
2. Operating System (OS)

• Communication

1. File system
2. Computer networking
3. Preparing and identifying the exploit code.

• Confidential information

When the above mentioned lessons are applied in the organization, it contains high benefits for the organization. Thus it is necessary that an individual must have knowledge of these privileges.

Conclusion

The modern day businesses have started demanding high security, and the advanced technology has a crucial role to provide the required system and network security. Thus, the ethical hackers are hired by the organizations for securing their network and their systems which are connected over the internet. Because, the number of illegal hackers is increasing, who actually misuse the confidential or personal information of the victims and cause serious threats by selling the confidential information to the third party. Here, the report has tried to show the test and the attacks’ results that are against the system.

Followed by the basic TCP port scanner, including the case study’s password cracker are discussed. The objectives are met. It is already stated that the user has to infiltrate the provided system and also has to get the privileges of the root level. The other objective shows the values of the five flags with their compromises. At last, the report targets to outline each of the tests and attacks which run against the system, including their results. Further, the representation of basic TCP port scanner as well as the password cracker for the case study will take place.

Reference

4.2 TCP Port Scanning. (2018). 

Engebretson, P. (2011). The Basics of Hacking and Penetration Testing. Network Security, 2011(12), 4. doi: 10.1016/s1353-4858(11)70127-1

Lakshmi S, C., & Basarkod, P. (2015). Basics Of Ethical Hacking. International Journal Of Engineering Sciences & Emerging Technologies, 7(4).

Loshin, P. (2018). What is MD5?.

md5 - The Go Programming Language. (2018).

Password Cracking Hacking Tools - Recommended Hacker Tools 2017. (2018).

Password Cracking. (2018). 

Port Scanning Techniques. (2018). 

Understanding web shells. Fidelis Cyber Security.