Main objective of this project is to make the report for ethical hacking and defence with the given case study. The area cover in this report includes as follows- The user requires to penetrate the given system and achieve the root level privileges. Generally, this project is divided into five flags, where the first flag needs to examine the content of the web server, to determine the username and password for the admin. The flag is required to know about the web shells. The third flagsrequires to crack the password. The fourth flags requires determining the user entered the wrong password on the system, where the TCP port scanner is used. The fifth flag is required to learn the basic escalation of Linux privilege. It also defines the methodology and testing of the log.
Here, the user quires to install the Virtual machine and also installs the provided case study on the virtual machine. This process is demonstrated below(“An Introduction to Web-shells | Acunetix”, 2018).
Generally, the web server needs to store the contents in a specific HTML reports which is related to web server resources such as textual styles, pictures, recordings, java scripts documents and CSS templates. These documents are saved exclusively in the PC, anyway it’s unquestionably useful to store them all on a submitted web server that is reliably running continuously when connected with the Internet, and then it has comparative IP address continually and is stored by an untouchable provider(“Basic Linux Privilege Escalation”, 2018).
In cybercrime, the web shells are generally the neglected factor and it doesn’t grasp the attention level of phishing or malware. But, the web shells that are effectively engineered are now delivering highly presentable andrefined toolkits for various crimes, along with the facilities to crack the password, DDoSelevating the privileges,phishing, then the investigation of network and spamming, which is not only offered by the web based user interface, but it also accepts the commands for the botnet. With just a click, various shells provide botnet creation, which launches the standalone processes that either establish connection with the command and control server or by insecure TCP connectionit listen to the commands.For finding potentially exploitable services, some let to perform the port scan, whereas others let the fraudsters to schedule the DoS (denial of service) attacks. There exists shells which are committed to sendbulk spam emails, then they test the credentials that are stolen against the famous websites (For example, PayPal, Amazon and so on.), password cracking and defacing the websitesautomatically. Where so many powerful features exists, it is unsurprising that how the web shells that are famous are involved with the cyber criminals.A web-shell is a noxious substance used by an aggressor with the reason to uplift and keep up steady access on a starting negotiated web application. Web-shells can’t strike or experience remote incapability, so it is constantly the second step of atrap. The attacker can abuse the general vulnerabilities (Bock, 2016).
Zombie
The web-shell or aberrant access is related with a C&C server from which it can take bearings on what rules to execute. This setup is typically used in DDoS attacks, which require clearing proportions of transmission limit. For this circumstance, the aggressor does not have any eagerness for harming, or taking anything off-of the structure whereupon the web shell was passed on. Or maybe, they will fundamentally use its advantages for at whatever point is required (Cengage Learning, 2017).
Propelling and Pivoting Attacks
A web-shell can be used for pivoting inside or outside the framework. The attacker should need to screen the framework development on the structure, check the internal framework to discover live has, and list firewalls and switches inside the framework. This methodology can take days, even months, commonly in light of the way that an assailant regularly attempts to remain under the radar, and draw negligible proportion of thought possible. Once an attacker has decided access, they can serenely make their moves (“Circumventing authentication of a webshell”, 2018).
Consistent Remote Access
A web-shell generally contains anindirect access which empowers an attacker to remotely get to and possibly, control a server at whatever point. This would save the assailant the trouble of manhandling a weakness each time access to the exchanged off server is required. An attacker may similarly settle the shortcoming themselves, remembering the ultimate objective to ensure that no one else will mishandle that frailty. In this way, the aggressor can remain under the radar and avoid any coordinated effort with an executive, while so far getting a comparative result.
Escalation of Privileges
Until the server is misconfigured, the web-shell keeps running the web server, with the permission of the user that are limited. With the help of the web-shell, the attacker could possibly try to conduct privilege escalation attacks,where the system is exploited with local vulnerabilities for assuming it as the root privileges, which in Linux and other UNIX-based operating systems, refers to ‘super-user.’
By accessing the root account, the attacker could do anything in the system. It can include installation of the software, the attacker could even change the permissions, then he/ she could even add or remove the users, passwords could be stolen, the emails could be read and so on.
Exactly when a webpage is hacked, the assailant routinely leaves an auxiliary section or web shell to have the ability to successfully get to the website later on. These are frequently confused to avoid recognizable proof, and need confirmation so simply the attacker can get to the site. In this post I am going to deobfuscate a web shell and show how the affirmation can be evaded when you have the source code yet not the mystery word(Engebretson, 2013).
Deobfuscating the web shell
The preg_replace has three disputes, the regex, the substitution and the subject. Since the regex has the e modifier, it will evaluate anything in the substitution as PHP code. This refers to going with the code(“What are web shells – Tutorial”, 2018):
Physically changing over this string would be a touch of work, so we let PHP do it:
Bypassing check
The $auth_pass in the main code starting suggested where, there would be an approval on the web shell. The course of action of $auth_pass, 32 hexadecimal characters, suggest that it is a MD5 of the plaintext mystery word. As the wellspring of the web shell is present, it is possible to carry out the following(Ethical hacking and countermeasures, 2017):
Updates
Split a few passwords,
Hash Password
64a113a4ccc22cffb9d2f75b8c19e333 cmonqwe123#@!
9e4bf26d87b7e8b6b66b0a2305f67184 lex1312
Port checking is a technique used to perceive if a port on the target is either open or closed; the port can be open when there is an organization that utilizesa specific port to talk with various systems. This is the inspiration driving whywhen a port is open it is possible to over the long haul perceive what kind of organization uses it by sending phenomenally made packages to the target. When we know the target IP address we can dispatch the port checking ambush. Obviously,when no decision is picked, Nmap runs a TCP SYN Scan generally called Stealth Scan(“Port Scanning with Nmap”, 2018).Regardless of whether this kind of scan is the default one, the “- sS” parameter we can be used to set it up the pursued with the objective’s IP address (“TCP Port Scan with Nmap | Pentest-Tools.com”, 2018):
TCP connect scan is the default TCP filter compose when SYN examine isn’t a choice. This is the situation when a client does not have simple packet benefits. Rather than composing simple packets as most other scan composes do, Nmap asks the basic working framework to set up an association with the objective machine and port by issuing the interface framework call. This is a similar abnormal state framework call that internet browsers, P2P customers, and most other system empowered applications use to set up an association. It is a piece of a programming interface known as the Berkeley Sockets API. As opposed to peruse crude bundle reactions off the wire, Nmap utilizes this API to acquire status data on every association endeavour.
In the fifth flag, the basic Linux privilege escalation such as Operating System, Applications & Services, Communications & Networking, Confidential Information & Users, File Systems and Preparation & Finding Exploit Codeare learnt (“UDP Port Scan with Nmap | Pentest-Tools.com”, 2018).
The primary objective of this project is to make the report for ethical hacking and defence with the given case study. Here, user requires to penetrate the given system and achieve the root level privileges. Generally, this project is divided into five flags. From the discussion it is observed that, the first flag effectivelysurvey the web server content, to determine the username and password for the admin. The second flag is required to know about the web shells. The third flag successfully crack the password. The fourth flags successfully determined the user entered the wrong password on the system, where the TCP port scanner is used. The fifth flag is used for learning the basic escalation of Linux privilege. In future, we can crack the password by using the ncrack tool, because this tool provides effective password cracking facility.
References
An Introduction to Web-shells | Acunetix. (2018). Retrieved from https://www.acunetix.com/websitesecurity/introduction-web-shells/
Basic Linux Privilege Escalation. (2018). Retrieved from https://blog.g0tmi1k.com/2011/08/basic-liPropelling and Pivoting Attacks 6). Ethical Hacking: Overview. [Carpinteria, Calif.]: Lynda.com.
Cengage Learning. (2017). Ethical hacking and countermeasures. Boston, MA.
Circumventing authentication of a webshell. (2018). Retrieved from https://www.sjoerdlangkemper.nl/2016/02/04/circumventing-authentication-of-a-webshell/
Engebretson, P. (2013). The basics of hacking and penetration testing. Waltham, MA: Syngress/Elsevier.
Port Scanning with Nmap. (2018). Retrieved from https://spreadsecurity.github.io/2016/10/23/port-scanning-with-nmap.html
TCP Port Scan with Nmap | Pentest-Tools.com. (2018). Retrieved from https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap
UDP Port Scan with Nmap | Pentest-Tools.com. (2018). Retrieved from https://pentest-tools.com/network-vulnerability-scanning/udp-port-scanner-online-nmap
What are web shells – Tutorial. (2018). Retrieved from https://www.binarytides.com/web-shells-tutorial/
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download
