This report projects on ethical hacking. To conduct this study, a case study is provided. To carry out the study, it is necessary that the user gain access to the system that is provided and root level privileges must be attained. The observation of the study represents that there are five flags for this project. These flags are performed with the use of the virtual machine’s case study. All the flags and their requirements will be found in this report. Each flag contains unique characteristics which will be determined in this project report.
Identification of IP Address
Firstly, the web server needs records of the website to store all the HTML reports along with appropriate resources, this could also include the following:
It is also possible that all the above mentioned records could be stored in a PC. It is also a good practice to store the records on a committed web server. Because, it benefits with the following benefits (Cope, 2017):
The web-shell could be referred as a harmful substance that is utilized by the attackers with a reason to improve and save the steady access on a starting negotiated web application(Prodromou, 2016). Web-shells can’t strike or experience remote incapability, so it is constantly the second step of a trap.The general vulnerabilities could be misused by the attacker. An example could be represented as follows, The SQL implantation, RFI, FTP, or even use XSS as a part of a social planning strike with a particular true objective for exchanging the substance that is malicious. The fundamental usefulness rages it, but however it isnot just limited to the execution of the web shell, record organization,database tally and code execution (“Everything You Need To Know About Web Shells”, 2017).
The Web-shells another usage includes makingthe servers part of the botnet. The botnet is defined as an arrangement of exchanged off systems which the attacker might try to control, it can be either for using it for themselves, or to help the other bad parties(“What is a Web shell?”, 2017).
The web-shell could be utilized to revolve internally or externally area of the framework. The attacker has to screen the framework, for development of the structure, then test the internal framework foridentifying any unauthorized access, and provide firewall as well as switches in the framework. This will allow to secure the framework from the hackers (Glia, 2016).
The web-shell generally comprises an access which is probably indirect and it gives the power for the attacker for remotely accessing and controlling the server. The access can be allowed as and when needed by the hacker. This would save the attacker from any kind of complex misusing a weakness each time access to the exchanged off server is required.
If the hacker hacks the webpage, the attacker daily leaves web shell or an auxiliary section forachieving accomplishment to reach the website in future. This leaves the user confused and avoids any kind of proofs which could be recognized, and the attackers require confirmation, so that the attackers can get into the site. This post represents a process to simplify the web shell and shows how the affirmation could be evaded, when there is availability of source code and when the password is missing (Engebretson, 2013).
Deobfuscating the web shell
The preg_replace consists of 3 disputes namely,
As the regex contains an e modifier, it could easily evaluate anything in the substitution as a PHP code. This states that the following code can be utilized(“What is a Web shell?”, 2017):
PHP is used, as physically changing this string might be hard:
The suggested main code is, $auth_pass, this might need approval for the web shell. The course of action of $auth_pass, 32 hexadecimal characters suggest that it is MD5 of the plaintext mystery word. As the wellspring of the web shell is present, the following can be undertaken(Ethical hacking and countermeasures, 2017):
Updates
Split a few passwords,
Hash Password
64a113a4ccc22cffb9d2f75b8c19e333 cmonqwe123#@!
9e4bf26d87b7e8b6b66b0a2305f67184 lex1312
The technique known as Port checking is utilized for perceiving whether the targeted port is open or close. In case the organization which uses a specific port to contact with different systems, the port could be open. It is the inspiration which drives when the port is open, then it is possible to provide service for a long period based on the type of organization it uses, by sending targets with a phenomenally made packages. In case the target IP address is known, then it is possible to dispatch the port checking for the trap. It will be obviously if no decision is selected, then the Nmap runs the TCP SYN Scan which is referred as, Stealth Scan (“Port Scanning Techniques“, 2018).For measuring such a scope it contains the tendency to be beneficial for restoring the TCP 3-way handshake speculation. It is that part which addresses the method the TCP affiliation could start. Irrespective of whether such an outcome is default, “- sS” parameter could be utilized. As, it will help to set up the pursued with the objective’s IP address (“TCP Port Scan with Nmap | Pentest-Tools.com”, 2018):
Due to each reason, the users contains least need for runningNmap from the limited shared shell accounts and it is fortunate enough because the privileged options lets Nmapto becomes highly flexible and powerful. As Nmaptries to generate accurate results, it must be remembered that each ofits insights depend on the returned packets which the target machines send (due to firewalls). Similar hosts cannot be trusted and it transfers the responses that can confuse the Nmap. non-RFC-compliant hosts are the most common ones which probesNmap. The following scans can be susceptible are FIN, NULL, and Xmas scans.Similar problems are particular for certain type of scans.
The most famous and default option for scan includes, SYN scan, which could be conducted instantly, to scan ports which are thousands in number per second on a fast network not hampered by the firewalls which are restrictive. It is linked with unobtrusive and stealthy, because it never finishes the TCP connections. Against any kind of compliant, SYN scan works. It even lets the reliable and clear differentiation among the open, closed, and filtered states.
Such a technique could be referred as the half-open scanning, as the complete TCP connection is not opened. It is possible to send the SYN packet, due to opening the real connection and next it waits for the response. The SYN/ACK denotes the listening of the port (open), when RST (reset) is indicative of non-listener. When no response arrives once various retransmissions, the port will be marked as filtered. The port is also marked filtered if an ICMP unreachable error (type 3, code 0, 1, 2, 3, 9, 10, or 13) is received. When the SYN packet (without the ACK flag) receives the response it is considered that the port is opened. This is because of the feature of TCP which is rare and is called to be simultaneous open /split handshake connection
-sT (TCP connect scan).
The TCP connect scan refers to the default the TCP scan type, in case where the SYN scan isn’t the option. This is the case when a user does not have raw packet privileges. Rather thannwriting the raw packets like how various types of scan perform, the Nmap asks for underlying operating system, for establishing the connection with the target machine and port by issuing the connect system call. TheNmap utilizes API for obtaining the information status on every single try of the connection.
The things learnt related to fundamentals of the Linux privilege escalation are listed below (Feroze, 2018):
Result and Conclusion
The topic ethical hacking is covered effectively, with the help of a provided case study. It is noted that the study can be carried out,when the user gainssystem access along with root level privileges. The cases study’s observation displays five flags for this project. These flags were worked with the use of virtual machine.The First flag is utilized for checking the content of the web server,where the admin’s username and password is identified. The second flag is utilized for learning web shells, then the third flag is utilized for cracking the password and the fourth flag is utilized for finding the user entering the incorrect password intothe system. This process is supported by a tool named, TCP port scanner. At last, the final flag is utilized to gain knowledge of the general Linux privilege escalations.
Therefore, all the flags and their requirements are identified, where each flag represents different characteristics.
References
Cope, S. (2017). Introduction to HTTP : Understanding HTTP Basics. Retrieved from https://www.steves-internet-guide.com/http-basics/
Everything You Need To Know About Web Shells. (2017). Retrieved from https://www.darknet.org.uk/2016/07/everything-need-know-web-shells/
Feroze, R. (2018). A guide to Linux Privilege Escalation. Retrieved from https://payatu.com/guide-linux-privilege-escalation/
Glia. (2016). Web Shells and Backdoors. Retrieved from https://no-sec.net/web-shells-and-backdoors/
Port Scanning Techniques. (2018). Retrieved from https://nmap.org/book/man-port-scanning-techniques.html
Prodromou, A. (2016). Detection and Prevention – An Introduction to Web-Shells – Final Part. Retrieved from https://www.acunetix.com/blog/articles/detection-prevention-introduction-web-shells-part-5/
What is a Web shell?. (2017). Retrieved from https://malware.expert/general/what-is-a-web-shell/
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download