This is the project which discussed about ethical hacking. To proceed this a case study which is already provided. There are certain things which the user has to have for infiltrating the system which is given. Moreover, it is requested to get the root level privileges. This report will mainly talk about five flags. These five flags are completed using the provided case study of virtual machine. Each flag will be explained clearly, where it will mention about the flags usage, it’s impact and the tool it uses to conduct various processes. Therefore, here the flags will be analysed and discussed in detail.
The testing log process starts with the installation of Virtual machine. This looks exactly as illustrated in the following image (Allen, Heriyanto & Ali, 2014)
Here, let us get to know about Apache. It refers to a web server which is supports most of the major platforms. The Apache server is stored in the operating system’s different directory. This is because of it’s efforts for finding the file’s whenever required (Buchanan, 2014). Hence, for identifying the apache configuration file there exists certain methods which can swiftly locate and complete the process with ease. It gives the details of Apache installation’s directory structure for all the major platforms or the OSes. The following indicates the web server content.
The following table indicates the Apache httpd 2.4 default layout (apache.org source package):
The following table denotes the Apache httpd 2.2 default layout (apache.org source package):
The following table represents the layout of Apache httpd 2.0 default layout (apache.org source package):
The flag 2 introduces the web shells are small programs or scripts which can be uploaded to the vulnerable server and it can be opened from the browser, to provide a web based interface to run the system commands. Generally, the web shells are the backdoors which run from the browser (Eliot, 2016). The suitable or supporting programming language is used for the web server’s, web shell script. Here, php language is utilixed. The web shells provides a quick graphical user interface for performing the following activities:
Travelling across the directories, viewing the files, editing the files, downloading the files, deleting the files, uploading the files, executing MySQL queries or the commands, bypassing the mod_security, giving permissions to the directory/folders and executing the shell commands.
c99 web shell
The other web shell we are going to introduce here is, c99. This specific web shell for pho is so popular and it is just due to it’s supportive and effective features. (Engebretson, 2013).
Certain powerful features include, file browsing, uploading, deleting, executing commands, viewing the system details, viewing all the running processes, running the php code etc.
The following screenshot represents c99 web shell.
In flag 3, hashcat will be discussed because at present it is the finest password cracker available.
Step – 1 Open Hashcat
For opening hashcat the following instructions must be followed (Ethical hacking and countermeasures, 2017):
Applications -> Kali Linux -> Password Attacks -> Offline Attacks -> hashcat
Go to the menu item of hashcat, it will open the help screen.
The above screen displays the basic hashcat syntax, as follows,
kali > hashcat options hashfile mask|wordfiles|directories
Step 2 More Extensive Options
Hashcat begins by enabling the rules which could be applicable for the designed rules, for using our wordlist file.
Step 3 Choose Your Wordlist
Type the below instruction for finding the built in wordlists present in Kali system (Halton & Weaver, 2016):
kali > locate wordlist
Step 4 Grab the Hashes
Here, on the Kali system grab all the hashes. It is required to view the hashes for grabbing them and this possible when the user is logged in as the root. But, the difference in Linux system is that the hashes will be stored in the following directory,
/etc/shadow file
Hence, type as shown below.
kali > tail /etc/shadow
Type the following to open the file,
kali > more /etc/login.defs
Step 5 Crack the Hashes
Separate the hashes in a different file and name it, hash.lst.
kali > cp /etc/shadow hash.lst
Thn type the following (“Kali Linux – Assuring Security by Penetration Testing”, 2014):
more hash.lst
The last step helps to begin cracking the hashes, as follows:
kali > hashcat -m 1800 -a 0 -o cracked.txt –remove hash.lst /usr/share/sqlmap/txt/wordlist.txt
Nmap is …
in Kali, follow the below instructions to open Nmap.
Open terminal
Type Nmap.
kali > Nmap
This represents the help screen.
The results look as illustrated in the following screenshot. The screenshot displys all the TCP ports which are possibly open for the moment on our target machine. Along with the open ports it even displays the default service for the related port.
The following includes the basic Linux privilege escalation on which knowledge is gained (Oriyano, 2017):
The details of ethical hacking are discussed successfully in this report. The user proceeds the case study on virtual machine. The report also represents the things which are needed for infiltrating the system with root level privileges for the already provided system. This report has mainly focussed on the five flags which relate to the case study of virtual machine.The very first flag helps in web server content examining. To do this it requires identifying the username and password of the admin. The next flag helps to learn about the web shells which has significant role. Then comes the third flag and it determined to help in cracking the password with the help of the web shell. Whereas, the fourth flag helps in finding out any mistakes from the user while entering the password on the system. To do this it needs scanning and hence the TCP port scanner tool is utilized. Finally, the last flag works on learning the basic Linux privilege escalations to help the required process.
Henceforth, each flag is explained clearly, where it has specified about the usage of the flags, it’s influence and the tools used for conducting various processes for instance port scanning, password cracking and so on.
References
Allen, L., Heriyanto, T., & Ali, S. (2014). Kali Linux – assuring security by penetration testing. Birmingham, UK: Packt Pub.
Buchanan, C. (2014). Kali LInux CTF blueprints. Birmingham, UK: Packt Pub.
Cengage Learning. (2017). Ethical hacking and countermeasures. Boston, MA.
Eliot, G. (2016). The Mill on the Floss. Dinslaken: Anboco.
Engebretson, P. (2013). The basics of hacking and penetration testing. Waltham, MA: Syngress/Elsevier.
Halton, W., & Weaver, B. (2016). Kali Linux 2. Birmingham, UK: Packt Publishing.
Kali Linux – Assuring Security by Penetration Testing. (2014). Network Security, 2014(8), 4. doi: 10.1016/s1353-4858(14)70077-7
Loh-Hagan, V. Ethical hacker.
McPhee, M. (2017). Mastering Kali Linux for Web Penetration Testing. Birmingham: Packt Publishing.
Na?jera-Gutie?rrez, G. Kali Linux web penetration testing cookbook.
Oriyano, S. (2017). Kali Linux Wireless Penetration Testing Cookbook. Birmingham: Packt Publishing.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download