2150002 - CYBER SECURITY 130020107024 Debian GNU/Linux: This distribution is one of the oldest and recognized favorites among advanced technical groups. It is relatively difficult to install due to the very high number of installation options. OpenLinux (Caldera): The OpenLinux distribution has shrink-wrapped software packages that include the first graphical Linux installation. This distribution allows the user to play a game in the foreground while the computer loads software in the background during installation. Red Hat: Red Hat is the first company to mass market the Linux operating system. They have validated Linux by packing the GNU/Linux tools in shrink wrapped packages and have included valued-added features to their product such as: telephone support, training, and consulting services. Slackware: Of all of the surviving Linux distributions, Slackware has been around the longest. The installation interface had remained the same since its beginning, until a couple of years ago. SuSE: This distribution derives from Germany. SuSE works closely with the Page 3 of 36 XFree86 project (the free X graphical server component of all Linux distributions). As a result, they have a terrific graphical configuration tool called SaX. TurboLinux: This distribution provides a great graphical desktop environment along with a few tools for configuring the system. TurboLinux has lead the way in the turnkey installations by providing CD installations exclusive to Server, Workstation, and Clusters. B. Configuring Your System After the installation process of the files is complete, the next step is configuring the system. These steps involved: 1. Selecting a language 2. Choosing automatic or manual partitioning 3 AIT-CE
2150002 - CYBER SECURITY 130020107024 2.4. Nmap Nmap was developed by Fyodor Yarochkin and is one of the most well-known portscanning tools. Nmap is available for Windows and Linux as a GUI and command-line program. It can do many types of scans and OS identification. It also has the ability to blind scan and zombie scan, and it enables you to control the speed of the scan from slow to very fast. The name Nmap implies that the program was ostensibly developed as a network mapping tool. As you can imagine, such a capability is attractive to the people who secure networks as well as those who attack networks. Nmap is considered one of the best port-scanning tools in part because it offers an easy command-line interface (CLI) and has ready availability of documentation, and because of the way in which the tool has been developed and maintained. 2.4.1. Common Scan types TCP Full Connect scan: This type of scan is the most reliable but also the most detectable. It is easily logged and detected because a full connection is established. Open ports reply with a SYN/ACK; closed ports respond with a RST/ACK. TCP SYN scan: This type of scan is known as half-open, because a full TCP connection is not established. This type of scan was originally developed to be stealthy and evade IDS systems, although most now detect it. Open ports reply with a Page 12 of 36 SYN/ACK; closed ports respond with a RST/ACK. TCP FIN scan: Forget trying to set up a connection; this technique jumps straight to the shutdown. This type of scan sends a FIN packet to the target port. Closed ports should send back an RST. This technique is usually effective only on Unix devices. TCP NULL scan: Sure, there should be some type of flag in the packet, but a null scan sends a packet with no flags set. If the OS has implemented TCP per RFC 793, closed ports will return an RST. TCP XMAS scan: just a port scan that has toggled on the FIN, URG, and PSH flags. Closed ports should return an RST. 2.4.2. NMAP Installation Step # yum -y install nmap # rpm -ivh Zemap- AIT-CE 12
2150002 - CYBER SECURITY 130020107024 Scanning for ports and to get what is the version of different services running on that machine nmap sv hostname nmap -sv 192.168.1.1 To check which protocol(not port) such as TCP, UDP, ICMP etc is supported by the remote machine. This -so will give you the protocol supported and its open status. nmap so hostname nmap -so localhost To scan a system for operating system and uptime details nmap -O hostname nmap -O google.com Page 16 of 36 The summary will appear in command line with no GUI as in figure 2 AIT-CE 16
CYBER SECURITY ENROLLMENT NO Page 17 of 36 Figure.1 AIT_CEIT 17
CYBER SECURITY ENROLLMENT NO The first challenge of DVWA is how to login it. Usually, you can search the network and get the default username/password, or try to use SQL Injection to escape the authentication mechanism, such as use a username like admin ;-- or other ways. Here we will use brute force, and use WebCruiser Web Vulnerability Scanner brute force tool. First, input any username and password, such as 123, 456, etc. submit. Fig 5.1 Page 30 of 36 Fig 5.2 We found there was a request list which includes requests we submit just now. Note that there is a button Bruter, click it, it will switch to Bruter tool.the username and password field has been identified automatically. The dictionary files are located in the same directory with WebCruiserWVS.exe and supports custom modifying. Click Go to start guess process, result will be list in the window. Log in with the username and password. AIT_CEIT 30
CYBER SECURITY ENROLLMENT NO 2. Persistent XSS Consider a web application that allows users to enter a username that is displayed on each user s profile page. The application stores each username in a local database. A malicious user notices that the web application fails to sanitize the username field and inputs malicious JavaScript code as part of their username. When other users view the attacker s profile page, the malicious code automatically executes in the context of their session. Fig 2. Page 36 of 36 Fig. 3 and as shown in Fig 1 try to write <script language="javascript">alert("ashish")</script> to the box, and submit it. Vulnerability: Stored Cross Site Scripting (XSS). Fig. 4 AIT_CEIT 36