Preview from Notesale.co.uk Page 3 of 36

Similar documents
Scanning. Course Learning Outcomes for Unit III. Reading Assignment. Unit Lesson UNIT III STUDY GUIDE

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning

CIT 480: Securing Computer Systems

TCP TCP/IP: TCP. TCP segment. TCP segment. TCP encapsulation. TCP encapsulation 1/25/2012. Network Security Lecture 6

INF5290 Ethical Hacking. Lecture 3: Network reconnaissance, port scanning. Universitetet i Oslo Laszlo Erdödi

Module 19 : Threats in Network What makes a Network Vulnerable?

Ethical Hacking Basics Course

Lab1. Definition of Sniffing: Passive Sniffing: Active Sniffing: How Does ARP Spoofing (Poisoning) Work?

Nmap & Metasploit. Chun-Jen (James) Chung. Arizona State University

FOCUS on Intrusion Detection: Intrusion Detection Level Analysis of Nmap and Queso Page 1 of 6

Network Security: Scan

9. Security. Safeguard Engine. Safeguard Engine Settings

Scan Report. March 6, 2015

A quick theorical introduction to network scanning. 23rd November 2005

Practical Training in. IT-Security. Information gathering. - Experiment manual - Tasks. B.Sc. BG 24 M.Sc. AI MN 1 M.Sc. EB 10

Intrusion Detection - Snort

Basics of executing a penetration test

Configuring attack detection and prevention 1

GCIH. GIAC Certified Incident Handler.

Evaluating Website Security with Penetration Testing Methodology

Detecting Specific Threats

Hands-On Ethical Hacking and Network Defense

Scan Report. March 6, 2015

ELEC5616 COMPUTER & NETWORK SECURITY

Intrusion Detection - Snort. Network Security Workshop April 2017 Bali Indonesia

Introduction to Operating Systems. Note Packet # 1. CSN 115 Operating Systems. Genesee Community College. CSN Lab Overview

Intrusion Detection - Snort

Host Identity Sources

Analysis of TCP Segment Header Based Attack Using Proposed Model

Question No: 2 Which identifier is used to describe the application or process that submitted a log message?

Week Date Teaching Attended 5 Feb 2013 Lab 7: Snort IDS Rule Development

Understand ping sweep techniques. Understand nmap command switches. List TCP communication flag types. Understand war-dialing techniques

Network Security. Kitisak Jirawannakool Electronics Government Agency (public organisation)

GUI based and very easy to use, no security expertise required. Reporting in both HTML and RTF formats - Click here to view the sample report.

Drone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created

Computer Security Coursework Exercise CW1 Web Server and Application Security

Interested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights

Communication Networks ( ) / Fall 2013 The Blavatnik School of Computer Science, Tel-Aviv University. Allon Wagner

Configuring Flood Protection

NETCONF Client GUI. Client Application Files APPENDIX

Scan Report Executive Summary

Ruby on Rails Secure Coding Recommendations

Exam Questions CEH-001

Scan Report. March 6, 2015

Packet Header Formats

Perslink Security. Perslink Security. Eleonora Petridou Pascal Cuylaerts. System And Network Engineering University of Amsterdam.

Configuring attack detection and prevention 1

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address :

On Assessing the Impact of Ports Scanning on the Target Infrastructure

Change Management: DYNAMIC NETWORK MAPPING. LinuxWorld San Francisco Security Track. Presented by Joshua D. Abraham.

Relay Proxy User Guide

TexSaw Penetration Te st in g

Certified Vulnerability Assessor

502 / 504 GATEWAY_TIMEOUT errors when browsing to certain sites

Payment Card Industry (PCI) Executive Report 11/01/2016

Exam Questions v8

WebGoat Lab session overview

Figure 1: Attempts for /ws/v1/cluster/apps/new-application

Your Turn to Hack the OWASP Top 10!

Honeyd A OS Fingerprinting Artifice

Meet the Anti-Nmap: PSAD (EnGarde Secure Linux)

CCNA 1 Chapter 7 v5.0 Exam Answers 2013

EasyCrypt passes an independent security audit

Dumpswheel. Exam : v10. Title : Certified Ethical Hacker Exam ( CEH v 10) Vendor : EC-COUNCIL. Version : DEMO.

TCP/IP Transport Layer Protocols, TCP and UDP

Penetration Testing with Kali Linux

Solutions Business Manager Web Application Security Assessment

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

To Be or Not To Be An Incident Recovery Case Study. Sherman, Xie Chunyan CCE, CISSP, GCIH

Introduction to Penetration Testing: Part One. Eugene Davis UAH Information Security Club February 21, 2013

Lab 8: Introduction to Pen Testing (HPING)

Unicornscan Documentation Getting Started

Network Forensics Prefix Hijacking Theory Prefix Hijacking Forensics Concluding Remarks. Network Forensics:

Project 3: Network Security

Curso: Ethical Hacking and Countermeasures

Attacks Against Websites. Tom Chothia Computer Security, Lecture 11

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

ECSAV8 Q&As. EC-Council Certified Security Analyst (ECSA) Pass EC-COUNCIL ECSAV8 Exam with 100% Guarantee

eb Security Software Studio

Web Application Security. Philippe Bogaerts

SANS SEC504. Hacker Tools, Techniques, Exploits and Incident Handling.

Survey of Cyber Moving Targets. Presented By Sharani Sankaran

A. It provides special tunneling, such as UDP to TCP, with the possibility of specifying all network parameters.

Check Point DDoS Protector Introduction

Computer Science 3CN3 and Software Engineering 4C03 Final Exam Answer Key

OWASP TOP 10. By: Ilia

Storage Efficient Capturing of Port Scanning Attack Traffic

Web Application Penetration Testing

IDS / SNORT. Matsuzaki maz Yoshinobu stole slides from Fakrul Alam

Module 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services

Jacksonville Linux User Group Presenter: Travis Phillips Date: 02/20/2013

Denial of Service and Distributed Denial of Service Attacks

n Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic

Online Intensive Ethical Hacking Training

Network Security. Security aspects of TCP/IP. Radboud University, The Netherlands. Autumn 2015

Instituto Superior Técnico, Universidade de Lisboa Network and Computer Security. Lab guide: Traffic analysis and TCP/IP Vulnerabilities

AppGate 11.0 RELEASE NOTES

DIS10.1 Ethical Hacking and Countermeasures

Transcription:

2150002 - CYBER SECURITY 130020107024 Debian GNU/Linux: This distribution is one of the oldest and recognized favorites among advanced technical groups. It is relatively difficult to install due to the very high number of installation options. OpenLinux (Caldera): The OpenLinux distribution has shrink-wrapped software packages that include the first graphical Linux installation. This distribution allows the user to play a game in the foreground while the computer loads software in the background during installation. Red Hat: Red Hat is the first company to mass market the Linux operating system. They have validated Linux by packing the GNU/Linux tools in shrink wrapped packages and have included valued-added features to their product such as: telephone support, training, and consulting services. Slackware: Of all of the surviving Linux distributions, Slackware has been around the longest. The installation interface had remained the same since its beginning, until a couple of years ago. SuSE: This distribution derives from Germany. SuSE works closely with the Page 3 of 36 XFree86 project (the free X graphical server component of all Linux distributions). As a result, they have a terrific graphical configuration tool called SaX. TurboLinux: This distribution provides a great graphical desktop environment along with a few tools for configuring the system. TurboLinux has lead the way in the turnkey installations by providing CD installations exclusive to Server, Workstation, and Clusters. B. Configuring Your System After the installation process of the files is complete, the next step is configuring the system. These steps involved: 1. Selecting a language 2. Choosing automatic or manual partitioning 3 AIT-CE

2150002 - CYBER SECURITY 130020107024 2.4. Nmap Nmap was developed by Fyodor Yarochkin and is one of the most well-known portscanning tools. Nmap is available for Windows and Linux as a GUI and command-line program. It can do many types of scans and OS identification. It also has the ability to blind scan and zombie scan, and it enables you to control the speed of the scan from slow to very fast. The name Nmap implies that the program was ostensibly developed as a network mapping tool. As you can imagine, such a capability is attractive to the people who secure networks as well as those who attack networks. Nmap is considered one of the best port-scanning tools in part because it offers an easy command-line interface (CLI) and has ready availability of documentation, and because of the way in which the tool has been developed and maintained. 2.4.1. Common Scan types TCP Full Connect scan: This type of scan is the most reliable but also the most detectable. It is easily logged and detected because a full connection is established. Open ports reply with a SYN/ACK; closed ports respond with a RST/ACK. TCP SYN scan: This type of scan is known as half-open, because a full TCP connection is not established. This type of scan was originally developed to be stealthy and evade IDS systems, although most now detect it. Open ports reply with a Page 12 of 36 SYN/ACK; closed ports respond with a RST/ACK. TCP FIN scan: Forget trying to set up a connection; this technique jumps straight to the shutdown. This type of scan sends a FIN packet to the target port. Closed ports should send back an RST. This technique is usually effective only on Unix devices. TCP NULL scan: Sure, there should be some type of flag in the packet, but a null scan sends a packet with no flags set. If the OS has implemented TCP per RFC 793, closed ports will return an RST. TCP XMAS scan: just a port scan that has toggled on the FIN, URG, and PSH flags. Closed ports should return an RST. 2.4.2. NMAP Installation Step # yum -y install nmap # rpm -ivh Zemap- AIT-CE 12

2150002 - CYBER SECURITY 130020107024 Scanning for ports and to get what is the version of different services running on that machine nmap sv hostname nmap -sv 192.168.1.1 To check which protocol(not port) such as TCP, UDP, ICMP etc is supported by the remote machine. This -so will give you the protocol supported and its open status. nmap so hostname nmap -so localhost To scan a system for operating system and uptime details nmap -O hostname nmap -O google.com Page 16 of 36 The summary will appear in command line with no GUI as in figure 2 AIT-CE 16

CYBER SECURITY ENROLLMENT NO Page 17 of 36 Figure.1 AIT_CEIT 17

CYBER SECURITY ENROLLMENT NO The first challenge of DVWA is how to login it. Usually, you can search the network and get the default username/password, or try to use SQL Injection to escape the authentication mechanism, such as use a username like admin ;-- or other ways. Here we will use brute force, and use WebCruiser Web Vulnerability Scanner brute force tool. First, input any username and password, such as 123, 456, etc. submit. Fig 5.1 Page 30 of 36 Fig 5.2 We found there was a request list which includes requests we submit just now. Note that there is a button Bruter, click it, it will switch to Bruter tool.the username and password field has been identified automatically. The dictionary files are located in the same directory with WebCruiserWVS.exe and supports custom modifying. Click Go to start guess process, result will be list in the window. Log in with the username and password. AIT_CEIT 30

CYBER SECURITY ENROLLMENT NO 2. Persistent XSS Consider a web application that allows users to enter a username that is displayed on each user s profile page. The application stores each username in a local database. A malicious user notices that the web application fails to sanitize the username field and inputs malicious JavaScript code as part of their username. When other users view the attacker s profile page, the malicious code automatically executes in the context of their session. Fig 2. Page 36 of 36 Fig. 3 and as shown in Fig 1 try to write <script language="javascript">alert("ashish")</script> to the box, and submit it. Vulnerability: Stored Cross Site Scripting (XSS). Fig. 4 AIT_CEIT 36

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback