Ethical Hacking week 10

Week 10 is about testing DVWA.

My DVWA wont install as it only shows blank page 

Thanks to hansvin, I can use DVWA by using his DVWA installed in his digital ocean.

So let’s start.

DVWA has 4 security levels: low, medium, high, and Impossible.

We will use Command Injection attack as example

Low difficulty is full of vulnerabilities, there is no fix attempted.

For example, ping a website along injecting a command

The result will be the syntax id will be run with the ping command by the server.

The below source states that the server will only check for input, ping the input, and execute any other command existed in the input.

 

Next is the medium level. The medium level will have some protection in the code, but with major vulnerabilities that can be used to bypass the protection.

As we can see code above, it blacklisted some sub string to avoid any command injection.

But we can use other types of sub string such as ‘ | ‘ (or)

So the command will run OR sub string but only id command because ping results is passed to id command and id command does not need ping results

High level security will have more protection in the code that seems to be protected, but there are small, but fatal vulnerability that can be used. 

As we can see, the blacklist sub string has increased. But there is a small vulnerability here. The ‘| ‘ command includes white space inside. So if we not include the white space, the command injection will run. 

Impossible level is only for comparing purposes only. It is a level where there are no vulnerabilities existed in the code.

 

Posted in Uncategorized | Comments Off on Ethical Hacking week 10

Ethical Hacking week 8 & 9

Social Engineering

Attacks by manipulating people, includes trust to gain access.

There are many methods of this:

  1. Dumpster diving: finding dumped hard copies that may contain sensitive information
  2. Impersonating a company member, trying to trick users to giveaway their account information
  3. Phishing: most common method, sending an email to a person claiming from a company/social media to fill their account information

Gaining information has 2 methods:

  • Interview: the soft way, with all parties involved consent.
  • Interrogation: the hard way, one-sided questioning and mandatory for the person asked to answer the question

Evidently, there are a lot of scams, one such example is asking for bank account details through phone call.

Target exploitation

Main hacking procedure. Basically executing malicious codes to access file. Mostly by inserting some kind of malicious codes/virus to gain backdoor access to a target computer.

Tools used: metasploit

The target will download file that contains malicious code/virus/malware and gains access to their files.

Posted in Uncategorized | Comments Off on Ethical Hacking week 8 & 9

Ethical hacking week 5 & 6

Enumeration extracts info about:
– resources or shares on the network
– usernames or groups assigned on the network
– last time the user has logged on
– user’s password

Tools: NBT Scan, NBTstat, netview

CVE number is the vulnerability mitre.org has their list

Below, is a part of the final project, but I’ll just put here as test subject.

Also, I got the users list in jo1.pentest.id by using wpscan.

Port scanning and footprinting

  • finding open ports
  • determining what OS being used (need to install different vmware first, oracle’s VM virtual box is not working properly)

For now, I’m using nmap as my tool for port scanning and pentest.id as target . Another alternative for nmap is zenmap which the GUI version. For some reason, nmap takes a while.

Port Scanning example:

Below is one of the nmap tools, it is fast because I only told nmap to find open ports only.

 

Posted in Uncategorized | Comments Off on Ethical hacking week 5 & 6

Ethical hacking week 4

Target Discovery

To attack, we need a target, hence the target discovery. When a website server IP is protected, they may share the same IP with the other websites that may have vulnerabilities.

if your real target is directly secured, you can try attacking different domain that is in the same server that may have
vulnerabilities through the same IP address they share

Sometimes IP is hidden behind likes of Cloudflare
To find it try open www.crimeflare.us:82/cfs.html
Wonderful tool to see any IP hidden by Cloudflare

Small trivia: XMLRPC has a weakness that the real server would pingback to your personal server

tools:
– dnstrails.com
– robtex.com

This is robtex:

Posted in Uncategorized | Comments Off on Ethical hacking week 4

Ethical Hacking Week 3

DNS:

what dns do?
resolve host names to ip address
simple but extremely vunerable because using simple protocol (using UDP)

DNS is mapping machine

DNS zone transfer:
– enables you to see all hosts on a network
– GIves you organization’s network diagram

Zone transfer using enum:
use DIG SOA (websitename)

dig command: enumerating records used by a website

dig soa command: enumerating SoA (Start of Authority)records

————————————————————————————
utilizing search engine
GOOGLE also can list info leak out in your system

one of the tools: Maltego
?It can find the relationships, which (people) are linked to, including their social profile, mutual friends, companies that are related to the information gathered, and websites.
?Also we can gather information related to any infrastructure, we can gather relationship between domains, DNS names, and net blocks.

I used binus.ac.id as test subject and it shows multiple websites linked to the website.

Google hacks: Google Dorks
can find sensitive files
used for finding backup mistakes by admins

For example, I’ll just search for file containing passwords,

single point error: 1 DNS only, subjected to be attacked

Email use TCP protocol
front end: Email service

back end:
HTTP(port 80) connected to
SMTP(port 25) (Exclusive)
and
POP(port 110)

small note: well known ports(0 – 1023)

(used command: host (website), dig (website))

Posted in Uncategorized | Comments Off on Ethical Hacking Week 3

Ethical Hacking Week 1 & 2

Week 1:

Ethical hackers: people that have hacking skills employed by a company to perform penetration tests

Penetration test (pentest): legally attempt to break in a company’s network through it’s weakness, testers only to report their findings

Security test: includes pentest + analyzing company’s security policy and procedures, testers offer solutions to secure/protect the network.

What makes them different from other hackers:

  • Ethical hackers obtain permission from network owners to hack data
  • Ethical hackers are generally white hats(hackers who obey the law)

Penetration-Testing methodologies:

White box model: Tester knows everything about the network topology and technology, company staff knows about the attempt pentest

Black box model: Tester did not have any information about the network, company staff did not know about the attempt pentest, also challenges the security personnel are able to detect an attack

Grey box model: Mix of both models, company gives tester partial info

Penetration-Testing process:

  1. Defining the scope of the test: where, what, who, how long (will be tested)
  2. Perform the pentest
  3. Reporting the pentest

Penetration-Testing common techniques:

  • Passive Research
  • Open Source Monitoring
  • Network mapping and OS
    fingerprinting
  •  Spoofing
  • Network Sniffing
  • Trojan attacks
  • Brute-force
  • Vulnerability scanning
  • Scenario analysis

In Pentest, there are 2 teams: red team and blue team

Red team: to attack the server

Blue team: to defend against red team, anticipating their attacks

To be Ethical Hacker, we need certifications such as OSSTMM

Every country has their own laws about hacking, so it’s better to read the country’s law about technology systems. One mistake can makes an ethical hacker to simply hacker.

Week 2:

Intelligence gathering: basically information gathering for preparation of ethical hacking such as company name, address, website, pentest objecttives, types, servers, etc.

There are many tools to achieve this such as paros proxy.

Also by using whois command, one can find domain info and IP address of the target company.

Also by HTTP methods can find server info, but cannot if it’s guarded by firewall

Other methods is by cookies or web bugs

Posted in Uncategorized | Comments Off on Ethical Hacking Week 1 & 2

Final Project Report

By Hanssen Hilman and Benny Victor

Overview:

The goal of this final project is to create a game the is aimed for kids in kindergarten.

Creating the game:

By using construct 2, we create   d a trivia game that utilizes pictures for kids to understand. The theme is animals, and this games tests the knowledge from using cartoon pictures of animals instead of using real life pictures of animals. We added high score feature and timer just to add some challenge. In addition, the timer is reduced when the player reached a certain score.

Posted in Uncategorized | Leave a comment

Final project game proposal

My game will be an easy trivia game that is for kids. The game itself will be like multiple choice game, with a timer. The theme for the game is animals, and the goal of this game is to test the kids’ knowledge about animals from the pictures/questions.

Posted in Uncategorized | Leave a comment

Database final project: FastCabs

By Hanssen Hilman(2001586256) and Benny Victor(2001585316) Course: Database Systems


Overview:

The goal of the final project is to make a database program based on case study given by the lecturer. The case study implies that a private taxi company “FastCabs” in Scotland needs a solution for their database problem as their communication and information sharing is poor. The director of the company asks “us” programmers to create a database program as a solution.

Preparation:

First, my team planned using ER diagram, we used normalization for separating and creating tables. 10 tables are created as the result of normalization, and the ER diagram is as follows:

Creating database:

my team uses MySql as database. We created 10 tables according to the ER diagram and fill them with test data. We established relationships between tables as references.

Creating program:

The program is created using Visual Studio and it is in form of VB.net Windows Application Form. The requirement states that the program must use menu for their tables and the required queries. As addition, we included buttons for the tables, inserting data and sorting data. 

 

Posted in Uncategorized | Leave a comment

Hello world!

Welcome to Binusian blog.
This is the first post of any blog.binusian.org member blog. Edit or delete it, then start blogging!
Happy Blogging 🙂

Posted in Uncategorized | 1 Comment