Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Case Study

    Hochgeladen von

    Ali Habib
    60 Ansichten4 Seiten
    PG/UG CSI3208 / CSI5208 – Ethical Hacking and Defence

    Originaltitel

    Case Study(1)

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    DOC, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    PG/UG CSI3208 / CSI5208 – Ethical Hacking and Defence

    Copyright:

    © All Rights Reserved
    Als DOC, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    60 Ansichten4 Seiten

    Case Study

    Hochgeladen von

    Ali Habib
    PG/UG CSI3208 / CSI5208 – Ethical Hacking and Defence

    Copyright:

    © All Rights Reserved
    Als DOC, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 4

    Edith Cowan University

    School of Computer and Security Science

    PG/UG CSI3208 / CSI5208 – Ethical Hacking and Defence


    Assignment 2

    Assessment Notes:
     UG (CSI3208) & PG (CSI5208) have different assessments
     UG students must undertake the UG assignment
     PG students must undertake the PG assignment
     Kali Linux is available as a virtual machine on the Unit Resources section of Blackboard

    Task
    You are to infiltrate the provided system and attain root level privileges. Additionally there are five
    flags, these flags are represented as values and are awarded at each point of system compromise. Look
    for them in home directories, web pages etc.

    You are to write a report outlining each test / attack run against the system and the result. You must
    follow a process, which should be defined prior to the commencement of testing. Your report should
    include the flags as well as any credentials you uncover as part of your hacking endeavours.

    Note: You must compromise the system over the network, local, physical or other attacks requiring
    direct interaction with the target system are not valid for the purposes of the assignment.

    Example flag:
    chahNaelia9zohlaseiPaich0QuoWoh8ohfaenaiQuaetaebushoakarai6lainohjongoneesoocahdei6guosietha
    e7uwuu5Kaid9eisah8EChoo4kaiGh2eit2mu

    Postgraduate students: You must also write the following software and include it as part of your
    submission:
     Basic TCP port scanner
     Password cracker (of the type required to complete the case study)

    Submission Requirements
    You must include the following in your submission:
     Your report containing:
    o Cover Page
    o Table of Contents
    o Executive Summary
    o Defined Methodology
    o Testing Log (should allow repeatability)
    o Results & Recommendations
     Postgraduate Students:
    o Your source code for tools used
    o Compilation and usage instructions

    School of Computer and Security Science


    Edith Cowan University
    School of Computer and Security Science

    Marking Guides

    CSI3208 (Undergrad)
    Item Mark
    Executive Summary 5
    Defined Methodology 15
    Testing Log 5
    Results & Recommendations 15
    Total: 40

    CSI5208 (Postgrad)
    Item Mark
    Executive Summary 5
    Defined Methodology 10
    Testing Log 5
    Results & Recommendations 15
    Source/Instructions: PortScanner 2
    Source/Instructions: Password Cracker 3
    Total: 40

    Notes
    Your work must comply with ECU referencing guidelines and plagiarism policy

    School of Computer and Security Science


    Edith Cowan University
    School of Computer and Security Science

    Flag 1

    Run ifconfig command to get an IP address of the machine

    then use the nmap utility to find the host on the network.

    using the nMap utility try to find the ip address for the casestudy metasploit

    using nmap utility find the open ports on the machine

    run the vulnerability test using nikto utility.

    on the login page brute force the password. admin admin

    Flag 2

    upload the exploit code of in .php file in order to get the ssh shell access in the web browser
    after the upload try opening the uploaded picture and that will grant an access in web browser

    after getting access to the ssh shell try 'ls' command to list the files and folders in directory you got
    access

    in the directory /var/www/html/private/ there is a file called secret.txt


    open the file using the command cat /var/www/html/private/secret.txt

    thats your flag 2

    Flag 3

    in the directory /var/www/html/private/ there is a file called .htpasswd


    open the file .htpasswd and you wil find the hash value with the hint developer
    copy and save the hashvalue in the .txt document and using the john tool convert the password for
    developer account.
    using the file provided by lecturer using that file in john utility convert the hash password.
    the password is 1qa2ws3ed
    go to terminal and connect ssh shell on developer user by command developer@192.168.204.131 and
    use the extracted password
    locate the hidden files in the / directory and find mynote.txt and that file will have flag 3.
    School of Computer and Security Science
    Edith Cowan University
    School of Computer and Security Science

    Flag 4

    navigate to directory /home/fred and find the .bash_history file by the command cat
    /home/fred/.bash_history
    we will find the manager password in the .bash_history and use that password to connect ssh to
    manager
    from manager access locate and open the file readme.txt in dorectory /home/manager/ to find flag 4

    Flag 5

    in the home directory of manager we will edit bak.sh in order to copy the shadow file of root to the
    manager directory
    edit the shadow file and replace the root password with the manager password
    change the bak.sh file again to copy the edited shadow file back to root folder

    School of Computer and Security Science

    Das könnte Ihnen auch gefallen