Professional Documents
Culture Documents
Ethical Hacking Assessment Edited
Ethical Hacking Assessment Edited
Financial loss
Data loss
Reputation damage
Unauthorized access of data
Exploitation:
It can be exploited by injecting malicious codes into the management
server ms.log file. This will fabricate the log entries into the management
servers.
Recommendations:
Allowing a user login locally will lead to bypass the session, so its
recommend to use data encryption key, so the authentication will be
encrypted at the user end.
All authentication should be performed by server side, after successful
authentication, the data will be loaded into mobile device, so the data will
be loaded after a successful authentication.
The server will execute the program without checking the origin or
integrity which will change the flow of the program. The attacker can
execute malicious programs into servers performing DNS spoofing or
modifying the codes.
Recommendation:
This allows the attackers to capture the users request and bypass the
authentication methods. Due to lack of proper authentication methods.
The attacker can gain the user privileges.
Causes:
Recommendations:
This allows the attacker to easily sniff the data traffic over the network.
It affects the confidentiality and integrity, the application doesn’t use SSL,
SSH which leads to transmitting the data without proper encryption.
Causes:
Recommendations:
The attacker injects malicious code into the website, when the user open
the URL the malicious code will be executed in the user’s system. The web
server fails to validate the code executed into the website. Types of XSS
(cross site scripting) are:
Blind xss
Stored xss
DOM based xss
Causes:
The malicious code will executed every time when the user visits
that page
The payload enter into the trusted websites and executes at the
user end.
Recommendations:
SQL injection is a attack where the attacker injects some injection codes into
the type box fields and retrieve sensitive in formation from the SQL databases.
This will lead to unauthorized authentication into web servers, users
information leakage etc.
uWAMP server
Bricks &
Mantra
Step 2: After installing it, our task is to login into this site without creating user
account.
Step 3: We are going to use the following SQL code injection into this fields
Here we are going to create a fake xyz multi specialty hospital’s webserver.
Each and every employee has a unique login credentials. The website consists
of visiting patients details like name, contact information, address etc. If you
have access to that site you will get the total database of that hospital. First of
all we have to gain as much information about the employees, infrastructure
and about the owner. The admin page of this website is accessible via google
search engine. So we are going to use this webpage as a bait. So we need to clone
this admin webpage using social engineering tools. We are going to host that
clone site into the server. And we are going to share the URL to the victim. Here
we are going to impersonate as a Managing director of that hospital. We are
going to register a Gmail account in the name of that Managing Director. Let’s
consider the name of the managing director is john
(johnxyzhospital@gmail.com). We are going to send Gmail to one of the
employees in that hospital and ask to login through this link. The employee of
that hospital will login through the phishing link. And the login details will be
sent to our server.
Here we are going to demonstrate the vishing method. Here we are going to call
an individual through call (the contact information is obtained through
phishing method). Our mission is to impersonate as a bank officer and get the
credit card number through phone call. Calling that individual and claiming that
we are calling from bank head office.
Attacker: Hello sir, your credit has been blocked and we have to reactivate
immediately or else you can use your card anymore
Attacker: Please don’t worry sir, we are here to help no need to visit the branch,
we can activate it remotely. Please tell me your 16 digit number on your credit
card.
The Victim has no idea what just happened. Here the attacker uses the vishing
method to gain financial information (credit card number) from the method. It
is the most effective which is used to gain financial information from the victim
easily. In the above demonstration, the attacker will use the credit card number
for online purchases or for any illegal purposes.
For this illustration we are going to use zphisher from GitHub. Zphisher is an
open source phishing tool which has lots of clone websites. We are going to use
kali linux for this demonstration.
Command: ./zphisher.sh
It will install all the pre requisites needed.
After selecting number 6, the zphisher clone the PayPal login page
Now we have to select the hosting, in this demonstration we are going to
perform with ngrok.io, so let’s select number 2
After selecting ngrok it will clone the website and host it into ngrok localhost.
The url will be provided, we can send this url to our victims.
For sharing the URL we are going to use Social engineering toolkit (SET) which
is pre installed in kali linux.
After opening SET, it will ask for several types of social engineering attacks, in
this demo we are going to use mass mailer method.
Select Number 1 from the menu
Select number 5 which is mass mailer attack
And then we are going to select number 1, which is single email address.
Enter the victim Ip address and the sender ip address.
Fill all the details like body of the message, mail subject, attachment needed etc.
Here we are impersonating as a PayPal customer service and asking victims to
fell into phishing trap. Thus the email is sent to the victim. The zphisher waits
for the victim to open the link. After opening the link, the victims ip address are
stored in text file, if the users logs in into the clone website his credentials are
captured and saved as a file.
Here you can see our victim opened the phishing link and his public ip is saved
in text file.
This is the fake PayPal login page. Looks like a legitimate website.
Here you can see the victim logged into the fake page and his credentials are
captured.
Before exploiting the target hackers undertake several steps. In each steps the
hackers gain sensitive information about the target which helps to exploit the
target. The phases of ethical hacking are as follows:
Reconnaissance
Scanning
Gaining access
Maintaining access
Clearing tracks
Fig 1.0 Phases of Ethical Hacking
Reconnaissance:
Scanning:
With the information obtained from reconnaissance, the ethical hacker begins
to testing the networks and machines to identify the potential attacks. The
ethical hacker will scan the entire network of the target to find vulnerabilities.
Gaining access:
The ethical hackers will exploit the vulnerabilities collected in the above phases
and gain access to the target. The attacker will exploit the systems will payloads
or malwares. Common tools used for payload execution is Metasploit
framework (msf console). The most common attacks are:
Buffer overflow
Broken authentication
Privilege escalation
Maintaining access:
Process of gaining the databases from the servers for malicious purposes. The
attacker try to find possible ways to penetrate into the systems.
Clearing tracks:
This is the final phase, where the attackers clear his evidences like uninstalling
scripts, clearing log information, folders created during attack, clearing the
registry information etc.
Footprinting is the first phase in ethical hacking. There are two types of
footprinting, they are:
nmap 192.168.1.4
This will scan the target and give the open port information. Here the open
ports are 80,135,139,445,7070.
Step 5: For further details, we are going to collect more information from the
target device. Use the following command.