Mini Project Ms Dahlia - Nazim, Hasif, Iwani, Syakir

GERMAN MALAYSIAN INSTITUTE
DIPLOMA IN NETWORK SECURITY
Group Assignment/Tutorial/Practical Report/Quiz/Mini Project Cover

Sheet (Please circle any)
Student’s Name ;
1. MUHAMMAD HASIF FIRDAUS BIN MOHD HALIMI
2. MUHAMMAD FAIZUN NAZIM BIN MD FAUZAN
3. MUHAMMAD SYAKIR IRFAN BIN SAIFUL AMRI
4. NUR IWANI BINTI RASHIDY
Group Leader : Phone No : Email :

MUHAMMAD HASIF FIRDAUS 016-6262424 mhasiffirdaus.mhalimi@student.gmi.
BIN MOHD HALIMI edu.my
Subject Code : Subject Name :

CIT 0592 INTRUSION DETECTION AND
PREVENTION SYSTEM
Assignment / Tutorial / Practical/Quiz/Mini Semester : 5

Project
Group : NWS2
Title :
Name of TTO: DAHLIA ASYIQIN AHMAD ZAINADDIN
Due date: 23/10/2023 Date submitted: 30/10/2023
This cover sheet must be completed, signed and firmly attached to the front of the submission.
Please note that is your responsibility to retain copies of your work.
Student’s statement:
I certify that I have not plagiarized the work of others or participated in unauthorized collusion when
preparing this assignment.
I also certify that I have taken proper care in safeguarding my work and have made all reasonable efforts to
ensure that my work not be able to be copied.
Signature: ………………………..
1
MARK:
Comments:
2
Table Of Contents
1. Find 1 tool to simulate an attack. 4
2. Find 1 IDS/IPS/Firewall/Honeypot tool (run in any OS / platform: Linux
platform/windows/desktop/server) 6
3. You should simulate the attack and show how you use ids to detect the attack 8
4. Requirement to use these tools (tool for attack/ids) 12
5. Procedure of installation 13
○ THC-Hydra 13
○ Wazuh 15
6. Discuss the use of these tools 17
○ Wazuh 17
○ THC-Hydra 19
7. Discuss about advantage/disadvantage of these tools 20
8. Explain examples on how to use the tool, explain how it works. 21
9. Conclusion 33
10. References 34
3
1. Find 1 tool to simulate an attack.
Diagram 1 : THC-Hydra
THC-Hydra is a powerful and adaptable password-cracking program that is mostly used

in penetration testing and security assessments. It is classified as a security testing tool, with the
primary goal of assessing the resilience of authentication techniques and passwords used on
various network services and applications. Hydra accomplishes this by repeatedly attempting to
obtain illegal access via a variety of means. One of its primary characteristics is its versatility, as
it supports a wide range of network protocols and services, including SSH, FTP, Telnet, HTTP,
and others.
To test the security of login systems, Hydra employs a variety of attack strategies,
including dictionary attacks, brute force attacks, and hybrid attacks. This diversity of attack
methods enables security professionals, ethical hackers, and system administrators to efficiently
evaluate and increase the security of their systems. Notably, users can fine-tune attack settings by
choosing character sets, password lengths, and other factors, allowing them to tailor the assault
to a specific scenario. This customization tool is especially useful when dealing with different
authentication systems and levels of security.
4
It is critical, however, to underline that Hydra should only be used properly and with the
correct authority. The unauthorized use of this instrument is not only illegal but also unethical.
Account lockouts and alarms can be triggered by unauthorized intrusion attempts, potentially
causing interruption and harm. As a result, it must be used within legal and ethical limitations,
and users must receive specific authority to conduct security testing on systems and accounts.
5
2. Find 1 IDS/IPS/Firewall/Honeypot tool (run in any OS / platform: Linux

platform/windows/desktop/server)
Diagram 2 : Wazuh
Wazuh is a complete open-source security monitoring and intrusion detection tool aimed
to improve enterprises' security posture. Its package of tools and components is designed to help
protect against security risks by enabling real-time monitoring, threat detection, and incident
response.
The Wazuh manager, which works as a centralized component for gathering and
evaluating security data, is at the heart of Wazuh. It is in charge of gathering information from
many sources, such as system logs, network traffic, and other security incidents. This data is
processed by the Wazuh manager, who employs a set of established procedures to identify
potential security issues or abnormalities.
Wazuh leverages agents, which are lightweight software components deployed on

monitored systems, to increase its monitoring capabilities. These agents gather security-related
information locally and send it to the Wazuh manager for examination. Wazuh can monitor a
wide range of platforms and operating systems by using agents, making it a versatile solution for
securing different IT settings.
6
Wazuh also makes use of Elasticsearch and Kibana, two strong open-source data storage,
analysis, and visualization technologies. Elasticsearch is used to store the acquired security data,
allowing for efficient querying and searching. Kibana, on the other hand, provides an easy-to-use
interface for visualizing security events, creating custom dashboards, and generating thorough
reports. This makes it easy for security analysts and administrators to acquire insight into the
security status of their firm.
The true power of Wazuh is its capacity to detect security issues and create alerts based
on established criteria and custom configurations. It has a large number of built-in rules that
administrators can customize to their specific needs. When Wazuh detects suspicious or
malicious activity, it can send warnings, notifications, and even automated reactions to help
reduce security incidents as soon as possible.
7
3. You should simulate the attack and show how you use ids to detect the attack
● SSH Hydra Brute Force :
1. Standard Command Format: "hydra -l -P ssh://"

- {-l }: Indicates the attacker's username.
- {-P }: Designates a file with a list of acceptable passwords.
- {ssh://}: Indicates that SSH is the target.
2. Example: Let's say you want to use a list of usernames from

‘usernames.txt’ and a list of passwords from ‘passwords.txt’ to brute force
SSH on a server with the IP address {192.168.1.100}.
"hydra -L usernames.txt -P passwords.txt ssh://192.168.1.100"
3. Launching the Attack: Type the Hydra command, and the programme will
begin logging into the SSH server using the lists of usernames and
passwords that you have supplied.
● Detecting the attack using Wazuh :
8
- To check if the wazuh is able to detect the attack, go to the Wazuh web page and
click on “Security events” to see the information that has been collected regarding
the brute force attack.
- Here shows the dashboard of the Security events that have been occurring by the
agent from Ubuntu.
- It shows how much the authentication failed, which is 40.
9
○ Show the authentication fail list
- Then scroll down, the user can see the information regarding the security event
that has happened.
- It shows the authentication failed and user login failed description which shown
the brute force attack occur.
- Click on the arrow to see the detailed information regarding the problems occur.
10
- The image above shows that the targeted machine has been attacked by the
password Guessing through the SSH services.
11
4. Requirement to use these tools (tool for attack/ids)
Tools Requirement
● CPU : Multi-core processor

● RAM : Minimum of 8GB
(recommended)
Wazuh
● Storage : 50GB
● Software : Installation package with
compatible Kali
● CPU : Standard multi-core processor

● RAM : Minimum of 4GB
● Storage : Minimal disk space
THC-Hydra
● OS : Linux
● Architecture : Works on either 32 and
64-bit
12
5. Procedure of installation
○ THC-Hydra
1. This command will directly install Hydra from repositories; it will install
the command-line version of Hydra with front-end GUI on your Linux
system.
sudo apt-get install hydra-gtk
2. So, in case you used this command or Hydra was preinstalled on your
system, you can remove it using :
sudo apt-get purge hydra-gtk && sudo apt-get autoremove && sudo
apt-get autoclean
3. Before doing anything, we first need to get our system up to date by using
command :
sudo apt-get update && sudo apt-get upgrade && sudo apt-get
dist-upgrade
4. Once our system is up to date, we need to install some essential things

required for Hydra.
sudo apt-get -y install build-essential
sudo apt-get install git
13
5. Once it is done, we need to clone the repository from GitHub. Use the
command :
git clone https://github.com/vanhauser-thc/thc-hydra.git
6. Locate the cloned folder directory in your terminal.

cd thc-hydra
7. After locating to the directory, we need to configure it

./configure
8. Go to your home directory to ensure Hydra is installed properly and

working well.
hydra -help
14
○ Wazuh
1. To get the command for downloading Wazuh, go to the “Wazuh
Installation” website. Open your Kali and type the command which is :
curl -sO https://packages.wazuh.com/4.5/wazuh-install.sh && sudo bash

./wazuh-install.sh -a
2. Download and run the Wazuh installation assistant
3. The output displays the access credentials and a message confirming the
installation's success once the assistance has completed it.
15
4. Access the Wazuh web interface with https://<wazuh-dashboard-ip> and

fill up your credentials. And you finally successfully installed Wazuh :
16
6. Discuss the use of these tools

○ Wazuh
Wazuh tools are crucial in cybersecurity,

monitoring systems, detecting intruders,
Purpose identifying vulnerabilities, and analyzing
logs. They respond automatically, tailor to
specific requirements, and aid in
compliance.
Intrusion Detection :
Wazuh agents detect malware, rootkits,
and anomalies in monitored systems,
using a signature-based approach and
regular expression engine for intrusion
detection.
Vulnerability Detection :
Wazuh agents use automated vulnerability
assessment to collect software inventory
data, compare it to CVE databases, and
Use Cases identify vulnerabilities, preventing
business destruction or data theft.
Incident Response :
Wazuh provides proactive solutions to
mitigate threats, including denying system
access, remotely executing commands,
discovering compromises, and aiding in
live forensics and incident response.
Log Data Analysis :

Wazuh agents scan and securely transfer
operating system and application logs to a
central manager for rule-based analysis
and storage.
Wazuh rules alert you to application or
17
system problems, misconfigurations,

attempted and/or successful harmful
operations, policy violations, and a wide
range of other security and operational
issues.
18
○ THC-Hydra
THC-Hydra is largely used in security

assessment and penetration testing as a
password-cracking tool. Its purpose is to
Purpose evaluate the security of authentication
techniques and passwords on various
network services.
Password Testing :
Hydra is frequently used to test the
strength of passwords on user accounts,
which can be useful in discovering weak
or readily guessable passwords. This is
especially critical when people have
access to sensitive data or systems.
Penetration Testing :
Hydra is used during penetration tests by
ethical hackers and security professionals
to detect weaknesses in authentication
systems. They can examine the success of
password regulations and offer
Use Cases modifications by attempting to hack
passwords.
Security Auditing :
Hydra can be used by organizations to do
security audits on their systems and
services to ensure that suitable
authentication mechanisms are in place
and to discover any potential
vulnerabilities..
Account Recovery :
Hydra is a tool that can be utilized for
password recovery when legitimate users
have forgotten their passwords by
systematically testing various password
combinations.
19
7. Discuss about advantage/disadvantage of these tools
Aspect Wazuh THC-Hydra
Detect potential security Password testing software

vulnerabilities and notify that is both versatile and
instantly, allowing to respond powerful
to threats rapidly.
Customizable to meet your Supports various protocols

Advantages
individual security and services
requirements
Monitors many parts of your Customizable attack

computer systems, network, parameters
and solution.
Suits for both small and large Valid security testing is

businesses possible
Open-source This is useful for detecting

weak passwords
Complicated Should only be used with

authorized permission
Manual work Has the potential to be abused

for nefarious reasons
Use a lot of computer Account lockouts or

Disadvantages resources notifications may be triggered
Regular Maintanance Expensive for complex or

lengthy passwords
Legal & Ethical Rules Testing is restricted to

password-related issues
20
8. Explain examples on how to use the tool, explain how it works.

○ Deploy new agent
- Click on wazuh and choose the “Agents” button
- Then, the page will prompt to the “Agents” page where there will be a “Deploy
new agent” button. Click that to add new agents.
21
- Next, choose the OS that you want to deploy the agent to.
- Then, enter the Wazuh server address and the name of the agent that will the
program used.
- After that, the system will generate a code that will be used to install agents on the
chosen OS. Copy the code.
22
○ Install new agent
- Used the code that has been copied on the chosen OS which is in this case the
Ubuntu OS.
- After the Ubuntu finished setting up the agent package, enable and start the
wazuh-agent.
23
○ Verify the agent running
- Type the “systemctl status wazuh-agent” to see if the agent has been up or not.
○ New agent have being added
- Check the wazuh agent page to see if the new agent has been added to the page.
24
○ Brute force attack

- Now, for the attacking testing.
- Used command “ifconfig” to check the ip address of the targeted machine which
is Ubuntu.
- After verify the ip address, go to the attacking machine to start the attacking
process.
25
- Go to directory “/usr/share/wordlists” to go to the wordlists directory.

- In the above image, the file “Wordlists.txt” have being created with custom word
that will be used to password guessing or brute force the targeted machine.
- Then, using the hydra attacking tool to start the brute force attack.
- The command “hydra -l ubuntu -P Wordlists.txt ssh://192.168.132.138” where :
- Hydra: indicate the tools used
- -l ubuntu: indicate the known username used by the targeted machine
which is “ubuntu”
26
- -P Wordlists.txt: indicates the unknown password that is used by the

targeted machine and using the content inside the “Wordlists.txt” to use
the brute force.
- ssh://192.168.132.138: indicate the service used to attack which is Secure
Shell (SSH) and the ip address of the targeted machine.
- Then, the attack shown have being successful where the attacker can see
the password used by the ubuntu ssh service along with the information
regarding its username, ip address, services and the port used.
- To verify if the information is correct, use the command “ssh

ubuntu@192.168.132.138 -p 22” to enter the remote access of the targeted
machine.
- The image above shows that the information is correct as the attacker successfully
enter the targeted machine.
27
- To check if the wazuh able to detect the attack, go to wazuh web page and click
on “Security events” to see the information have being collect regarding the brute
force attack.
- Here shows the dashboard of the Security events that have being occur by the
agent from the Ubuntu.
- It shows how much the authentication failed value which are 40.
28
○ Show the authentication fail list
- Then scroll down, the user can see the information regarding the security event
that has happened.
- It shows the authentication failed and user login failed description which shown
the brute force attack occur.
- Click on the arrow to see the details information regarding the problems occur.
29
- The image above shows that the targeted machine has been attacked by the
password Guessing through the SSH services.
○ Generate report
- Scroll up and click on the generate report in order to make a report of the
security events.
30
- Then, the program will generate a report.

- To see the report, click on wazuh, and click on management then report.
- Here the image shows the reporting page where the generated report have being
made.
- Click on download to download and view the report.
31
- The view of the downloaded report.
32
9. Conclusion
Cybersecurity relies on the interaction between attacker tools and prevention tools.
THC-Hydra is a powerful tool used by security professionals and ethical hackers to test network
services and applications' authentication mechanisms. It supports various attack methods and can
identify weak passwords, facilitating proactive security measures. However, its use requires strict
adherence to ethical and legal guidelines, as misuse can lead to unauthorized access and account
lockouts.
Both Wazuh and THC-Hydra play separate yet critical roles in cybersecurity. Wazuh, an
open-source security monitoring tool, enables enterprises to be proactive in the face of threats. It
provides real-time data gathering and analysis, utilizing established rules and custom
configurations to effectively detect and respond to security problems. THC-Hydra, a powerful
password-cracking tool, on the other hand, assists security experts in testing the robustness of
authentication schemes by conducting brute-force and dictionary attacks against a diverse set of
network protocols and services.
While Wazuh improves an organization's overall security posture, THC-Hydra identifies

weak passwords and potential vulnerabilities. When used appropriately and ethically in permitted
security evaluations, both tools can be significant assets. However, because of its ability to
compromise passwords, THC-Hydra must be handled with extreme caution and in accordance
with legal and ethical norms, as misuse might have serious consequences. These tools help
considerably to the ongoing effort to safeguard digital environments and protect against cyber
threats when used by competent and responsible people.
33
10. References
[1]
Wazuh, “Overview | Wazuh,” Wazuh, Oct. 17, 2023. https://wazuh.com/platform/overview/
(accessed Oct. 29, 2023).
[2]
THC Hydra, “Cybersecurity - Attack and Defense Strategies,” O’Reilly Online Learning, 2023.
https://www.oreilly.com/library/view/cybersecurity-attack/9781788475297/51c672f5-520c-4689-
9956-10d1e8ddd891.xhtml
(accessed Sep. 11, 2023).
[3]
Vira r, “The G2 on Wazuh - The Open Source Security Platform,” G2, Jun. 23, 2023.
https://www.g2.com/products/wazuh-the-open-source-security-platform/reviews
[4]
“IBM Documentation,” Ibm.com, May 08, 2023.
https://www.ibm.com/docs/en/dsm?topic=configuration-ossec
[5]
“Red Hat Ecosystem Catalog,” Redhat.com, 2023.
https://catalog.redhat.com/software/container-stacks/detail/5e9872ac3f398525a0ceafc3
34
[6]
“Password Cracker THC Hydra | CYBERPUNK,” CYBERPUNK, Jul. 16, 2018.
https://www.cyberpunk.rs/password-cracker-thc-hydra
[7]
Manish Shivanandhan, “How to Use Hydra to Hack Passwords – Penetration Testing Tutorial,”
freeCodeCamp.org, Nov. 18, 2022.
https://www.freecodecamp.org/news/how-to-use-hydra-pentesting-tutorial/#:~:text=Hydra%20is
%20a%20brute%2Dforcing,databases%2C%20and%20several%20other%20services.
[8]
“Kali Linux Hydra | Techniques that Help to Avoid Brute Force Attacks,” EDUCBA, Nov. 13,
2022. https://www.educba.com/kali-linux-hydra/
[9]
“Red Hat Ecosystem Catalog,” Redhat.com, 2023.
https://catalog.redhat.com/software/container-stacks/detail/5e9872ac3f398525a0ceafc3
35

Mini Project Ms Dahlia - Nazim, Hasif, Iwani, Syakir

Uploaded by

Copyright:

Available Formats

You might also like

Mini Project Ms Dahlia - Nazim, Hasif, Iwani, Syakir

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Mini Project Ms Dahlia - Nazim, Hasif, Iwani, Syakir

Uploaded by

Copyright:

Available Formats

GERMAN MALAYSIAN INSTITUTE

DIPLOMA IN NETWORK SECURITY

Group Assignment/Tutorial/Practical Report/Quiz/Mini Project Cover

Group Leader : Phone No : Email :

Subject Code : Subject Name :

Assignment / Tutorial / Practical/Quiz/Mini Semester : 5

Name of TTO: DAHLIA ASYIQIN AHMAD ZAINADDIN

Due date: 23/10/2023 Date submitted: 30/10/2023

Please note that is your responsibility to retain copies of your work.

DIPLOMA IN NETWORK SECURITY

DIPLOMA IN NETWORK SECURITY

DIPLOMA IN NETWORK SECURITY

1. Find 1 tool to simulate an attack.

THC-Hydra is a powerful and adaptable password-cracking program that is mostly used

DIPLOMA IN NETWORK SECURITY

DIPLOMA IN NETWORK SECURITY

2. Find 1 IDS/IPS/Firewall/Honeypot tool (run in any OS / platform: Linux

Wazuh leverages agents, which are lightweight software components deployed on

DIPLOMA IN NETWORK SECURITY

DIPLOMA IN NETWORK SECURITY

1. Standard Command Format: "hydra -l -P ssh://"

2. Example: Let's say you want to use a list of usernames from

● Detecting the attack using Wazuh :

DIPLOMA IN NETWORK SECURITY

DIPLOMA IN NETWORK SECURITY

○ Show the authentication fail list

DIPLOMA IN NETWORK SECURITY

DIPLOMA IN NETWORK SECURITY

4. Requirement to use these tools (tool for attack/ids)

● CPU : Multi-core processor

● CPU : Standard multi-core processor

DIPLOMA IN NETWORK SECURITY

4. Once our system is up to date, we need to install some essential things

DIPLOMA IN NETWORK SECURITY

6. Locate the cloned folder directory in your terminal.

7. After locating to the directory, we need to configure it

8. Go to your home directory to ensure Hydra is installed properly and

DIPLOMA IN NETWORK SECURITY

curl -sO https://packages.wazuh.com/4.5/wazuh-install.sh && sudo bash

2. Download and run the Wazuh installation assistant

DIPLOMA IN NETWORK SECURITY

4. Access the Wazuh web interface with https://<wazuh-dashboard-ip> and

DIPLOMA IN NETWORK SECURITY

6. Discuss the use of these tools

Wazuh tools are crucial in cybersecurity,

Log Data Analysis :

DIPLOMA IN NETWORK SECURITY

system problems, misconfigurations,

DIPLOMA IN NETWORK SECURITY

THC-Hydra is largely used in security

DIPLOMA IN NETWORK SECURITY

7. Discuss about advantage/disadvantage of these tools

Aspect Wazuh THC-Hydra

Detect potential security Password testing software

Customizable to meet your Supports various protocols

Monitors many parts of your Customizable attack

Suits for both small and large Valid security testing is