Ethical Hacking Case Study: Infiltrating A System And Attaining Root Level Privileges

Aim of the Project

This is the project which discussed about ethical hacking. To proceed this a case study which is already provided. There are certain things which the user has to have for infiltrating the system which is given. Moreover, it is requested to get the root level privileges. This report  will mainly talk about five flags. These five flags are completed using the provided case study of virtual machine. Each flag will be explained clearly, where it will mention about the flags usage, it’s impact and the tool it uses to conduct various processes. Therefore, here the flags will be analysed and discussed in detail.

The testing log process starts with the installation of Virtual machine. This looks exactly as illustrated in the following image (Allen, Heriyanto & Ali, 2014)

Here, let us get to know about Apache. It refers to a web server which is supports most of the major platforms. The Apache server is stored in the operating system’s different directory. This is because of it’s efforts for finding the file’s whenever required (Buchanan, 2014). Hence, for identifying the apache configuration file there exists certain methods which can swiftly  locate and complete the process with ease. It gives the details of Apache installation’s directory structure for all the major platforms or the OSes. The following indicates the web server content.

The following table indicates the Apache httpd 2.4 default layout (apache.org source package):

The following table denotes the Apache httpd 2.2 default layout (apache.org source package):

The following table represents the layout of Apache httpd 2.0 default layout (apache.org source package):

The flag 2 introduces the web shells are small programs or scripts which can be uploaded to the vulnerable server and it can be opened from the browser, to provide a web based interface to run the system commands. Generally, the web shells are the backdoors which run from the browser (Eliot, 2016). The suitable or supporting programming language is used for the web server’s, web shell script. Here, php language is utilixed. The web shells provides a quick graphical user interface for performing the following activities:

Travelling across the directories, viewing the files, editing the files, downloading the files, deleting the files, uploading the files, executing MySQL queries or the commands, bypassing the mod_security, giving permissions to the directory/folders and executing the shell commands.

 c99 web shell

The other web shell we are going to introduce here is, c99. This specific web shell for pho is so popular and it is just due to it’s supportive and effective features. (Engebretson, 2013).

Certain powerful features include, file browsing, uploading, deleting, executing commands, viewing the system details, viewing all the running processes, running the php code etc.

The following screenshot represents c99 web shell.

In flag 3, hashcat will be discussed because at present it is the finest password cracker available.

Step – 1 Open Hashcat

For opening hashcat the following instructions must be followed (Ethical hacking and countermeasures, 2017):

Applications -> Kali Linux -> Password Attacks -> Offline Attacks -> hashcat

Go to the menu item of hashcat, it will open the help screen.

The above screen displays the basic hashcat syntax, as follows,

kali > hashcat options hashfile mask|wordfiles|directories

Step 2 More Extensive Options

Hashcat begins by enabling the rules which could be applicable for  the designed rules, for using our wordlist file.

Defined methodology and Testing Log

Step 3 Choose Your Wordlist

Type the below instruction for finding the built in wordlists present in Kali system  (Halton & Weaver, 2016):

kali > locate wordlist

Step 4 Grab the Hashes

Here, on the Kali system grab all the hashes. It is required to view the hashes for grabbing them and this possible when the user is logged in as the root. But, the difference in Linux system is that the hashes will be stored in the following directory,

/etc/shadow file

Hence, type as shown below.

kali > tail /etc/shadow

Type the following to open the file,

kali > more /etc/login.defs

Step 5 Crack the Hashes

Separate the hashes in a different file  and name it, hash.lst.

kali > cp /etc/shadow hash.lst

Thn type the following (“Kali Linux – Assuring Security by Penetration Testing”, 2014):

more hash.lst

The last step helps to begin cracking the hashes, as follows:

kali > hashcat -m 1800 -a 0 -o cracked.txt –remove hash.lst /usr/share/sqlmap/txt/wordlist.txt

Nmap is …

• Flexible: It supportsvarious advanced techniques for mapping the networks which contains the following, IP filters, firewalls, routers, and various obstacles. It also contains multiple port scanning techniques such as TCP and  Then it helps with detecting the operation system, detecting the version, ping sweeps etc.  
• Powerful: It is utilized forscanning large networks. 
• Portable: It is supported by variousoperating systems such as, Linux, Microsoft Windows, OpenBSD, FreeBSD, Solaris, IRIX, Amiga, P-UX, NetBSD, Mac OS X, H Sun OS,  etc (Loh-Hagan, n.d.).
• Easy: It’s advanced features helps to provide easy usage.
• Free: It aims in helping the users to secure their Network and got providing advanced tool for the administrators, auditors and the hackerswith an advanced tool for exploring their networks. Thus, it can be downloaded for free from the internet.
• Well Documented: it has worked on documentation of the related whitepapers, tutorials, and book (McPhee, 2017).
• Supported: It has a community to help the users with queries and help for both the developers and the users. The community’s interaction takes place on the Nmap mailing lists, where several bug reports along with questions will be sent for the nmap-dev list once the guidelines are read. It is suggested to that the users must subscribe to the low-traffic nmap-hackers announcement list, for updates. Nmap is also available on Facebook and Twitter. It even carries out real-time chat, for which the users has to join #nmap channel present on Freenode or EFNet.  
• Acclaimed: It has been awarded with several awards along with, “Information Security Product of the Year” by Linux Journal, Info World and Codetalker Digest.
• Popular: It is popular and large number of users download it, regularly because it contains variousoperating systems such as, Redhat Linux, Debian Linux, Gentoo, FreeBSD, OpenBSD and much more (Na?jera-Gutie?rrez, n.d.).

in Kali, follow the below instructions to open Nmap.

Open  terminal

Type Nmap.

kali > Nmap

This represents the help screen.

The results look as illustrated in the following  screenshot. The screenshot displys all the TCP ports which are possibly open for the moment on our target machine. Along with the open ports it even displays the default service for the related port.

The following includes the basic Linux privilege escalation on which knowledge is gained (Oriyano, 2017):

• Basics of operating System
• Basics of Confidential Information along withuser
• Basics of applications and Services
• Basics of Communications as well asNetworking.
• Basics of FileSystems
• Code Preparation
• Identifyingthe Exploit Code

The details of ethical hacking are discussed successfully in this report. The user proceeds the case study on virtual machine. The report also represents the things  which are needed for infiltrating the system with root level privileges for the already provided system. This report has mainly focussed on the five flags which relate to the case study of virtual machine.The very first flag helps in web server content examining. To do this it requires identifying the username and password of the admin. The next flag helps to learn about the web shells which has significant role. Then comes the third flag and it determined to help in cracking the password with the help of the web shell. Whereas, the fourth flag helps in finding out any mistakes from the user while entering the password on the system. To do this it needs scanning and hence the TCP port scanner tool is utilized. Finally, the last flag works on learning the basic Linux privilege escalations to help the required process.

 Henceforth, each flag is explained clearly, where it has specified about the  usage of the flags, it’s influence and the tools used for conducting various processes for instance port scanning, password cracking and so on.  

References

Allen, L., Heriyanto, T., & Ali, S. (2014). Kali Linux – assuring security by penetration testing. Birmingham, UK: Packt Pub.

Buchanan, C. (2014). Kali LInux CTF blueprints. Birmingham, UK: Packt Pub.

Cengage Learning. (2017). Ethical hacking and countermeasures. Boston, MA.

Eliot, G. (2016). The Mill on the Floss. Dinslaken: Anboco.

Engebretson, P. (2013). The basics of hacking and penetration testing. Waltham, MA: Syngress/Elsevier.

Halton, W., & Weaver, B. (2016). Kali Linux 2. Birmingham, UK: Packt Publishing.

Kali Linux – Assuring Security by Penetration Testing. (2014). Network Security, 2014(8), 4. doi: 10.1016/s1353-4858(14)70077-7

Loh-Hagan, V. Ethical hacker.

McPhee, M. (2017). Mastering Kali Linux for Web Penetration Testing. Birmingham: Packt Publishing.

Na?jera-Gutie?rrez, G. Kali Linux web penetration testing cookbook.

Oriyano, S. (2017). Kali Linux Wireless Penetration Testing Cookbook. Birmingham: Packt Publishing.