This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
In ethical hacker has much to do than a cracker as the ethical hackers is likely have much less time than a cracker to find the vulnerabities. A crackers study victims system for days and months same may even for years. But for the ethical hackers there is not much time for study the client network system. So to insure the success of the test an ethical hackers have to planned the attack more precisely. The time should be allocated to different phase according to their nature. Hackers should not be stuck on one phase for more than allocated time to study that phase, otherwise this may leads to failure of the test.
There is no hard and fast rule for a hacker to perform the attack. The experience of the hacker determine the phases to carry out in for an attacks. The ethical hackers have to plan the system attack test, according to the nature of the test. For the success of the test ethical hacker may jump from one test to other of leave a phase according to the information given to them by the client and nature of test. Generally the phases of the attack are as follows
Footprinting means to gather the information in order for the hacker to acquire sensitive information about the business.
Scanning is process of searching the holes on the business defences. In the scanning phase hackers, determine the most capable path of entry.
Enumeration is the process in which the hackers try to get access to the system by use of information collected in previous two phases for example getting the user list, getting information on shared files or devices and some time guessing the password.
Gaining Access/System Penetration is the art of the hacker to break in victim system.
Escalating Privilege/System hacking is the phase in which hacker try to get access on higher levels so that the more critical important information can be collected
Pilfering is the capability of the attacker to see what are the information being used and use these information for further attack on different level.
Covering Tracks is skill by which the hackers' removing the track through which they entered in system,
Create Back Doors means to create different ways to come back later on and attack the system with no effort even if the password, user account or other information are changed.
For the given assignment, a company network consists of the four Systems and according to information given to us the IP addresses of these system ranges from 192.168.0.1 to 192.168.0.4. The investigation is needed to be done in the off time as there is no user is logged into system.
There are various methods for the penetration testing and the use of these different methods depends upon the situation, environment and nature of investigation. Sine our case no user the investigation is done in the off time, that is no persons are available the additional information cannot be gather by using the social engineering technique. For the purpose of test the systems are turned on but no user are logged in for such type of the scenario the methodology to be adopted is as follow
System scanning is the one of the most important phase of planned hacking process asÂ hackers carry out scanning to achieve a more concrete view of a company'sÂ networkÂ and to identify what precise computer systems and services are in use. In this phase, what systems on the targetÂ networkÂ are live and reachable is determined in this phase. There are numerous technique for scanning and are used according to need, generally used scanning techniques are Â networkÂ port scans andÂ ping sweeps. A ping sweep provide the attacker with information about every single device onÂ the network that are active and potential flaws on these. Port scanning is used to find out what are the ports that are open on a target computer, and also if there are any obvious vulnerabilities or not in the software managing these ports.
PING SWEEPS is a fundamental stage in network mapping by scanning the network blocks provided IP address ranges. Using ping sweep, one could find if host is active or not for given single IP address or range of IP address is detected. In ping sweep scanning technique ICMP (Internet Control Message Protocol) ECHO requests is sent to multiple hosts. If a given address is active, it response to this request and send back an ICMP ECHO reply and if no reply is made then this indicate that the system is dead or not on the network. For this Net Tools is used in this test. Net Tools 3.1 is multipurpose security tool is made in Visual Basic 6.0 by M.A.B. for all Microsoft OS. This tool has a Bandwidth Meter, IP Address Scanner, IP Calculator, IP Converter, Port Listener, Port Scanner, Ping, NetStat (2 ways), Trace Route (2 ways),Connection Analysator and protector, Net Sender, E-mail seeker, Net Pager, Active and Passive port scanner, HTTP flooder (DoS), Mass Website Visiter, Advanced Port Scanner, Trojan Hunter (Multi IP), Port Connecter Tool, Advanced Spoofer, Advanced, Simple Port Scanner (fast), Advanced Netstat Monitoring, X Pinger, Web Page Scanner, Fast Port Scanner, Deep Port Scanner, Fastest Host Scanner (UDP), Get Header, Open Port Scanner, Multi Port Scanner and so on. The net tools is more than a scanning tools As the IP addresses are well-known, for scanning range of IP is entered and scanned. Here the host name with relative IP is resolved, th.screenshot is shown below
Form a scan one could find the presence of a host with the Hostname of 'SERVER1' and SERVER2 with IP address of 192.168.0.1 and 192.168.0.2. Even though the hostname is termed as server it not confirmed these system have active domain server and if any of these two do really are a server, then this is the place where attacker is interested for the first attack in most case as server is the place clients connected. Also it can be seen that there are two system with name CLIENT1 and CLIENT2 with 192.168.0.3 and 192.168.0.4 respectively.
Port ScanningÂ is one of the most popular information gathering techniques used by hackers to find out services that can be not secure. A computer runs many 'services' that work at 'well-known' 'ports'. The purpose of the port scanning is to find what ports are available on the victim networ which can be potentially used for the exploit. Port scanning techniques are of different nature according to use of what recourses or pattern of communication is used while scanning. The different types are can be Strobe, Fragmented Packets Stealth, UDP Scans, Vanilla, Sweep and FTP Bounce.
From above fast scan we come to know how many system are live now the further information is need to be gather by resolving the ports open and NetBIOS name of these systems with their other information like type of OS used, MAC Address Domain name. For performing this task there are many tools, IPScanner tool 5.1 is one which has ability to scan in considerable time, a screenshot for this is shown below.
From this scan we can see that the system with host name SERVER1 has a unique NetBIOS information as "__MSBROWSE__ <01> GROUP - Master Browser" which is not fount in any other scanned system. This "__MSBROWSE__ " is appended to a domain name and broadcast on the local subnet to announce the domain to other master browsers.( http://technet.microsoft.com/en-us/library/cc767893.aspx). Since the port 80 is open, this means this is the web-server and open port 53 indicates the presence Domain Name Server (DNS). In addition, it is found that the SERVER2 port 53 is also open indicating this is also has a Domain Name Server. Now, as the attacker is sure that the SERVER1 and SERVER1 are servers, the primary targeted of the most attackers are focused on these two servers.
From the port scan the wide information on open port is found that are handy for attacking the hosts. For instance, the port 135 is open which means Remote Procedure Call (RPC) service is open. Remote Procedure Call allows an inter-process communication, which provides a mechanism of running a program from one computer to another remote system effortlessly (http://www.speedguide.net/port.php?port=135). The detail information on found NetBIOS and ports of different system is provided in appendix
The previous scan just give the information of the threats but does not provide any detail information on it, so in order have detail information of vulnerability with it possible solution the scanning tools like Nessus is very handy. Nessus is one of the excellent open source vulnerability scanner which lists out them in a detailed and easy to read manner. It exports files into html, xml or .nessus formats.
The scan result shows the numerous vulnerabilities and their brutality. From the scan the system looks pretty secure from the high risk threats but still not perfectly secure as there are medium level vulnerabilities still open and for real hackers even a small holes is found the system could be cracked. For instance, the figure show a medium threats in the system
Using this vulnerability, an attacker can just connect to server using "NULL BIND", this is also known as anonymous access and gather information like list of users in the domain. The list of the security threats found by Nessus in this is listed in appendix
Enumeration is phase for finding user accounts and inadequately protected computing resources. During the phase, the physical connection is established between hacker computers and computer of the intended network and pokes through these systems to gain moreÂ information. If scanning is consider as the phase in which an intruder to a knock on the door or a turn of the doorknob to see if it is locked then enumeration consider as entering in an office and wandering through aÂ file cabinetÂ or desk drawer forÂ information.
With the information gather from the scanning the enumeration becomes easier; as the points to be attacked are already know. In this case using "NULL BIND" an attacker establish the connection to windows server. For this purpose one of the well known tools is Cain and Albe. . It is an excellent password recovery tool for the Windows operating system. It does not exploit any vulnerability but is an excellent enumerating tool it also can gather the information on users registered in system by anonymous access