1. Introduction
In this project, we are required to design and apply a procedure illustrating a scenario where ethical hacking is being done. This test-like project will examine your knowledge based on what we have understood from the contents that are sent to you on a weekly basis. The assessment is to know what we’ve learnt regarding writing and articulating a report on penetration testing according to the industry standard.
In Task 1: We need to penetrate the virtual machine—which is the supplied system —to attain a root level by following a legitimate process and proper tools. Check, 5 Banner-like objects have been placed— representing a value—at each junction of system compromise. Look for them by checking through web pages, home directories, and so on. We need to be to find them in sequence, one after the other. Just like the example is given below.
2. Methodology
In the paper presented here the researchers will be trying to decipher a complex “Capture the Flag” (referred to as CTF from now on) problem. Said CTF had been posted on the blog title VulnHub by Hadi Mene. It is not a standalone problem. It is included in the sequence called the Basic Pen testing sequence (Baloch, 2017)
As indicated by the data given in the depiction by the creator of the test, this is a passage level boot2root electronic test. This test intends to pick up root benefit through a web application facilitated on the machine. The engine used is available as a free download on various tormenting sites and the download bundle also includes a readme file (Simpson & Antill, n.d.) (Sinha, 2017) (Wong, n.d.)
A well-known webpage, VulnHub is an outstanding site for security specialists. Its point is to furnish clients with an approach to learn and rehearse their hacking aptitudes through a progression of difficulties in a protected and lawful condition. This website can be used to download defenseless machines (Beaver, n.d.) and attempt to use them according to the requirements you have (Engebretson, 2013).
A brief introduction to CTF
Once the download is complete, try to open the files in “Virtual Box” which is a tool that can easily open old files. Once this stage has been crossed, “netdiscover” is the command that should be run in order to find out the IP address of the computer that will be engaged with. Refer to the below image for details (Ethical hacking and countermeasures, 2017).
The image clearly shows the obtained the address of the computer that was behaving as the virtual machine in this case which shows the experiment is fine so far. This IP should be 192.168.1.11. This IP belongs to the computer that the researchers are trying to establish a secure connection with. Another IP address that is part of this transaction is of the system. This IP will be 192.168.1.45.
Here it must be noted that the IP address of both the systems could vary slightly depending upon the way the overall internet network has been wired. So if a different IP address is encoutnered, it is nothing to worry about.
Once the IP has been achieved and the IP address of the system is in hand, it can be used for attacking, the next thing to do is to look for the ports that are open and awaiting connection on the system that is being attacked. (NMAP full port scan can accomplish this). One very efficient solution to use is the NMAP (“Nmap: the Network Mapper – Free Security Scanner”, 2019) solution in which it will show something like in the image pasted below (Worley, n.d.).
Give some time for the scan to be finished and after that it can be seen that the ports that are open and awaiting connection.
First of all, the researchers took a deeper look at the http port. After opening the IP listed above, there will be a page that will show a broken webpage. Refer to the next screenshot in which it clearly shows that a total of 2 directories were found while searching. The “dirb tool” made the search on the system that was being attacked. To take a closer look, “development” folder can be opened from command line and examine the things inside this folder.
In this folder the folder list had been made not disable so that it could show all options. Other than that it can also be seen that two text files were made. If the first file is opened it can be seen that something similar to the next screenshot is displayed.
The messages now read as:
“2018-04-22: SMB configuration complete. -K
2018-04-21: Apache set up complete. Will put in content now”
This piece of text explains that the server is currently being developed and has not been completed. It does not contain any proper app that can be used by a user. However, the “SMB” is still installed and ready to use on the system in question. So the next step is to move onto the contents of the second file. This file should be named as “j.txt”. the screenshot has been added below for reference.
It was very tough to read the text that appeared so it can be copy/pasted into a word file or a browser to show you good results. It reads as follows:
“For J:
I’ve been auditing the contents of /etc/shadow to make sure we don’t have any weak credentials, and I was able to crack your hash really easily. You know our password policy, so please follow it? Change that password ASAP.
-K”
The above are the exact words of the message. After giving it some thought the conclusion can be reached that the message was meant for some user named “J” and it originated from another user named “K”. Other than that it also explains that a password was cracked very easily and poses this as a warning to change the password before any harm is done.
After this encounter we take a look at the information we have available. We are yet to figure out the username but we have managed to extract the SMB port that is open and awaiting connections. Our next step would be to list down the details of the SMB. The researchers used a linux command “enum4linux” for this purpose. See the returned screenshot below
Upon analyzing the screenshot, it is evident that the returned message contained in it 2 different login name. If these messages are combined by just copy/pasting above, it is easy to conclude that the user “J” is the one who had a password that needed changing. Now this user will be attacked. The attack results in data that is shown in the screenshot pasted below.
It gives the username and the password both of which are “jan” and “Armando” respectively. To check if this information is valid the next step is to try to sign into the system that has the credentials “Jan” and “Armando”
In the latest screenshot it is clear that the attempt to sign in to the system ended in success! It was also found out that this particular username did not belong to an admin or to root so it will not be possible to achieve the CTF that was originally intended. Then the next step should be to start looking for ways that will help in achieving the credentials of admin.
In the image it is listed that the system that was attacked runs an Ubuntu 16.04.1. It will be hard to crack this, but the easiest way is to try out searches and google different ways to do it. The google search will show viable solutions very quickly. There was a blog “ExploitDB” that presented an interesting hack. The details of this hack can be downloaded. “wget” is the command that is commonly used to hack into the Ubuntu of this model and make. However, when it is run it will display an error (Graves, 2010) (Harris, 2011).
It could take some time trying to debug this error. Soon it will be figured out that any other user that was logged into the system is also vulnerable and the attack can easily be directed towards him. Now it is the turn of this person “kay” to be attacked and hence the attack was made. This time the attack will prove to be successful. But alas, even this new person is not the admin and hence does not have root access to the system. At least it is possible to read the files of this person. It can be seen what is contained in this file. Incidentally, it is a password and that really helps in the experiment as it is now possible to log into the system and take a look at whatever information is contained there.
This little attempt worked and helped gain insight into the problem. It turned into an interesting research problem and it gave desired affects as well. This file was not very hard to search for. Rather, it was found quite easily. Using this it was quite easy to read the file successfully. With that this particular CTF is concluded (Khan, 2019). In case of any queries that come up during the study it is highly recommended that the best way to get answers is to attempt this all on your own
NMAP in KALI LINUX 2.0 STEP BY STEP
Most of the IT administrators all around the word uses NMAP to collect data. Whoever uses NMAP can easily share their peripherals and other devices. A tool that is widely used for penetration Testing all over the world is known as Kali Linux. NMAp is by default installed in Kali Linux as its more effective as well as efficient tool that assists much more in collecting info. In order to get info about your network using NAMP commands in Kali Linux. Some of such commands are given as:
How to know about the NMAP Version:
If you are in search to know what the version you are now using then is follow the given commands in the Kali Linux terminal it will let you know are you using the latest version or an old one.
Command: #nmap –version or #nmap -v
After finding the version of the NMAP if you saw that the version you are using now is an old one then goes for updating of the NMAP package in the Kali Linux by following the given command.
Command: #apt-get update nmap
How to know about Host Using NMAP:
If you want to know what host you are using now via NMAP then only go with the given commands and get to know about host.
Command: nmap –sS –O 172.26.1.0/29
The above command will check the type of your operating system and fingerprints that were used on the attached devices before. The above command will scan monitor the live status of your network and then it will let you know the host. Or the one who is searching for the host may also use the given command to monitor the network device. here is the command given below
Command: nmap –sS –O 172.26.1.0/29
How to Get the Logs of NMAP:
If you are in need to get the logs then it will be beneficial for you to go with the TCPDUMP. It will provide you log line by line using your network path. Enable TCPDUMP to store the logs in your system via Kali Linux. An excellent administrative network let you to get logs and store them. As well as its comparatively convenient to troubleshot with logs other than monitoring settings in your applications. NMAP default login options can be used in this regard.
How to search for Open ports:
If anyone is in search of open ports under the NMAP then go with the command mentioned below. It will provide you the wanted open ports with advanced options this command provide output like the Operating system provides.it scans the targeted system in a safe or you can say hidden mode or event and provide you the kernel version of the operating system of the targeted system use. The same command is used to hunt for more details in Kali Linux system.
Command: nmap –sS -A –O 172.26.1.10
nmap -sS -P0 -A -v 172.26.1.10
How to resume a cancelled scan:
If you want to resume the cancelled scans then simply by using Crtl+C they can be recovered. If you are using NMAP command then the resume should be attached with the name of the log file.
To scan the whole network or the subnet in NMAP then add the CIDR value among the IP just as the mentioned commands below. And if you are looking for adding more options you can add them by using the same commands.
Commands: nmap 192.168.1.0/24
nmap 192.168.1.*
How to scan Network with IP Range:
If there is need for scanning the various Ip and the Specific IP range.
Commands: nmap 192.168.3.1-20
nmap 192.168.3.1,10,12,13
The above-mentioned commands also assist when you are working with the devices with various IPs. NMAP is used for scanning and then it finds the specific IP.
The command given below scan various IP segments. The NMAP will provide the output only if the IPs so scanned are reachable for your network.
Command: nmap 192.168.3.1 192.168.3.10 172.16.1.10
How to read list of Host from file:
If you are in need of reading the list of Host from the text file in NMAP. the below mentioned command let you read the list of hosts from the file of text.it ensure that you must have some IP addresses in the said text file and read the IP address.
Command: nmap -iL /ip/test.txt
How to exclude the IP address from the scanning list:
If you are in need of excluding the IP addresses from the scanning list in NMAP then use the specific command. if you have to scan a bulk at the same time then this will be the most suitable option for you.
Command: nmap 192.168.1.0/24 –exclude 192.168.1.10
If there is need to exclude multiple lists from the text file then its better to use the given command it is convenient to use and then will result in less time.
Command: nmap 192.168.1.0/24 –excludefile /ip/exclude.txt
How to Scan a IPv6 Address:
If you are in need to scan IPv6’s address then use the below mentioned command for this.
Command: nmap -6 2507:f0e0:1302:21::1
How to scan Specific Ports:
If you are in need of scan some particular ports as well as you want to know about the status of the ports using NMAP then this mentioned command can be really helpful.
Command: nmap -p 80 192.168.1.10
If you are in need to scan multiple ports at the same time then the mention command can be helpful.
Command: nmap -p 80,443 192.168.1.10
How to Scan a UDP service:
If you are in need to scan a UDP service then using the mention command you can do it conveniently.
Command: nmap -sU 192.168.1.1
Command line tool for NMAP for Kali Network is used for different tasks. Zen map is a tool offering GUI tool for NMAP. To use Scanning in GUI mode the GUI utility is provided in Kali Linux. The text formats as default can be used to get the results from the NMAP utility.
3. Ethical considerations
A number of issues are expected to pop up when we discuss the topic of Ethical Hacking. In order to properly evaluate these issues as well as offer a good solution to them, the ethical theories as well as the structured ethical principles can be resorted to. However, in order to provide the readers with a further analysis, we will now be undertaking the assessment of two crucial incidents with the help of the two ethical theories.
Incident 1- A Dutch Hacker revealed that he copied certain files of patients from a medical centre just for the purpose of publicizing the vulnerability of the system. But when the medical centre reported that no patient files were copied, the hacker disclosed certain portions of the files to a journalist.
On evaluating the above incident as per the Kantianism theory, we can say that the hacker should be definitely punished as he had undertaken a cyber-crime even though no mis-use was done with the files. Since, he had penetrated into the network, so he has turned ethically wrong according to the Kant’s theory.
Contrary to this, if we evaluate the incident with the Consequentialism Theory, we will get the opposite results. As per this theory, we would come to a conclusion that even though the hacker was not caught by the cops, he still announced the vulnerability of the medical center’s system in an online interview. This decision of the hacker displays his concern for the patients and is in favor of the Consequentialism Theory. If he had disclosed all the copied files, then it would have been ethically wrong. Since he did not do it, this act can be considered as ethically correct (though legally wrong). With this action of the hacker, the medical centre must learn a lesson and protect their systems from any further attacks. But according to a very famous statement, a solution to an ethical issue can always lead to other issues popping up.
Incident 2: YTcracker, a 17-year-old hacker had hacked numerous different militaries as well as govt. web sites. He gave the statement that he used to continuously send messages to the administrators of the websites informing that there are certain vulnerabilities in the systems and therefore they need to adopt some more secure systems. But all his messages went ignored. Therefore, he, in order to get this issue solved, he penetrated those systems which the govt. would take up seriously.
If we evaluate this incident as per the Kant’s theory, we would say that the act of the hacker was ethically wrong since the ethical principles were threatened.
But as per the Consequentialism theory, this act is ethical because the hacker had caused no damage to the website’s data.
Even though these incidents are ethically correct as per the theories, they are legally wrong according to the Computer Misuse Act 1990.
Ethical Concerns as Well as Professional Issues
Certain ethical issues are engaged with the information system professionals when an ethical hack is to be implemented to an organization. These may include,
Violation of the Code of Conduct.
The organization’s security policy as well as procedures need to be broken, and many others.
On further analyzing these ethical issues, we are faced with a crucial question i.e. Is ethical hacking really ethical? If we try evaluating this question as per the Kant’s theory, the act of ethical hacking cannot be considered as ethical. But according to the Consequentialism Theory, the act of ethical hacking is ethically correct (Khrais, 2018).
Contrary to this, ethical hacking is considered to be a big mess by the information systems professionals. The reason behind this is that being professionals they are expected to stick to a particular code of conduct. But during the penetration tests, they are forced to go against these terms (Khrais, 2018).
Also, since the firms do not employ an ethical hacker and only hire him, there are risks of privacy invasions since all the firewall’s weak points can be viewed by the hacker. Also, the organization is also subject to attacks in the future, in case the hacker is not a professional one. So, all of these issues can pose a great threat to the firms.
The Computer Misuse Act 1990:
The Computer Misuse Act 1990, which was earlier a bill became an act of the UK Parliament in August 1990.
According to this act, if an ethical hacker commits a wrong doing and any such situations take place, then the legal issues can be easily identified.
Cultural as well as Social Concerns:
As already highlighted in the above-mentioned content, a lot of different issues tend to pop up in the business ethics. Two major issues are the social as well as cultural issues.
As we all know, the social issues will have a huge impact on the society due to which the IT sector will get badly affected. The reason behind this is that the society’s behaviour as well as reaction has a huge impact on the IT sector.
As per the ethical principles, the organizations should try to negotiate with the society.
As an instance, if a hacker hacks a hospital’s or school’s Information System, great issues would pop-up in the society. The same case can take place for a firm also. So, the ethical hacker needs to trust them. If he fails to trust, then he may be blamed by the society which will consequently end up affecting both of the parties really badly (Kleiman, n.d.).
From whatever we have studied above, we can easily conclude that even though a number of issues are involved in the ethical hacking, it is very important to give proper consideration to various aspects of Ethical Hacking. The reason behind this is that ethical hacking is a very important component of the entire security system and program (Mathew, 2003).
If a firm wishes to offer complete protection to its company’s assets, then ethical hacking is a must. Additionally, the firm will also get the benefit of a better reputation in the long run by resorting to ethical hacking (Mohit, n.d.) (Ormel, 2018).
4. Results and Recommendations
So my Linux target IP is 192.168.198.101
VM is a Linux system and it is getting IP through DHCP server. DHCP client service is enabled in the target system.
In later stage these IPs became 192.168.198.102 and 192.168.198.104
Connectivity check between the Kali linux system (attacker) and the target system.
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 128.69 seconds
SSH is running
Apache is running
http://192.168.198.101 gives the following.
There is a form asking user name and password. So used DIRB to check all the links of the web server target.
User our own python tool to do the port exploitation.
DIRB results are attached.
Exploitations
Metasploit Tests
Checked and found port 22 is open.
RHOST is set to the target
5. Custom developed tools
- PwnTools – a CTF framework written in Python. PwnTools aims to make writings as simple as possible by using the exploit development library (Duffy et al., n.d.).
- ctf-tools – an assortment of setup-scripts to create various security research tools, it can be used to install these tools.
- Metasploit Framework – is a worldwide best penetration testing framework. Metasploit aims to support the security teams in improving awareness and to help them empower and arms defender
- ROPgadget – this tool is a platform to facilitate ROP exploitation, and it can support ELF/PE/Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC, and MIPS architecture.
- Peda – is a tool to assist GNU Project Debugger (GDB) in python language. Peda enhances the display of GDB
- Google – a search engine to collect numerous information such as websites, maps, pictures, to get an answer to any questions
- Immunity Debugger – is a tool to write exploits, and it can be used to analyze malware, and reverse engineer binary files. It is a large and well supported Python API for easy extensibility
- OllyDbg – is an x86 debugger that focuses on binary code analysis even if source code is not available. It not only traces registers, but it can also recognize procedures, API calls. And locating routines from object files and libraries is the main task of these tools (Eliot, n.d.).
- SWFScan – HP Web Security Research Group develops this free tool to find out security vulnerabilities in Flash platform-based applications. HP SWF Scan extracts the ActionScript code, after analyzing the extracted code, it identifies security issues, for example, information disclosure
- gdb –is a portable GNU Debugger which is suitable for many programming languages, for example, Ada, C, C++, Objective-C, Free Pascal, Fortran, Go and partially others. It works to identify the reasons for a software/program crashed or stopped during execution of that program/software.
- IDA Pro – It is an interactive, programmable multi-processor disassembler and debugger. It works for various operating systems such as Windows, Linux, or Mac OS X. The purpose of this debugger is to analyze the hostile code, COTS validation.
- WinDbg – WindDg is a windows Debugger (the 32-bit debugger and the 64-bit debugger) that can be retrieved from Microsoft website. Although it is a great, powerful, free tool, it is more complex to use than gdb debugger.
- Apktool – it is a decoding tool for binary Android apps (Java 8 (JRE 1.8)). It is used to modify the resources by adding some extra codes with the original source code.
- PE Tool – PE tools, originally which were inspired by LordPE(Yoda), allows working with PE files and Processes. It is a useful tool for working with Windows PE executable.
- UPX – Ultimate Packer for Executables (UPX) is a decompression tool having excellent compression ratio. It has some advantages compared to the other formats such as a higher decomposing rate, no memory overhead, and safe, universal, portable, extendable, and free.
- dex2jar (Android)- dex2jar Tools work with android .dex and java .class files, which contains dex-reader, dex-translator, dex-jr, dex-tools, d2j-smali, dex-writer.
- Radare2 – it is a portable reversing framework to provide a set of libraries and tools to work with binary files.
- Unix-Unix is a portable operating system that is also called multiuser-time-sharing operating system. Although Unix originally was developed in 1969 by AT&T-employees initially programmed in assembly language, it was reprogrammed in C in 1973.
- Strace – it is Linux based userspace utility which is also used to as diagnostic, debugging and instructional userspace utility. Its kernel feature, ptrace controls the operation of strace.
- Objdump – It is a Unix operating system based command-line program for displaying various information about object files, for instance, as a disassembler it views an executable in assembly form.
Dissection – GUI to the order line computerized examination investigation apparatuses in The Sleuth Kit
Python Tools
Some of the python tools developed in this project are attached.
Source code
Port scanner.
Password Cracker.
We used the version 3 of Python in this project, so an interpreter is required in this case. One can download the interpreter form their site – Python.org
A few of the modules which are utilized during the programming process can be seen below:
- Crypt – This is used in comparing the hashed, stored in the shadow file along with the secret key – password.
- Socket – We use this during networking for establishing a connection to a particular IP address, using the current port.
- Ipaddress It is used for validating the IP address given by the user (Kathiravelu and Sarker, 2017)
We have used import keywords to import these modules which are accessible on Python. Both the hashes and the password has been provided via the text file. The program will get through all the hashes and passwords present in the files. Afterward, it will be able to match the provided hashes together with the passwords, also, the password will be matched respectively. Once these two elements (hashes and passwords) are matched together, the loop will end, and there won’t be any loop existing in the program again. After this id done perfectly, the password will be extracted out to the console.
We use socket module during networking for establishing a connection to a particular IP address, using the current port.. When the client is prompted for the IP address and the port. Whenever the IP address and the port requested from the client, the first thing that happen is that the socket module instantiates by a TCP connection. Afterward, a connection will be established by the socket module to the current and the provided IP address by using the connect_ex method. If the connection is successfully established, that implies that the current port is available for the provided IP address. The method proceeds to connect to the other provided ports, looking for opened ports. However, the program will end the link to the host Internet Protocol (IP address) when the maximum port has been reached.
Ipaddress: It is used for validating the IP address given by the user. Address resolution includes matching a given host to an IP address. Therefore, in this scenario, we can use the Ipaddress module–which fishes out and trot out error messages over to the console if the IP address provided is invalid–to validate a correct IPv6 or IPv4 address.
Class-based layout or structure were used in in developing the programs. We can indeed call the structure used here as an object-oriented type. The object-oriented structure states how all the data elements are to be defined. An example of main class is developed which is utilized to run after calling the class’ main method. An exhibition of the main class implies that objects are firstly created, and they serve as a placeholder element for the class.
Instructions for execution
The command line compiler can be used to execute the programs. The arguments are requested by the user after executing the program.
For example, to execute and compile the program for the Port Scanner: python port.scanner.py, each of the arguments needed for executing the program are requested by the user in the console.
And as for the Password Cracker, Both the caracker program and the hashes’ file must be in the same directory. Also, the password file must be present in the same directory. Comparison will be made between the hashes and the correct passwords using the file. The password will then be uncovered if they both match (Sinha, 2017).
Cases where there are errors or the path for the given files don’t exist, the program will prompt out an apt message dictating that. To achieve this, a block of catch and try can be utilized, as this will make you discover real-time errors within the block.
Output
Necessary details such as the start port and the IP address is requested from the user. If the details provided are valid, the program will be looped.
Fig 1: Port Scanner
With a single port (1), the ports are increased from the current port. All the ports’ range, from the beginning to the end are connected by making use of the target IP address.
Fig 2: Scanning ports
Matching each of the hash passwords in the shadow file with the passwords. Each password is matched against the corresponding hash in the the hash file
Showing how the passwords in the shadow files match the hash passwords.
Fig 3: Cracking passwords (Litzenberger, 2016)
Password found
After the discovery of the password, the enactment of the program ends, after which the password of the user is extracted out to the console. The program proceeds in the loop provided that no password corresponds with a specific hash.
6. Recommendations
The methods and tools for Linux security are described here chronologically. That means the most import and essential tool for your Linux security will be described first. Moreover, this article does not include services, like VPN, which is crucial for Linux security. If anyone wants to protect his system, he must know the installation process of VPN services. After installing these VPN services, other modifications such as encryption, enabling the firewall, and disabling SSH login will definitely make your Linux more protected.
1. Encrypt your Drive (Full Disk Encryption)
During installation, any newer versions of Linux distribution will recommend you encrypt your drive by asking you to have a permission. At that time you must accept the request to enabling the encryption which would make your system almost 100% safe. You need to create a password to decrypt your drive, and this password is especially essential when you are moving and working on a laptop.
Moreover, if a criminal steals your encoded laptop, he never can access your important data. Furthermore, a hacker will not be able to access your laptop because he needs to decrypt the drive. This system security is valid for your protected hard drive.
The Home folder of the Linux system can also make encrypted, meaning that someone may access your computer but he will not be able to collect any information from your Linux directory.
2. Enable Your Firewall
A firewall acts as traffic controller in your computer, meaning that it is something like a wall between your computer and the outside world.
To activate a firewall is strongly recommended, and because of its extra layer of security, it gives more protection for the system from outside access.
3. Disable SSH Login via Root
Enabling SSH login Via Root is considered as the biggest security hollow because it allows directly logging in through SSH. Since any hacker will be able to violet your root password and potentially get access to your system.
Therefore, If SSH login via root is disabled, a hacker needs two passwords to gain root instead of single password. Which definitely doubles his/her workload.
.
4. Make your BIOS More Secure
This tip is considered as a more general security risk for most Linux distributions. Stopping your system to boot via USB, CD/DVD or other external drivers lessen the chance for anyone to overwrite your Linux and as a result, your system will be protected from accessing your drive by booting a Live OS.
5. Disable USB Mount
USB is a common source of sophisticated malware which is activated directly during any data transfer between your computer and a pen drive inserted in your USB port. The only way to protect your system from USB-based malware is to find another method to safely transfer data.
Step 1: Open any text editor and write: install USB-storage/bin/true
Step 2: Save the file as a .conf type of file and save in the following location: /etc/modprobe.d/
Step 3: Reboot your system and test if you are able to mount a USB drive.
7. Conclusion
The procedures and methodology for getting technical details about the remote system is studied. Using NMAP the remote system is scanned for open ports and running services. Procedures to get the passwords and hash files are explained.
8. References
Baloch, R. (2017). Ethical Hacking and Penetration Testing Guide. London: CRC Press.
Beaver, K. Hacking For Dummies.
Cengage Learning. (2017). Ethical hacking and countermeasures. Boston, MA.
Duffy, C., Buchanan, C., Ip, T., Mabbitt, A., May, B., & Mound, D. Python.
Eliot, G. The mill on the floss.
Engebretson, P. (2013). Basics of Hacking and Penetration Testing. Elsevier Science & Technology.
Graves, K. (2010). CEH. Indianapolis, Ind.: Wiley Pub.
Harris, S. (2011). Gray Hat Hacking The Ethical Hackers Handbook. McGraw-Hill.
Khan, F. (2019). Hands-on penetration testing with Python. Birmingham, UK: Packt Publishing.
Khrais, H. (2018). Python for offensive PenTest. Birmingham, UK: Packt Publishing.
Khrais, H. (2018). Python for offensive PenTest. Birmingham, UK: Packt Publishing.
Kleiman, D. The official CHFI exam 312-49 study guide.
Mathew, T. (2003). Ethical hacking. [Place of publication not identified]: OSB Publisher.
Mohit. Python penetration testing essentials.
Nmap: the Network Mapper – Free Security Scanner. (2019). Retrieved 8 October 2019, from https://nmap.org/
Ormel, G. (2018). Handbook On Gray Hat Hacking. US: Tritech Digital Media.
Simpson, M., & Antill, N. Hands-on ethical hacking and network defense.
Sinha, S. (2017). Beginning Ethical Hacking with Python. Berkeley, CA: Apress.
Wong, R. Mastering reverse engineering.
Worley, W. Beginning ethical hacking with Python.