Lab 1. What Are the Five Steps of a Hacking Attack?

In: Computers and Technology

Submitted By chambless80
Words 752
Pages 4
1 1. List the 5 steps of the hacking process.
1—Reconnaissance
2—Scanning
3—Gaining Access
4—Maintaining Access
5—Covering Tracks

2. In order to exploit or attack the targeted systems, what can you do as an intial first step to collect as much information as possible about the targets prior to devising and attack and penetration test plan?
The first step I would take would be from the 5 steps to hacking which is the reconnaissance. I would use passive reconnaissance as this pertains to information gathering.
3. What applications and tools can be used to preform this initial reconnaissance and probinig step?
Google is a major tool in most hackers initial first step. But you can use Nmap , AMAP, ScanRand and Paratrace.
4. How can social engineering be used to gather information or data about the organization’s IT infrastructure?
Social Engineering is one of the number one ways a network is easily infiltrated. They major forms of this are Phishing, baiting and diversion theft.

5. What does the Enumeration step of the five (5) step hacking process entail and how is it vital to the hacker’s objective?
Enumeration is the same as scanning a system for vulnerabilities that can be used to attack the system itself. This is vital to any hacker’s object since it reveals the information needed to access the target.

6. Explain how an attacker will avoid being detected following a successful penetration attack?
To avoid detection a good hacker will always cover their tracks. This is done by purging any information in the system that could even minutely show the trace that someone was their. You must be careful when doing this because sometimes its not whats there that gets the hacker busted but what wasn’t.

7. What method does an attacker use to regain access to an already penetrated system?
Any good hacker will always leave some…...

Similar Documents

Lab 1. What Are the Five Steps of a Hacking Attack?

...1 1. List the 5 steps of the hacking process. 1—Reconnaissance 2—Scanning 3—Gaining Access 4—Maintaining Access 5—Covering Tracks 2. In order to exploit or attack the targeted systems, what can you do as an intial first step to collect as much information as possible about the targets prior to devising and attack and penetration test plan? The first step I would take would be from the 5 steps to hacking which is the reconnaissance. I would use passive reconnaissance as this pertains to information gathering. 3. What applications and tools can be used to preform this initial reconnaissance and probinig step? Google is a major tool in most hackers initial first step. But you can use Nmap , AMAP, ScanRand and Paratrace. 4. How can social engineering be used to gather information or data about the organization’s IT infrastructure? Social Engineering is one of the number one ways a network is easily infiltrated. They major forms of this are Phishing, baiting and diversion theft. 5. What does the Enumeration step of the five (5) step hacking process entail and how is it vital to the hacker’s objective? Enumeration is the same as scanning a system for vulnerabilities that can be used to attack the system itself. This is vital to any hacker’s object since it reveals the information needed to access the target. 6. Explain how an attacker will avoid being detected following a successful penetration attack? To avoid detection a good hacker...

Words: 752 - Pages: 4

Those in Power Should Step Down After Five Years

...John Quincy Adam writes, ”If your actions inspire others to dream more, learn more, do more and become more, you are an effective leader”. Do such leaders need to step down just for the unknown result of new leadership? I would not agree with the claim that those people in power should step down after five years whatever the field-- business, politic, education or government. This is just because, revitalization through new leadership might bring success at times, for that reason, it cannot be declared the “surest path to success”. Changing leaders once in five years might be fruitful in some cases. That happens mainly when the present leaders are not so effective, when they are unable to manage the crisis, unable to bring development and on the whole they are lacking qualities for an effective leadership. Consider the President of America, John Buchanan; he was an inspired President until the outbreak of civil war. His inability to impose peace on the sharply divided partisans, led him to step down. So, in such cases there is a need for new leader to handle the case and take the nation back to the path of development. And that’s why Abraham Lincoln was elected right after him. He proved himself solving the disputes. Abraham Lincoln did not step down after five years. He was so efficient that he was just re-elected as the President in the next election. He continued as the President of America till his death. This clearly proves two main factors. First is, new leaders are...

Words: 514 - Pages: 3

Lab About Buffer Overflow Attack

...Tasks 1) Open linux terminal and compile victimFile.c, and run it. Type the message that you see: After running and compiling the victimFile.c the massage shown was: you didn’t provide any argument: ./.out <string> 2) Check the source code of victimFile.c by opening the file in an editor. Which variable can be used to apply a buffer overflow attack? Why? var, because the input variable will be used inside the copy function and will copy it to var; and var is array of characters with fixed size of 20. 3) Run the file with an argument that will cause an exception (execution error). How long was your argument? (How many letters)? Since var max size is 20, so any argument that is more than 20 will cause an exception. Example “123456789123456789123” 21 letters as shown below: 4) Disable the buffer overflow protector that linux has, and try to overflow the buffer by increasing the length of your argument until you receive “Segmentation fault”. How long is the argument now? After disabling the buffer overflow protector using –fno-stack-protector, now we can overwrite into the stack without Abort. An argument of length 32 causes the segmentation fault. 20 (var) + 4 (var2)+ 4(input)+ 4(bptr) =32 5) a) In this step we created the script.pl file that needs arguments and the address to where it should jump. In our case we want to jump to hacked function. b) We run the gdb tool using “gdb a.out”. After that, using “(gdb) disassemble hacked...

Words: 482 - Pages: 2

Lab 3 for Ethical Hacking

...Kaplan University IT542 Ethical Hacking and Network Defense Unit 2 Assignment Assignment 2 Jamie Carter Professor North Assignment 2 1. Ping, DNS lookup, traceroute utilities, and, Internet Explorer, the web browser are primary tools that come equiped in Windows. The DOS or MSDOS allow use of ping and traceroute specifically, these utilities allow for network mapping and network address or IP address identification, as well as port information. 2. The differences in the organizations are coverage areas. IANA covers the resources delegated to the other organizations (IANA, N,d,). ARIN is delegated to cover the regions of United States, Canada, several parts of the Caribbean region, and Antarctica. RIPE covers northern parts of Asia, Northern Africa, Europe, and Middle Eastern countries. 3. Sam Spade includes tools that can run WhoIs, HTML source code retrieval, trace route, ping, finger, and nslookup. These functions allow retrieval of data from network traffic, electronic mail headers, and identify origins of addresses. 4 Trace route does exactly as the name states, it traces the route of packets back to the originator. This is useful in finding different jump points and pathways to the targeted website, It traces the routes packets take from the user to the target.   It shows a route by hops. They target the host address. 5. WhoIs provides general data such as address or domain owner, contact information for owner, and linked sites to a...

Words: 699 - Pages: 3

Hacking Lab 2 Assessment

...Assessment Worksheet 29 LAB #2 – ASSESSMENT WORKSHEET Implement Hashing and Encryption for Secure Communications Course Name and Number: Student Name: Instructor Name: Lab Due Date: 2 Implement Hashing and Encryption for Secure Communications Overview In this lab, you applied common cryptographic and hashing techniques to ensure message and file transfer integrity and maximize confidentiality. You also created an MD5sum and SHA1 hash on a sample file on the Linux virtual machine and compared the hash values of the original files with those generated after the file had been modified. Next, you used GnuPG to generate a public key, a private key, and a secret key to encrypt and decrypt a message. You then used these keys to send secure messages between two user accounts on the virtual machine and verify the integrity of the received files. Finally, you reviewed the process for uploading public keys to a public PKI website. Lab Assessment Questions & Answers 1. Compare the hash values calculated for example.txt that you documented during this lab. Explain in your own words why the hash values will change when the data is modified. 2. Why are the MD5sum and SHA1sum hash values the same every time you calculate for the “example.txt” sample file? What if they were different when you re-calculated the hash value at the other end? 30 Lab #2 | Implement Hashing and Encryption for Secure Communications 3. If you were using corporate e-mail for...

Words: 414 - Pages: 2

Implementing Five-Step Strategy for Critical Reading

...Implementing Five-Step Strategy for Critical Reading Jaydde Craig HUM/111 Implementing Five-Step Strategy for Critical Reading Five-Step Strategy for Critical Reading Please refer to pages 73-77 in The Art of Thinking for this assignment. Step One: Skim the Article * Take five minutes and skim the following article. http://www.foxnews.com/us/2013/11/08/stand-your-ground-law-survives-florida-house-vote/ Step Two: Reflect on Your Views * What ideas do you have about this subject that could create a bias for or against the author’s view and prevent me from giving it a fair hearing? Please explain in 25-50 words. This article comes across as bias. The facts reported, are more about emotional responses from Rep. Matt Gaetz argued that the law had helped reduce the number of homicides in the state of Florida since its passage. There is no evidence of this stated in this article. It is compiled of remarks by various people that come from an emotional point of view and offer no statistics, proof, quotes, or anything that gives a convincing argument that this is a unbiased review. Step Three: Read the Work Step Four: Evaluate What You Read * Identify the issue of the article in 25- to 50-words. The issue of the article is that Florida legislators defeated an effort to repeal the state's controversial "stand your ground law" following hours of passionate testimony. It is emotional response and not based on any facts. In one part of the...

Words: 956 - Pages: 4

Implementing Five-Step Strategy for Critical Reading

...Implementing Five-Step Strategy for Critical Reading Jessica S. Sims HUM/111 January 26, 2014 Maggie Dominguez, Med/MA Implementing Five-Step Strategy for Critical Reading Five-Step Strategy for Critical Reading Please refer to pages 73-77 in The Art of Thinking for this assignment. Step One: Skim the Article * Take five minutes and skim the following article. http://www.foxnews.com/us/2013/11/08/stand-your-ground-law-survives-florida-house-vote/ Step Two: Reflect on Your Views * What ideas do you have about this subject that could create a bias for or against the author’s view and prevent me from giving it a fair hearing? Please explain in 25-50 words. Being somewhat familiar with the trial against George Zimmerman and the situation that created the uproar; left me in a situation where I believed George Zimmerman should have been convicted, and the stand your ground law should have been reanalyzed. Step Three: Read the Work Step Four: Evaluate What You Read * Identify the issue of the article in 25- to 50-words. In a push to have the Florida state law, “stand your ground” repealed, the article reflects on the decisions of the legislature and some of the senseless crimes committed that should make the legislature want to change the law. * In this article, the author uses words that are open to more than one meaning. Please provide examples and explain in 25- to 50-words. When the author uses the word pushed, he/she is referring to...

Words: 764 - Pages: 4

Hacking

...HACKING Introduction • Hacking is unauthorized use of computer and network resources. • According to Computer Crime Research Center: “It is act of gaining access without legal authorization to computer or computer network.” • Traditionally hacking refers to the hobby/profession of working with computers. • But now a days it refers to breaking into computer systems. History • 1960s – MIT AI Lab – Ken Thompson invented UNIX – Positive Meaning • 1980s – Cyberspace coined – 414s arrested – Two hacker groups formed – 2600 published • 2001 – In one of the biggest denial-of-service attack, hackers launched attacks against eBay, Yahoo!, CNN.com., Amazon and others. • 2007 – Bank hit by “biggest ever” hack. Swedish Bank, Nordea recorded nearly $1 Million has been stolen in three months from 250 customer account. Types of hackers Knowledge based: • Coders • Admins • Script kiddies Legality based: • Black hat hacker • White hat hacker • Grey hat hacker Script Kiddies: – who use scripts or programs developed by others to attack computer systems and networks and deface websites.[ Phreak – Person who breaks into telecommunications systems to [commit] theft Cyber Punk – Recent mutation of … the hacker, cracker, and phreak White hat hacker who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems. Black hat hacker A black hat is the villain or bad guy, especially in a...

Words: 383 - Pages: 2

Lab Step

...Hands-On Steps Note: This lab contains detailed lab procedures which you should follow as written. Frequently performed tasks are explained in the Common Lab Tasks document on the vWorkstation desktop. You should review these tasks before starting the lab. 1. From the vWorkstation desktop, open the Common Lab Tasks file. If desired, use the File Transfer button to transfer the file to your local computer and print a copy for your reference. Figure 1 "Student Landing" workstation 2. On your local computer, create the lab deliverable files. 3. Review the Lab Assessment Worksheet at the end of this lab. You will find answers to these questions as you proceed through the lab steps. Part 1: Capture Network Traffic using TCPdump utility Note: In the next steps, you will use TCPdump, a command line utility, to capture network traffic on the TargetLinux01 virtual server. You will generate that traffic by exploiting a cross-site scripting (XSS) vulnerability in the Damn Vulnerable Web Application (DVWA) tool. In the lab environment, you will be capturing traffic on one interface. In a real-world situation, it is likely the machine would be straddling both an internal network and an external network. In that case, you would want to want to monitor both sides of the interface. Monitoring outside network traffic allows information systems security practitioners to see who and what is attempting to infiltrate your IP network. Monitoring internal traffic allows network analysts to see...

Words: 3168 - Pages: 13

Ethical Hacking Lab 1

...Lab #1 – Assessment Worksheet Assessing and Securing Systems on a Wide Area Network (WAN) IT-387 Ethical Hacking Course Name and Number: _____________________________________________________ Emmanuel Garcia Student Name: ________________________________________________________________ Jacob Boaheng Instructor Name: ______________________________________________________________ 09/29/2014 Lab Due Date: ________________________________________________________________ Overview In this lab, a systems administrator for the securelabsondemand.com network has reported odd behavior on two servers that support legacy applications you first conducted internal penetration tests (also called a vulnerability scan) on each system and then helped secure those systems by configuring firewalls and removing vulnerable open ports. Lab Assessment Questions & Answers 1. What is the first Nmap command you ran in this lab? Explain the switches used. The first Nmap command I ran on the the lab was nmap -O -v 10.20.100.50. To explain the switches used winch are re presented with (-O) and (-v). (-O) means detect the operating system of the 10.20.100.50 machine and view or show the detail of the open ports. 2. What are the open ports when scanning 192.168.3.25 and their service names? After I have run the Nmap command for the 192.168.3.25 It show the port the were open such as port 80 HTTP hypertext transfer protocol, port 135 MSRPC Micro Soft Remote procedure Call, port 139 NetBios-ssn...

Words: 373 - Pages: 2

Five Step Hypothesis

...The five-step step hypothesis test The team will use the five-step hypothesis test to support or reject the research problem. The following are five steps that will lead to accurate conclusions concerning the null hypothesis and the claim. The five-step step hypothesis testing consists of: 1. Step one - State the null hypothesis and the alternate hypothesis 2. Step two - level of significance/ Formulate testable hypothesis 3. Step three - Calculate the test statistic 4. Step four - Set up a decision rule 5. Step five - Collect some data The research topic: the team calculates the average cost of houses in cities with high crime rates against affluent cities with low crime rates in PGC. Step 1: State the null hypothesis and the alternate hypothesis. Home values in PGC have decreased because of the high crime rate in the county. H0: The average home sold is 203,069 that is, m = 203,068 Ha: The average home sold is 203,068 that is, m ≠ 203,068 Step 2: Select a level of significance (ά or alpha) In this step, we are able to evaluate if the hypothesis is suitable, and have met the requirements for the test. To do this we must select a type one error that is frequently used at the 0.5 or 0.1 significance level. For instance, to get the Z for a 95% confidence interval, make the shaded area 0.95. The z should show .95 of the area is between -1.96 and 1.96. Step 3: Calculate the test statistic. This step uses a two-tailed z- test with a significance level of......

Words: 360 - Pages: 2

Five Step Model

...Applying the Five Step Model HUM/115 University of Phoenix Amy Riddle The five step model begins with identifying the problem. In order to do that is by understanding exactly what is going on. Once the problem is identified, the rest of the process will feel more manageable. Discovering how the problem all started is the next leading thing to the process. Thinking critically will help anyone start a list. When the list is created you can now figure out how to solve the problem that you are having. Now it’s time to evaluate what is the best option to the solution. Critical thinking becomes your best tool here. The best part of it all is doing what needs to be done to get the problem resolved. Almost everyone is confronted with financial problems during his and her lifetime. Whether these problems come from major college debt, bankruptcy or not being able to find a job that sustains your lifestyle, everyone needs to face his or her financial problems and deal with them appropriately. Ignoring financial problems only makes them worse, but bracing the issue won't always be the easiest thing to do, but in the long run, it can significantly improve your life and teach you about responsibility. You should treat everything you do like a financial investment. This allows you to make good spending decisions as you work toward fixing your financial problems. First I look at my financial situation closely. It is important to determine the...

Words: 694 - Pages: 3

Five-Step Model

...The Five-Step Model Nicola .S. Hershey HUM/115 February 01, 2016 Patience Johnson The Five-Step Model There are five steps to overcome our problems. The first step is the most imperative and that is to identify the problem in details and what you hope to gain from solving this problem. “We cannot solve a problem unless we define it well” (kirby & goodpaster, , p. 288). Secondly, know your alternatives, your other options and of course your limitations. Thirdly weigh your alternatives in terms of their advantages and disadvantages. Fourth make your choice on what solution you will use to overcome your problem. Last but not least revise how your solution works for you and how well your final goal will help you. Education I yearn for my Bachelor’s Degree like I need my next breath. I have a major problem in attaining one and that is my time management skills. I will master this, and hold my degree in my hand by the end of this course. ”To live is to decide, and to live fully is to decide well.” (kirby & goodpaster,, p.320). I could easily just throw my hands up and forget about achieving my goal, which would not solve my problem because I would still have that deep rooted desire to get my bachelors. I can manage my time better by asking for help when I need to, I can also ask if the deadline for a particular assignment is set or if extensions are...

Words: 494 - Pages: 2

Ethical Hacking Lab 05

... or VB script, in the data sent to the server will send back a page with the script 4. Based on the tests you performed in this lab, which Web application attack is more likely to extract privacy data elements out of a database? SQL Injection. 5. If you can monitor when SQL injections are performed on an SQL database, what would you recommend as a security countermeasure to monitor your production SQL databases? Well-coordinated and regular audited security checks is the best way forward. 6. Given that Apache and Internet Information Services (IIS) are the two most popular Web application servers for Linux and Microsoft® Windows platforms, what would you do to identify known software vulnerabilities and exploits? Check for known vulnerabilities, update security patches and fixes, and monitor security logs of servers for variances of baseline reports 7. What can you do to ensure that your organization incorporates penetration testing and Web application testing as part of its implementation procedures? By placing the testing process in the timeline of implementations, security policies that include testing into the entire process of introduction of software or applications 8. What is the purpose of setting the DVWA security level to “low” before beginning the remaining lab steps? So that we can see the vulnerability by having access to things we would not if it was on high. 9. As an ethical hacker, once you’ve determined......

Words: 490 - Pages: 2

Should Leaders Step Down After Five Years

...Surely innovation, creativity and anything that brings about revitalization are vital to the success of a certain enterprise, from business, to education, to politics. However, the argument that revitalization needs to be obtained through changing leadership every five years so as to make sure the cause in question is on the right path to success is not cogent in several aspects, since whether the leaders should step down after exactly five years is contingent on their qualification and competence, and it also depends on what enterprise we’re examining. There are several occasions where the resignation of the leaders will be conducive to success. For instance, if the head of a country possesses conventional views and is not open to changes and new perspectives, as in North Korea. Kim Jeong-eun will no doubt be in power for over five years, and actually that will last for as long as he wishes, thanks to the special system in the country. However, judging from his abilities in leading the country forward to a more developed and prosperous one, most people out of the country would think there should be a new leader, as soon as possible. And five years should be reasonable, since if he keeps secluding the country from the outside and practicing monarchy as his father and grandfather did decades ago in those five years, people would feasibly predict the future policy he is going to make and stop him right at the end of his five years reign. It will be the same case in America...

Words: 651 - Pages: 3