IT 4510 : Ethical Hacking

Slides 2

Dr Joe Francom

Activity 1

Look at this

• Summary page (7)

In groups:

• Actors (12)
• Actions (15)
• Assets (19)
• Attribute (22)
• DOS (35)
• Lost and stolen assets(41)
• Miscellaneous errors (43)
• Privilege Misuse (46)
• Social Engineering (49)
• System Intrusion (54)
• Basic web application attacks (58)

Be prepared to present your findings.

Activity 2

Let us do some simple reconnaissance. Find some different web tools that will gather information for you about the computing.utahtech.edu website. We are not trying to hack anything at the moment, just gathering information. Answer the following:

• what information did you find?
• What could you do with this information?
• Is there any way to prevent this information from getting out?

• Can you figure out what version of Apache is running? How about what ports are open? What OS version is it running?

• One site you might use is netcraft.com (under What's that site running?)

• Also shodan.io. Can you do the same with your home IP? (i.e. 209.33.239.50)

• www.arin.net or whois

Is this active or passive recon?

Activity 3

Find 3 current vulnerabilities for a program of your choice(wordpress has some if you can’t think of other programs or perhaps ‘linux kernel’):

• https://nvd.nist.gov/vuln/search or https://nvd.nist.gov/vuln/full-listing
• http://www.us-cert.gov/ncas/current-activity/
• https://www.exploit-db.com/
• https://www.darkreading.com/

Answer the following:

• Why do vulnerabilities exist?
• What information is provided about the vulnerability?
• How is it suggested to be fixed?
• Other relevant info?
• Exim example

Activity 4

See if you can find information on the netblock owned by Utah tech.

• Hint: maybe begin be doing a google search for it
• What websites are currently served from this domain?
• How big of a block do we have?
• What about ipv6?
• What can this tell us?
• What can traceroute tell us? (or tracert)

Activity 5

• Wayback machine