Adama Science and Technology University

School of Electrical Engineering and Computing

Department of Software Engineering

Computer System Security Group Assignment

Section: 1

Group Members ID

1. Nebil Rahmeto UGR/25275/14

2. Yohannes Welel UGR/25337/14
3. Yonas Adane UGR/25464/14

Submission Date: Jan 2/2025

1. Choose at least two of the attack types (1-42 given in Document 1) and try them out.

Finally, I will review your work and give you points.

I. SQL Injection Attack Implementation Report

SQL Injection is a web security vulnerability that allows an attacker to interfere with the queries
an application makes to its database. By injecting malicious SQL code, the attacker can
manipulate database queries to bypass authentication, retrieve data, or even compromise the
server.

2. Objectives

1. Simulate a basic SQL Injection attack in a controlled environment.

2. Understand how attackers exploit input fields to manipulate database queries.

3. Explore methods for identifying and preventing SQL Injection vulnerabilities.

3. Environment Setup

System Configuration:

o OS: Linux

o Tools: Docker, DVWA (Damn Vulnerable Web Application)

o Browser: Firefox/Chrome for interacting with the application.

Steps to Set Up the Environment:

1. Install Docker:

sudo pacman -S docker

sudo systemctl start docker

sudo systemctl enable docker

2. Deploy DVWA:

docker pull vulnerables/web-dvwa

docker run -d -p 8080:80 vulnerables/web-dvwa

3. Access DVWA in a browser at http://localhost:8080.

Default Credentials:
 o Username: admin

o Password: 123456

DVWA Security Level: Set to Low for testing.

4. Attack Execution

Target: The SQL Injection vulnerability in the DVWA's SQL Injection module.

Procedure:

1. Identify Input Fields:

 Navigate to the SQL Injection page in DVWA.

 Locate the input field for user ID queries.

2. Test for Basic SQL Injection:

 Input: 1 OR 1=1
 Result: if successfully logged in , indicating the application is vulnerable.
1. Deleting Database Information:

 Payload: ' UNION SELECT NULL, database(), NULL --

 Result: Revealed the name of the database

5. Results

 Input validation was bypassed, leading to unauthorized data access.

 Lack of input sanitization made the application vulnerable.

6. Mitigation Strategies

 Use Prepared Statements: Implement parameterized queries to separate user input from
SQL commands.

 Input Validation: Validate and sanitize all user inputs.

 Error Handling: Avoid detailed error messages that expose SQL query structure.

Summary:

 The SQL Injection attack was successfully demonstrated in a simulated environment

 This test highlighted the risks of poor input validation and the importance of secure
coding practices.

II. Port Scanning Attack Implementation Report

1. Introduction

Port scanning is a technique used to identify open ports and services running on a target system.
It helps attackers discover potential vulnerabilities by identifying entry points for exploitation.

2. Objectives

1. Simulate a port scanning attack using widely used tools.

2. Identify open ports and running services on a target system.

3. Understand the implications and importance of securing network ports.

3. Environment Setup

System Configuration:

 OS: Linux
 Tools: nmap, netcat
 Target: A local server running on the same machine or within a network.
Tools Installation:

1. Install nmap:

2. Install netcat (optional):

Target Setup:

 Start a local server to simulate the attack (e.g., using Python):

4. Attack Execution

Tool Used: nmap

Procedure:

1. Basic Scan:

 Objective: Identify open ports on the local machine.

 Result: Displays open ports and their associated services.

2. Service and Version Detection:

  Objective: Detect services running on open ports and their versions.

 Result: Reveals details about running services (e.g., HTTP server version).

Tool Used: netcat

Procedure:

1. Scan a Single Port:

nc -zv 127.0.0.1 8080

 Objective: Check if port 8080 is open.

 Result: Indicates whether the port is open or closed.

5. Results

Observations:

 Open ports were successfully identified on the local system.

 Running services, such as the Python HTTP server on port 8080, were detected.

6. Implications

Security Risks:

 Open ports expose services to potential exploitation.

 Unpatched services running on open ports may have vulnerabilities.

Importance of Securing Ports:

 Close unnecessary ports.

  Use firewalls to limit access to sensitive ports.

 Regularly update services to address known vulnerabilities.

7. Mitigation Strategies

1. Firewalls:

 Configure firewalls to block unused ports.

2. Service Management:

 Disable or uninstall unnecessary services.

3. Port Monitoring:

 Regularly scan and monitor ports to detect anomalies.

2. Choose at least two of the penetration test (common tools 1-39 given in Document 2 or
cyber/digital forensics tools 1-11 given in Document 2) and try them out.

I. Wireshark

Wireshark is a widely-used open-source network protocol analyzer that captures and inspects
live network traffic. It provides detailed insights into data packets, helping users troubleshoot,
monitor, and analyze network activities.

It can be categorized as one of the best Kali Linux tools for network sniffing as well.

Wireshark is an open-source multi-platform network analyzer that runs Linux, OS X, BSD, and
Windows.

It’s especially useful for knowing what’s going on inside your network, which accounts for its
widespread use in government, corporate and education industries.

It works in a similar manner as tcpdump, but Wireshark adds a great graphical interface that
allows you to filter, organize and order captured data so it takes less time to analyze.

A text-based version, called tshark, is comparable in terms of features.

Why is Wireshark Used?

 Network Troubleshooting: Diagnose network issues such as slow connections or packet

loss.
  Protocol Analysis: Inspect protocols like HTTP, TCP, DNS, etc., to understand their
behavior.
 Security Analysis: Detect malicious activities like unauthorized access, ARP spoofing, or
data exfiltration.
 Performance Optimization: Monitor and optimize network performance by analyzing
traffic patterns.
 Educational Purposes: Learn how networks and protocols work by visualizing traffic flow.

How to Use Wireshark

1. Installation

On Linux, install Wireshark with the following commands:

 sudo apt update && sudo apt install wireshark

Note: During installation, you may be prompted to configure permissions. Select "Yes" to
allow non-root users to capture packets.

2. Running Wireshark

Start Wireshark from the terminal:

 sudo wireshark

Select a network interface (e.g., eth0, wlan0) to begin capturing traffic.

Basic Features and Steps

1. Capturing Packets

 Choose a network interface to start capturing packets.

 Click on the green "Start Capturing Packets" button.
 Stop capturing by clicking the red "Stop Capturing Packets" button.

2. Filtering Traffic

Filters allow you to focus on specific traffic types:

Filter Syntax: protocol or field=value. Examples:

Display HTTP traffic:

plaintext
http
Show TCP traffic:
plaintext
tcp

Filter packets from a specific IP:

plaintext
ip.addr == 192.168.1.1

Show packets with a specific port:

plaintext
tcp.port == 80

Apply filters in the filter bar and press Enter.

3. Inspecting Packets

Click on a packet to view detailed information.

The interface is divided into three sections:

Packet List Pane: Displays captured packets.

Packet Details Pane: Shows protocol layers for the selected packet.

Packet Bytes Pane: Displays raw data of the selected packet.

Common Use Cases and Commands

1. Monitor HTTP Traffic

Filter HTTP packets to analyze web requests and responses:

plaintext
http

2. Analyze DNS Queries

Filter DNS traffic to see domain resolution requests:

plaintext
dns

3. Capture Traffic from a Specific IP

Focus on packets sent to/from a specific IP:

plaintext
ip.addr == 192.168.1.10
4. Analyze TCP Connections

View TCP communication between hosts:

plaintext
tcp

5. Export Captured Data

Save captured packets for further analysis:

File > Save As > Choose file format (e.g., .pcap).

6. Follow Streams

Reconstruct and view complete communication streams:

Right-click a packet > Follow > TCP Stream/HTTP Stream.

Advanced Features

1. Resolve Hostnames

Wireshark can map IPs to hostnames for better readability. Enable this feature under:

Preferences > Name Resolution > Check "Resolve network (IP) addresses".

2. Color-Coding

Wireshark uses colors to differentiate packet types:

Blue: TCP traffic.

Green: UDP traffic.

Black: Malformed packets.

3. Analyze Packet Loss

Use sequence numbers in TCP packets to detect retransmissions or lost packets.

Example Use Case: Capturing Packets from a Website Using Wireshark

Objective: Capture and analyze network packets from the website https://www.ox.ac.uk using
Wireshark.

Step-by-Step Instructions

 Find the Website's IP Address

 Open your terminal in Linux.
  Use the ping command to get the IP address of the website:
ping www.ox.ac.uk

As u can see from screenshot I got 104.22.48.74 IP address

 Start Wireshark
 Open Wireshark using the following command in the terminal:
sudo wireshark
 Select the network interface you want to monitor. Typically:
o For Ethernet: eth0
o For Wi-Fi: wlan0
o Click the Start Capturing Packets button (green shark fin icon).
 Apply a Filter: To capture packets only from the specific IP address (104.22.48.74),
apply the following filter:
ip.addr == 104.22.48.74

This ensures that only packets to or from the https://www.ox.ac.uk server are displayed.

 Generate Traffic to the Website: Open a web browser and navigate to

https://www.ox.ac.uk.

This will generate network traffic between your machine and the server.

 Stop the Capture: Once the page has loaded completely, return to Wireshark and click
the Stop Capturing Packets button (red square icon).
  Save the Capture: To save the captured packets:
Go to File > Save As. Choose a location, name the file (e.g., oxford_capture.pcap), and
save it in .pcap format.

II. Nmap

Nmap (Network Mapper) is an open-source tool used for network discovery, security auditing,
and vulnerability assessment. It allows you to scan networks to find live hosts, open ports, and
running services, making it an essential tool for network administrators and security
professionals.

Why is Nmap Used?

 Network Discovery: Identify devices on a network.

  Port Scanning: Check which ports are open on a target machine.
 Service Detection: Discover services running on a machine and their versions.
 Operating System Detection: Determine the OS of the target device.
 Vulnerability Assessment: Detect potential security vulnerabilities or
misconfigurations.

How to Use Nmap

1. Install Nmap On Linux Mint, install Nmap with the following command:
sudo apt update && sudo apt install nmap
2. Basic Syntax The general syntax for Nmap is:
nmap [options] <target>
<target> can be an IP address, a hostname, or a range of IP addresses.
[options] specify the type of scan and other parameters.

Basic Nmap Commands

1. Scan a Single Host: To scan a single host for open ports and services:

nmap <target_IP>

Example: nmap 192.168.1.1

2. Scan a Range of Ips: To scan multiple IPs within a range:

nmap 192.168.1.1-10

3. Ping Scan: To check which hosts are up in a network without scanning ports:

nmap -sn <target_range>

Example: nmap -sn 192.168.1.0/24

4. Port Scanning: To scan specific ports:

nmap -p <port_number> <target_IP>

Example: nmap -p 80 192.168.1.1

To scan a range of ports: nmap -p 20-100 192.168.1.1

5. Service Version Detection: To detect the versions of running services on open ports:

nmap -sV <target_IP>

Example: nmap -sV 192.168.1.1

6. OS Detection: To identify the operating system of the target:

nmap -O <target_IP>

Example: nmap -O 192.168.1.1

7. Aggressive Scan: Combines OS detection, version detection, script scanning, and traceroute:

nmap -A <target_IP>

Example: nmap -A 192.168.1.1

8. Scan Stealthily: To avoid detection by firewalls or intrusion detection systems (IDS):

nmap -sS <target_IP>

Example: nmap -sS 192.168.1.1

9. Save Scan Results: To save scan output to a file:

nmap -oN <filename> <target_IP>

Example: nmap -oN scan_results.txt 192.168.1.1

10. Scan Specific Protocols

TCP scan: nmap -sT <target_IP>

UDP scan: nmap -sU <target_IP>

When to Use Nmap

 Before Deploying Systems: Test the security configuration of new servers.

 During Security Audits: Regularly audit networks for unauthorized services or devices.
 In Incident Response: Identify compromised systems or services during a security
breach.

Example Use Case

1.Command: nmap -Pn --script vuln 10.140.68.255

-Pn:

Stands for "no ping." It tells Nmap not to check if the target host is up by pinging it first.
Normally, Nmap pings the target to see if it responds before proceeding with the scan. -Pn is
used when:

 The target host blocks ping requests (ICMP echo requests).

  You want to scan the target regardless of whether it appears online.

--script vuln:

This tells Nmap to run its "vuln" script, which is part of the Nmap Scripting Engine (NSE). The
vuln script is a meta-script that runs a collection of vulnerability-detection scripts. These scripts
check for specific vulnerabilities in the target system, such as:

 Outdated software versions.

 Weak configurations.
 Known exploits (e.g., Heartbleed, SMB vulnerabilities).

The output provides details about any vulnerabilities found.

10.140.68.255: This is the target IP address you want to scan.

As u can see from the screenshot the host address is vulnerable. A system, network, or
application is considered vulnerable if it has weaknesses that attackers can exploit to gain
unauthorized access, disrupt operations, or steal data. Vulnerabilities can arise due to:

 Unpatched Software: Missing updates or security patches.

 Weak Configurations: Misconfigured settings, like open ports or default passwords.
 Coding Errors: Bugs or flaws in software code (e.g., SQL injection, buffer overflow).
 Outdated Systems: Legacy systems no longer supported with security updates.
nmap -sV -Pn --top-ports 25 10.241.65.55

What It Does:
This command performs a targeted scan of the top 25 commonly used ports on the IP address 10.241.65.55
to identify services running on these ports, bypassing host discovery.

Breakdown of Command Options:

1. -sV:
1. Enables service/version detection.
2. Nmap probes open ports to identify the services running and their versions.
2. -Pn:
3. Disables host discovery (ping).
4. Assumes the host is up and skips the initial ping phase, which is useful if ICMP requests are
blocked by a firewall.
3. --top-ports 25:
5. Scans the top 25 most commonly used ports.
6. These ports are determined by analyzing common services and their usage frequency (e.g.,
HTTP, SSH, DNS).
4. 10.241.65.55:
1. The target IP address to scan.

Steps Taken:
1. Nmap skips the usual ping check (-Pn).
2. Scans the top 25 ports on the target IP address.
3. Attempts to identify the services running on the open ports and their versions.