country
$20 Bonus + 25% OFF
Securing Higher Grades Costing Your Pocket? Book Your Assignment at The Lowest Price Now!

MITS5004 IT Security

tag 2 Downloads8 Pages / 1,882 Words tag Add in library Click this icon and make it bookmark in your library to refer it later. GOT IT
  • Course Code: MITS 5004
  • University: Victorian Institute Of Technology
  • Country: Australia

Question:

Research and Presentation on security vulnerability tools using Kali Linux

Topic Selection

Each group needs to select one of the following security vulnerability testing tools of Kali Linux on a first come first served basis:

  • Hydra
  • Maltego
  • NMap
  • Zed Attack Proxy
  • SqlMap
  • Metasploit Framework
  • Burp Suite

Deliverables

For this students need to research, install, and use Kali Linux and the selected tool. After sufficient study and hands on experience, each group needs to prepare and submit a report, and orally present their understanding on the selected tool and Kali Linux as a whole (individual member presentation). Formats of report and oral presentation are mentioned below.

Report

Prepare a report in the following format:

  1. Introduction of the tool
  2. Features of the tool
  3. Techniques used by the tool to exploit vulnerabilities of information systems
  4. Experimental setup and evidence of usage of the tool (include screenshots of vulnerability testing that you have performed)
  5. Conclusions
 

Answer:

Introduction

For any information system one of the one of the biggest security concerns is the passwords used by the users in order to authenticate.  The Hydra is one of the most efficient tools that is used as the login cracker. Authentication of the users through the passwords has its pros and cons. Some of the advantages can be listed as while they are used properly this is helpful in securing information systems, user accounts and their confidential data.  in addition to that, this also allows   the users of the information system in order to login to their accounts regardless of their locations and some extra equipment.

Web applications can be exploited with the vulnerabilities due to the security properties of the concerned web application that were not properly addressed. Conversely, the administrators should use vulnerability assessment tools that can be helpful in automating process. This automated process can help in saving time as well as defend the concerned web applications from the threats and attack vectors.

On the contrary the disadvantages include that most of the users tends to forget their respective passwords for their accounts, use of short and weak passwords for their accounts which can be easily cracked by the attackers. This leads to the allowing the unwanted users and attackers to access the sensitive information from thee different user accounts.

Features of Hydra

This tool supports copious protocols to attack and crack the login credentials of a system. This tool is comparatively easy to use and is best for brute-force attacks.

This tool presently supports the following protocols;

HTTP-FORM-POST, Asterisk, HTTPS-GET, HTTPS-HEAD, AFP, PCNFS, POP3, Cisco AAA, MS-SQL, NCP, NNTP, Cisco auth, Cisco enable, Rexec, Rlogin, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-PROXY, HTTPS-FORM-GET, VMware-Auth,  HTTP-Proxy, ICQ, IMAP, IRC, LDAP,  Oracle Listener, Oracle SID, Oracle, PC-Anywhere,  POSTGRES, RDP, SAP/R3, SIP, SMB,  SOCKS5, different versions of SSH , Subversion, Telnet, SMTP, SMTP Enum, SNMP and XMPP.

other features of this tool includes the following;

Compared to the password cracking tools it is considered as the fastest one in cracking speed.

This tool is cross platform i.e.  it is available for Linux, Windows, OS X and Solaris.

Additional modules can be easily added in order to enhance its features for security testing of the information system.

This tool supports both the Brute force and dictionary attacks for cracking the passwords.

In case of the Dictionary attack, it is simplest as well as the fastest password cracking tool to carry the attacks.   In simple words it can be said that, this tool tries and runs through a dictionary of words or the related passwords while trying   each combination in order to find out if any of them works and leads to the granting access to the attacked information system.

Even though this approach seems to be tedious as well as impractical in order to achieve the access to the system manually. compared to the manual process computers with efficient processing speed can complete this task of going and trying through millions of dictionary words as the passwords. This is usually first approach used by attackers while attacking any password cracking attack to the information system as this can help them in successfully cracking the passwords in mere few minutes after starting the attack which eventually lead to securing the attackers from IDS.

following are the options that can be used with the commands that can help in exploring the actions that can be used for the attacks.

Options:

  -R  in order restore previous aborted or crashed attack session

  -S  in order to initiate an SSL connect operation.

  -s PORT   in order to define the default port if the application  is deployed on different port.

  -l LOGIN:  user id or the username for the attack using several logins from a specified FILE

  -p PASS provided password to try for an account or load several passwords from FILE

  -x MIN: MAX: CHARSET or the password in order to use them in brute force generation.

  server    the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)

  service   the service to crack (see below for supported protocols)

  -t   in order specify the number of tasks or number of connection tries parallel manner.  16 is the default value for this option.

  -w / -W TIME wait time for responses (32) / between connects per thread (0)

  -4 / -6   IPv6 or IPv4 addresses default is IPv4 it is recommended to use [].

  -v / -V / -d verbose mode for every attempt on the attack.

  -O    use old SSL versions.

-e nsr   for trying the null password for the accounts “r” for the reversed login

  -u    loop around users, not passwords (effective! implied with -x)

  -C FILE   colon separated file format for the password.

  -M FILE   list and details of servers which are to be targeted.

  -o FILENAME   write found login/password pairs to FILE instead of stdout

  -f / -F   exit when M: -f per host, -F global.

  -q  when specified then it does print messages related to the connection errors

  -U  service module usage details

   OPT   some service modules support additional input (-U for module help)

Techniques used by the tool to exploit vulnerabilities

In case of attacking a website with the login functionality over the http protocol using the post method and the used option from the Hydra is “http-post-form”.   One more example is cracking the applications that are using the FTP that can be exploited using the “ftp” option available in Hydra.

Before this the user have to find the information around the website that you want to get access to find out useful data from the website.  This kind of information can be found in the URL of the sites or “About” page of the sites of the application.

Different web applications used by the organizations are prone to the security   vulnerabilities based on the security properties which were not addressed by the developers or the security auditors. In order to detect, identify and address the vulnerabilities that  can be exploited by the attackers  can be assessed using the automated tools which can  help in saving  time as well as also defend the applications from numerous modern threat vectors used .

One of the most important points which needs to be considered by the attackers or security auditors that in most of the cases variable values such as username, password is not constantly the same for every information system.

The values differ depending upon the sites or the service of the applications. In case most of the sites with the weak security mechanisms the attacker can get the value from the page source in order to find out the variable in which the values are stored.

similar to the other penetration testing tools Hydra also has numerous parameters as well as options that can make the efficient in different scenarios. with the use of the help command Help for Hydra users can explore the options for carrying out the attacks and experiment with it.

Experimental setup and evidence of usage of the tool

in order to test the functionality of the Hydra tool we at first created a user account on the acunetix acuforum website as the demo website.  with the username and password “miststud” and “user@123”.

Following is the screenshot for the different options available for the Hydra tool.

 

following is the screenshot of the account which is created on accunetix and url is https://testasp.vulnweb.com/Login.asp?RetURL=%2FDefault%2Easp%3F

Following is the screenshot of the starting the attack from the GUI of the Hydra tool after confirming the text file that contains the possible passwords.  

following is the screenshot on which it is evident that we are using the “muststud” for the username and along with that we have specified location of the text file.

 

In the above image we have started the attack on the specified targeted website in order to get access to the concerned account of the user using the list of probable passwords.  

Conclusion

Use of the strong passwords is the most efficient way in order reduce the overall risk of a security breach1 through the password cracking mechanism. Furthermore, it can be stated that the with the use of the strong passwords it is also important to place effective security controls for securing the information systems. Effectiveness of used password on an information system mostly depends on the implementation and design of concerned authentication system on that specific system.

principally this is important to restrict the times until which password guesses can be tested by a user or an attacker. In addition to that, the way in which the passwords are securely passwords is stored in the database as well as transmitted in network transaction.  other than this threats there are also other techniques that poses the ability to breach the security of the information system which are not connected with breaking the password. These techniques include keystroke logging, wiretapping, social engineering, dumpster diving, side-channel attacks and other vulnerabilities of the information system.

 

Bibliography

Chatterjee, R., Bonneau, J., Juels, A., & Ristenpart, T. (2015, May). Cracking-resistant password vaults using natural language encoders. In Security and Privacy (SP), 2015 IEEE Symposium on (pp. 481-498). IEEE.

Golla, M., Beuscher, B., & Dürmuth, M. (2016, October). On the security of cracking-resistant password vaults. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (pp. 1230-1241). ACM.

Gong, C., & Behar, B. (2018). Understanding password security through password cracking. Journal of Computing Sciences in Colleges, 33(5), 81-87.

Kakarla, T., Mairaj, A., & Javaid, A. Y. (2018, May). A Real-World Password Cracking Demonstration Using Open Source Tools for Instructional Use. In 2018 IEEE International Conference on Electro/Information Technology (EIT) (pp. 0387-0391). IEEE.

Patil, D. N., & Meshram, B. B. (2016). Windows Password Vulnerability and Preventive Measures. Indian Journal of Computer Science• September-October, 13.

Shen, C., Yu, T., Xu, H., Yang, G., & Guan, X. (2016). User practice in password security: An empirical study of real-life passwords in the wild. Computers & Security, 61, 130-141.

Trieu, K., & Yang, Y. (2018). Artificial Intelligence-Based Password Brute Force Attacks.

Ur, B., Bees, J., Segreti, S. M., Bauer, L., Christin, N., & Cranor, L. F. (2016, May). Do Users' Perceptions of Password Security Match Reality?. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (pp. 3748-3760). ACM.

Yisa, V. L., Baba, M., & Olaniyi, E. T. (2016). A Review of Top Open Source Password Cracking Tools.

Zhang-Kennedy, L., Chiasson, S., & van Oorschot, P. (2016, June). Revisiting password rules: facilitating human management of passwords. In Electronic Crime Research (eCrime), 2016 APWG Symposium on (pp. 1-10). IEEE.

OR

Cite This Work

To export a reference to this article please select a referencing stye below:

My Assignment Help. (2020). MITS5004 IT Security. Retrieved from https://myassignmenthelp.com/free-samples/mits5004-it-security.

"MITS5004 IT Security." My Assignment Help, 2020, https://myassignmenthelp.com/free-samples/mits5004-it-security.

My Assignment Help (2020) MITS5004 IT Security [Online]. Available from: https://myassignmenthelp.com/free-samples/mits5004-it-security
[Accessed 24 May 2020].

My Assignment Help. 'MITS5004 IT Security' (My Assignment Help, 2020) <https://myassignmenthelp.com/free-samples/mits5004-it-security> accessed 24 May 2020.

My Assignment Help. MITS5004 IT Security [Internet]. My Assignment Help. 2020 [cited 24 May 2020]. Available from: https://myassignmenthelp.com/free-samples/mits5004-it-security.


Among all other essay topics, MyAssignmenthelp.com also provides help for compare and contrast essay topics. In this type of essay, it is essential to choose the right topic so that you have enough material to compare between two subjects. In case you had been ended up with a critical topic, ask help from Myassignmnethelp.com. We are happy to help you even in the last minute. Just ask us ‘write my paper for me’, and we will do the rest.
Our experts are available for 24*7 who can guide you on how to make a thesis statement. We have a separate department for editing who have access to different paraphrasing tools to give you a flawless paper.

Latest Programing Samples

MOD003218 Operating Systems

Download : 0 | Pages : 3
  • Course Code: MOD003218
  • University: Anglia Ruskin University
  • Country: United Kingdom

Answer: Commended Code: @echo off set Output="%USERPROFILE%\desktop" (this will create file in Desktop) type NUL>"%USERPROFILE%\desktop\Hello.htm" (REM This will empty the previous file) set /p Name=Enter your name: (REM ask for name) set /p Color=Enter font color (red, green, blue): (REM ask for color) set /p FontSize=Enter font size: (REM ask for font size) (REM enter your desired output here) set result=false (REM If else st...

Read More arrow Tags: Australia Arlington Management University of New South Wales 

COIT20245 Introduction To Programming

Download : 0 | Pages : 2

Answer: Test plan For this application we have used metric formula for calculating the BMI, which is given by,   BMI=Weight/(Height*Height) In order to test the application, we have used the following set of height and weight values for 10 persons.  For this, we have declared a variable N with the value 10 assigned to it.  Now following are the tuples that are used for the testing of the application. (1.25, 100), (1.35,95), ...

Read More arrow

ICT320 Database Programming Course

Download : 0 | Pages : 3

Answer: Data type Description Customer Table Field Datatype Reason CustomerID (PK) INT(4) Integer of maximum length 9999 Lastname VARCHAR(20) Variable length of 20 characters Firstname VARCHAR(15) Variable length of 15 characters Address VARCHAR(30) Variable length of 30 characters Postcode CHAR(4) Fixed length of 4 digits ...

Read More arrow Tags: Australia Granville Management COUNTERINTELLIGENCE University of New South Wales 

ICT321 Architecture And Systems Integration Details

Download : 0 | Pages : 6

Answer: Introduction  For an organization like GE, that depends on the internet and available data on the internet using different type of applications; it is important to maintain a IT infrastructure. This IT infrastructure should be capable of meeting all its requirements related to the data and computational activities. As GE has decided to go with SOA or Service Oriented Architecture for the future IT infrastructure, therefore it hav...

Read More arrow

ICT320 Database Programming And Submission Details

Download : 0 | Pages : 4

Answer: Introduction The company database is named has vehiclesellers.The database has several tables which contain different attributes. The scripts are exported from  wamp server. The vehiclesellers database has thirtyteen tables each with different columns and different types of datatype. Each table has its on primary key that uniquely identifies values of certain row from the table. Other tables also contain foreign keys.Below is a ...

Read More arrow
Next
watch

Save Time & improve Grade

Just share Requriment and get customize Solution.

question
We will use e-mail only for:

arrow Communication regarding your orders

arrow To send you invoices, and other billing info

arrow To provide you with information of offers and other benefits

1,316,470

Orders

4.9/5

Overall Rating

5,074

Experts

Our Amazing Features

delivery

On Time Delivery

Our writers make sure that all orders are submitted, prior to the deadline.

work

Plagiarism Free Work

Using reliable plagiarism detection software, Turnitin.com.We only provide customized 100 percent original papers.

time

24 X 7 Live Help

Feel free to contact our assignment writing services any time via phone, email or live chat.

subject

Services For All Subjects

Our writers can provide you professional writing assistance on any subject at any level.

price

Best Price Guarantee

Our best price guarantee ensures that the features we offer cannot be matched by any of the competitors.

Our Experts

Assignment writing guide
student rating student rating student rating student rating student rating 5/5

154 Order Completed

97% Response Time

Harold Alderete

PhD in Economics

London, United Kingdom

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

203 Order Completed

97% Response Time

Richard Alpert

PhD in Psychology

London, United Kingdom

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 4/5

2594 Order Completed

95% Response Time

Michael Johnson

Masters of MSc in Economics

Washington, United States

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

1592 Order Completed

96% Response Time

Jane Sima

Ph.D in Psychology with Specialization in Industrial-Organizational Psychology

Singapore, Singapore

Hire Me

FREE Tools

plagiarism

Plagiarism Checker

Get all your documents checked for plagiarism or duplicacy with us.

essay

Essay Typer

Get different kinds of essays typed in minutes with clicks.

edit

GPA Calculator

Calculate your semester grades and cumulative GPa with our GPA Calculator.

referencing

Chemical Equation Balancer

Balance any chemical equation in minutes just by entering the formula.

calculator

Word Counter & Page Calculator

Calculate the number of words and number of pages of all your academic documents.

Refer Just 5 Friends to Earn More than $2000

Check your estimated earning as per your ability

1

1

1

Your Approx Earning

Live Review

Our Mission Client Satisfaction

The work was great I loves how fast the work was done. The prices was great it was not expensive

flag

User Id: 433071 - 24 May 2020

Australia

student rating student rating student rating student rating student rating

The expert didn't address all aspects of the assignment also didn't get my solution on time

flag

User Id: 430334 - 24 May 2020

Australia

student rating student rating student rating student rating student rating

Assignment looks amazing. I hope to score well. Will soon share my grades. I would recommend people like me who are working for livelihood and have studies to complete to take up this site as your best buddy.

flag

User Id: 432467 - 24 May 2020

Australia

student rating student rating student rating student rating student rating

Team My Assignment, you are the best. Assignment was done and submitted and as a result, grade marking was 80. Once again thanks so much

flag

User Id: 392423 - 24 May 2020

Australia

student rating student rating student rating student rating student rating
callback request mobile
Have any Query?