ETHICAL HACKING security, Assignments of Cryptography and System Security

Ufonet is a python3 based tool which has many features.

Typology: Assignments

2020/2021

Uploaded on 06/16/2021

saleh-muataz
saleh-muataz 🇲🇾

4.3

(4)

9 documents

1 / 13

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CT080-3-2-EHIR
ETHICAL HACKING
INTAKE CODE: APU2F2006IT(ISS)
LECTURER NAME: NIK NURUL AIN BINTI NIK SUKI
HAND OUT DATE: 20TH OF DEC 2020
HAND IN DATE: 19TH OF FEB 2021
1
CT080-3-2-EHIR
pf3
pf4
pf5
pf8
pf9
pfa
pfd

Partial preview of the text

Download ETHICAL HACKING security and more Assignments Cryptography and System Security in PDF only on Docsity!

CT080-3-2-EHIR

ETHICAL HACKING

INTAKE CODE: APU2F2006IT(ISS)

LECTURER NAME: NIK NURUL AIN BINTI NIK SUKI

HAND OUT DATE: 20

TH

OF DEC 2020

HAND IN DATE: 19

TH

OF FEB 2021

1

Table of Contents

SECTION A................................................................................................................................................................................ Introduction to ufonet............................................................................................................................................................. Impact of Ufonet...................................................................................................................................................................... Scenario to describe the attack of nature................................................................................................................................ GENERAL FUNCTIONALITY OF UFONET:................................................................................................................................... Steps on how to use tool......................................................................................................................................................... Python3 setup.py install........................................................................................................................................................... Python3 ufonet........................................................................................................................................................................ Critical analysis of Ufonet........................................................................................................................................................ SECTION B................................................................................................................................................................................ Memory Dump......................................................................................................................................................................... MEMORY DUMP................................................................................................................................................................... CONCLUSION:.......................................................................................................................................................................... References............................................................................................................................................................................... 2

an impact on their loss of logistics financially and left them with an unravelling situation that was an infected system.[ CITATION Jos211 \l 1033 ]

GENERAL FUNCTIONALITY OF UFONET:

If you want to find zombies for your attack through ufonet then that feature is also available. Ufonet allows users to search zombies manually and automatically. In auto search, ufonet will search for random queries and give you results. Whenever any zombie will be found, the UFOnet will say the victim was found. Command for auto search is: Python3 ufonet --auto-search [ CITATION won21 \l 1033 ]

Steps on how to use tool

Cd Desktop It is used to move from root directory to Desktop directory. Git clone [ CITATION git20 \l 1033 ] Git clone is used to clone ufonet from github to our system. Git clone will create a folder named ufonet and all tool files will be downloaded in that folder. Cd ufonet Change directory from Desktop to ufonet folder.

Python3 setup.py install

As ufonet is built on python3 so we will use python3 setup.py install which means all required python directories will be downloaded into our system and will be install. 4

Python3 ufonet

Home view of ufonet tool form where we can see all features of ufonet tool. Python3 ufonet -a [ CITATION ddo21 \l 1033 ] 5

SECTION B

Memory Dump

The method of taking all data material into RAM and writing it to a hard disc is a memory dump. Developers typically use memory dumps at the time of a crash to capture diagnostic information to help them fix problems and learn more about the case. Memory dump knowledge can assist engineers in correcting bugs in operating systems and other applications of all sorts. Some programming errors will not be restored because they require a reset to restore functionality, but the data contained in RAM at the time of the crash retains the code that caused the error. Memory dumps store information that may otherwise be lost due to the unpredictable existence or overwriting of RAM. In Microsoft operating systems, memory dumps are shown on the blue death error screen.[ CITATION Tec16 \l 1033 ] Some simple recommendations, details and a fault module are seen by the errors, while the percentage of memory written to storage counts. After rebooting, the memory dump can be submitted for review to Microsoft to help the organization correct the problem in patches and learn about utilization. [ CITATION Tec211 \l 1033 ]

MEMORY DUMP

a) volatility_2.6_win64_standalone.exe -f cridex.vmem imageinfo 7

  • Imageinfo is used to get infected system information from which the attacker can figure out what process could be working, what attack was used and many other things. b) volatility_2.6_win64_standalone.exe -f cridex.vmem --profile=WinXPSP2x86 pslist
  • Pslist helps attackers to find out progress of the system. In the following figure we can see offset, name, PID, PPID, Threads, Handles and start/exit date and time of the process. c) volatility_2.6_win64_standalone.exe -f cridex.vmem --profile=WinXPSP2x86 pstree
  • Pstree is basically an alternative to pslist which is used to enumerate the process. The only difference is that Pstree shows the output as a tree. 8

f) volatility_2.6_win64_standalone.exe -f cridex.vmem --profile=WinXPSP2x connscan

  • Connscan is used to check connection scans to a remote address. g) volatility_2.6_win64_standalone.exe -f cridex.vmem --profile=WinXPSP2x86 sockets
  • Sockets help attackers to find out which ports are open which can be remotely accessed. 10

h) volatility_2.6_win64_standalone.exe -f cridex.vmem --profile=WinXPSP2x procdump -p 1136 --dump-dir.

  • Attackers can create dumped .exe files from the infected system ram into the directory. i) volatility_2.6_win64_standalone.exe -f cridex.vmem --profile=WinXPSP2x memdump -p 1136 --dump-dir.
  • Attackers can dump memory of infected system ram. 11

References

CITATION BAR16 \l 1033 : , (BARROW, 2016), CITATION eha16 \l 1033 : , (ehacking, 2016), CITATION ufo21 \l 1033 : , (ufonet, n.d.), CITATION clo21 \l 1033 : , (cloudflare, n.d.), CITATION Jos211 \l 1033 : , (Fruhlinger, 2021), CITATION won21 \l 1033 : , (wonderhowto, n.d.), CITATION git20 \l 1033 : , (github, 2020), CITATION ddo21 \l 1033 : , (ddos, n.d.), CITATION Tec16 \l 1033 : , (Contributor, 2016), CITATION Tec211 \l 1033 : , (Contributor, n.d.), 13