





Prepara tus exámenes y mejora tus resultados gracias a la gran cantidad de recursos disponibles en Docsity
Gana puntos ayudando a otros estudiantes o consíguelos activando un Plan Premium
Prepara tus exámenes
Prepara tus exámenes y mejora tus resultados gracias a la gran cantidad de recursos disponibles en Docsity
Prepara tus exámenes con los documentos que comparten otros estudiantes como tú en Docsity
Encuentra los documentos específicos para los exámenes de tu universidad
Estudia con lecciones y exámenes resueltos basados en los programas académicos de las mejores universidades
Responde a preguntas de exámenes reales y pon a prueba tu preparación
Consigue puntos base para descargar
Gana puntos ayudando a otros estudiantes o consíguelos activando un Plan Premium
Comunidad
Pide ayuda a la comunidad y resuelve tus dudas de estudio
Ebooks gratuitos
Descarga nuestras guías gratuitas sobre técnicas de estudio, métodos para controlar la ansiedad y consejos para la tesis preparadas por los tutores de Docsity
Como hackear openadmin dfdssdfFSDFSDfsdfsdffdsf
Tipo: Resúmenes
1 / 9
Esta página no es visible en la vista previa
¡No te pierdas las partes importantes!






1. Objectives ● Describe risks, threats and impacts of each of the vulnerabilities found in “OpenAdmin” machine. ● Present an executive summary of the security of the machine that allows the owner to make decisions to improve the security of his device. ● Present recommendations that facilitate the mitigation of the risks of the device and thus improve its safety 2. Vulnerabilities found 2.1. The current version of "OpenNetAdmin" application it's easily vulnerable for malicious software. Threats - The current version of “OpenNetAdmin” found in the machine has an important security vulnerability that if it’s exploit, will give the attacker a free enter to the “wwwdata” user found in the server. This is a significally threat because not only compromise all the files that are found in "wwwdata" session, but also can compromise all the files and aplication found in the server and even the server itself, since this gives the posibility to the attacker to: download malware that affects the machine or try to get access to other sessions located in the machine. Evidence :
Calculation of security risks The following tool was used to calculate the security risks https://www.owasp- risk-rating.com/ Likelihood Factors Threat Agent Factors [0-9]
2.2. Save encrypted password in a file that runs through an open port Threats There are no restrictions for the user to navigate through this service. In this way, you can access the password hosted in this file, which works to enter a higher level user. Thus, you can have access to a user who has higher configuration permissions than the current ones and you will have the possibility of compromising a service or running a malicious program inside the machine. Evidence :
Calculation of security risks The following tool was used to calculate the security risks https://www.owasp-risk-rating.com/ Likelihood Factors Threat Agent Factors [0-9] ● Skill Level: 6 - Some technical skills. ● Motive: 4 – Possible reward. ● Opportunity: 6 ● Size: 9. Anonymous Internet Users Threat Agent Factor: High Vulnerability Factors [0-9] ● Ease of Discovery: 7 - Easy ● Ease of Exploit: 7 ● Awareness: 6 – Obvious ● Intrusion Detection: 8 Logged Without Review Vulnerability Factor : High Impact Factors [0-9] ● Loss of Confidentiality: 9 - All data disclosed ● Loss of Integrity: 4 ● Loss of Availability: 4 Overall Risk Severity: High Recommendations Do not store vital machine information in open ports Use a different and more secure type of encryption for user and administrator passwords. 2.3. Allow access to the administrator mode of a file with a non-root user. Threats
- The current version of "OpenNetAdmin" found on the machine has a significant security vulnerability such as allowing root access commands, even when they are not controlled by the user. This is a major threat because it omits sudo security policy, and any user can execute commands as if he were the system administrator.
Evidence : Security Impact Assets root Access Type of Asset Data Classification Anyone Impact to availability [1-5] 4 Impact to confidentiality [1-5] 5 Impact to integrity 5 Total impact 4 This vulnerability mainly affects confidentiality since a password is being accessed that the user should not have access to. However, the user do not have permissions to modify vital configuration files for systems or to modify credentials of other users.