Johanes Ronaldo

Just another Binusian blog site

Archive for March, 2018

Ethical Hacking Week 3

without comments

In today’s session, we further learn to gather information.

In the beginning, We use the command prompt and uses the command dig and host to find information about a website. I also find out about my version of kali linux by using the command “uname -a”,

 “uname -a”

my kali linux is version 4.14.0 . Next, i search for the founder of linux, and it is a man named Linus Trovalds. He is born in Finland on 1969. He made the first Linux prototype in 1991 and the version 1.0 of linux is released in 1994.

Linus Trovalds

Using the host and dig command i was able to find the ip address of a domain, and using whois command allow user to search for the people behind the website.

 Host Command

 Dig Command

 Whois Command

We also learn about an information to gather information on a person, one of the website used to do this is pipl.com.

We also know that Google can be used for hacking, by using Google dorks, we will be able to get some sensitive documents and informations.

Here is a link to know more operators to use:

https://null-byte.wonderhowto.com/how-to/use-google-hack-googledorks-0163566/

Before the class ends, we get another test. The test is fortunately open book but it is still difficult to complete. The test is about gathering information from a website by using all the tools that was learnt that day.

Written by jronaldo

March 14th, 2018 at 3:47 am

Posted in Uncategorized

Ethical Hacking Week 2

without comments

In this week we learn about the penetration testing methodologies, Undang-undang Informasi dan Transaksi Elektronik, as well as ways to analyze a company’s website.

We learn about a few penetration testing methodologies such as:

  • OSSTMM(Open Source Security Testing Methodologies Manual)
    • OSSTMM is about operational security
    • It is about knowing and measuring how well the security works
  • OWASP(Open Web Application Security Project)
    • Is focused on improving the security of the software

Next we learn about the law from the UU ITE. Not all places in the world have the same rule, hence we need to understand what is legal and what is illegal in every country. Some countries might consider having the tool to do port scanning is illegal while some countries allow the use of port scanning. Punishment for breaking the law is serious which is why we have to understand what the law is before doing anything wrong.

Next, we learn about ways to analyze a website. There are a few tools that is available to do it such as WhoIs which can be used to gather ip address and domain information. Another tool is the paros proxy, a website reconnaisance/vulnerability scanner used for getting vulnerability for a website. Whois command

This week i have already downloaded the Kali Linux and have gain access to the paros proxy. I first change the proxy configuration in the browser so that it utilize Paros as a proxy.

I used firefox in kali linux and click on the “preferences” tab of the browser.

Then go to the page above by clicking the Advanced setting and go to Network tab. and click on the “settings” button on the “Connection” part.

You will see the page above and you need to change the proxy setting from auto-detect to manual proxy configuration. and set the setting as above.

After it is done I visited a website, I can then see things like “GET http://www….”, the host, and many other. From the analyse tab i clicked on scan all. It took a while but after it is done, i click on the report tab and click last scan report. fI used the terminal to go to the report directory which is located in /root/paros/session and open the file in firefox by using the command “firefox <filename>”. There I can see the report from the paros scanning.

Lastly, before the class ends, we got a closed-book quiz based on what was taught that day and it was difficult.

Written by jronaldo

March 9th, 2018 at 12:27 pm

Posted in Uncategorized

Ethical Hacking Week 1

without comments

This is the first day of ethical hacking course, we learn about the work of an ethical hacker.

Ethical hacker is an individual who perform penetration testing with the owner’s permission. Unlike hackers or crackers, ethical hacker follows the rule of the law.

Penetration testing is a legal attempt to break into a company’s network to find their weak link.

There are a few models for penetration testing:

  • White box model
    • This model makes it easier for the tester to do their job
    • Tester are told everything about the network topology and technology
    • Tester is authorized to interview IT personnel and company’s employee
  • Black box model
    • Company’s staff do not know about the test.
    • Tester is not given details about the network
    • Is used to test security personnel if they are able to detect an attack
  • Gray box model
    • The tester is given partial information
    • Which is why it is a hybrid of white box and black box model

The homework for today is to learn about the law on ethical hacking in Indonesia by reading the ‘Undang-Undang Informasi dan Transaksi Elektronik’

How to install Kali Linux in a virtual machine:

  1. You need to install a virtual box inside your computer
  2. Click on the host to install the package:
    • Click windows host if you are using windows or click OS X host if you are using Mac
  3. Once the virtual box is installed go to “https://www.kali.org/”.
  4. Go to the Download tab and you will see another page like below
  5. You can then see the different versions of kali
  6. Download one of the kali (Mine is the Kali Linux 64 Bit which is 2.8G)
  7. Once the download is done, run the file it should redirect you to the virtual box
  8. Follow the instruction and then you will have your kali linux!

Written by jronaldo

March 9th, 2018 at 11:11 am

Posted in Uncategorized