C.S. Projects

Archive for April, 2020

Intelligent System – Week 8

Decision Tree

In today’s class, I learned about Classification, Regression and Clustering. I learned about the real life examples of them and I also learned about overfitting. I also learned why overfitting is not good. I also learned about Decision Trees. I found the decision tree algorithm quite confusing and it took me a while to understand it.

Ethical Hacking — Week 8

Social Engineering

In today’s session, I learned a bit about SET which stands for Social-Engineer Toolkit.SET is an open source penetration testing framework designed for social engineering. SET is a product of TrustedSec, LLC – an information security consulting firm located in Cleveland, Ohio.

There are several steps needed to install it. The first step is to go to your kali linux and in your terminal, type git clone https://github.com/trustedsec/social-engineer-toolkit/ setoolkit/.The second step is to type cd setoolkit, then the third step is to type pip3 install -r requirements.txt then the last step is to type python setup.py.

One of the things I learned about is CUPP which stands for Common User Passwords Profiler. This is a tool that is used to find valid passwords based on the target’s personal, psychological, and social characteristics.

The method I learned today was credential harvester attack. This is a method used when we do not want to specifically get a shell but perform phishing attacks in order to obtain username and passwords from the system. In this attack vector, a website is cloned and when the victims enters their user credentials, their usernames and passwords will be posted back to our machine.Afterwards, the victim is redirected back to the actual legitimate website.

Ethical Hacking — Week 7

DVWA

In today’s session, I learned about DVWA which stands for Damn Vulnerable Web App and how to install it. It has three levels of security, low, medium and high.

The first step to install DVWA is to go to kali linux and prepare the terminal and type sudo su. Then move the directory to /var/www/html by typing cd /var/www/html/then download the DVWA package by typing wget https://github.com/ethicalhack3r/DVWA/archive/master.zip. Afterwards, extract the file by typing unzip master.zip.

The next step is to move the master content to the current directory, type mv DVWA-Master/*./var/www/html. Afterwards, type chown -R www-data:www-data/var/www/html

Once installation is done, start the web server and database by typing service apache2 start; service mysql start. Afterwards, check mySQL server by typing mysql_secure_installation and press Y for every Y/N question asked.Type the IP address of your kali linux into the search engine of any browser. Then, you will be directed to DVWA setup.

The presence of any red coloured text indicated missing configuration, hence that must be fixed. Type mysql -u root -p in order set up the database for DVWA. You will asked to enter the password.

Afterwards, type create database [database name]; grant all privileges on [database name].* to dvwa_user@localhost identified by ‘[password]’; flush privileges;Then type quit to exit mySQL.

Edit the configuration in the config.inc.php and enter the details of the database created in the previous step. Refresh your browser, if there are no red coloured text then you have properly configured everything, or else check the previous steps again to ensure you did not make any mistake.

Press on Create/Reset Database You will see a login page, type admin for the username and password for the password. Afterwards, you will be able to see and use the tools available such as Brute Force, SQL injection etc.