C.S. Projects

Archive for the ‘Database System — Semester 3’ Category

Ethical Hacking — Week 5

Enumeration Target

In today session’s I learned about nbtscan,netbios,nbstat and other enumeration tools.

The command of NBTscan is nbtscan-unixwiz [IP address]. This is used to scan a range of IP addresses

NetBIOS stands for network basic input output system. It is a programming interface that allows computer communication over a LAN and is used to share files and printers.

Nbtstat is a enumeration tool that is included with the Microsoft OS.It displays NetBIOS table.

Other enumeration tools include NetScanTools Pro, DumpSec, Hyena.

NetScanTools Pro produces a graphical view of NetBIOS running on a network.It enumerates any shares running on the computer and verifies whether access is available for shared resource using its Universal Naming Convention(UNC) name.

DumpSec is a enumeration tool for Microsoft system. It is produced by Foundstone,Inc. It allows users to connect to server and dump permissions for shares or permissions for printers or permissions for the Registry or users in column or table format or policies and rights or services

Hyena is a excellent GUI product which shows shares and user login names for windows servers and domain controllers. It displays graphical representation of Microsoft terminal services and Microsoft Windows network and web client network and find user/group

Intelligent System – Week 5

Machine Learning And NaiveBayes

This week was an online class and I learned about types of machine learning, Supervised Learning, Unsupervised Learning and Reinforcement Learning. Supervised learning allows collection of data from previous experience. Unsupervised learning is finding unknown patterns in data and helps find features. I also learned about probability and Bayes Rule about probability. We got an exercise and had to submit through a link.

Ethical Hacking — Week 4

Target Discovery

In today’s session I learned about fingerprinting and nmap.

There are different types of fingerprinting, one of them is Passive fingerprinting. Passive fingerprinting is the practice of determining a remote operating system by measuring the peculiarities of observes traffic without actively sending probes to the host. No single signature can reliably determine the remote operating system.However, by looking at several signatures and combining the information, the accuracy of identifying the remote host increases. P0f and Siphon are examples of passive fingerprinting tools.Though Passive fingerprinting is powerful, it has limitations. The tools must reside in places that can sniff target hosts’ traffic.

nmap is a TCP/IP stack fingerprinting tool which tests the response of the remote system to undefined combinations of TCP flags, TCP ISN sampling, determining the default setting of the DF bit, TCP initial windows size, ToS setting, fragmentation handling and order of TCP options. nmap fingerprints a system in three steps:

1. 1.Port Scanning
2. 2.Ad-hoc forged packets sending
3. 3.Analysis of responses received and comparison against a database of known OS’s behaviour

Intelligent System – Week 4

Adversarial Search

This week I learned about Minimax Algorithm, Alpha-Beta pruning. I also learned about Non-Deterministic Games. I got 3 exercises which took a while to do.

Ethical Hacking — Week 3

Utilizing Search Engines

I learned about how to utilise search engines in today’s session.I used kali Linux tools to search in the internet to gather necessary information about the target.

The first tool I learned is theharvester.It collects information from Google, Bing, PGP and LinkedIn. The command is ./theHarvester.py -d target domain -l 100 -b google.

The next tool I learned is maltego.It is an open source intelligence and forensics application which shows how information is connected to each other. The main benefit of this is that relationships between various types of information can give a better picture on how they are interlinked and it helps in identifying unknown relationships.

I also learned about Google Hacking.Google hacking is the act of searching using google.com to find anything that is left behind by sys-admin or web developer that is not meant for public.It can be used to find out sensitive information or web configuration or sensitive documents.

I also learned about enumeration tools such as Goohost, Gooscan and Metagoofil.

Intelligent System – Week 3

Local Search

This week I learned about complete and localized searching. Complete searching is where every node is a solution and the operators go from one solution to another and can stop at any time. An example of this is the Travelling Salesman Problem. Localised searching is the one that considers only those solutions in the neighbourhood.

Ethical Hacking — Week 2

Target Scoping & Information

Gathering

In today’s session I learned about target scoping and information gathering.I used web tools for footprinting, learned more about competitive intelligence and described DNS zone transfers.

There are several steps in target scoping, first is gathering client requirements then preparing the test plan then profiling test boundaries then defining business objectives then finally project management & scheduling.

I also learned about analysis a company’s website. One of the tools to do this is called Burp Suite. Burp Suite is a powerful tool.

I also learned about setting up Burp Suite Proxy. In order to redirect traffic to Burp Suite,

1. 1.Click proxy-> intercept is on
2. 2.Click options -> proxy listeners set as default
3. 3.Open browser
4. 4.Click options in browser
5. 5.Set proxy as Burp Suite setting
6. 6.Enable Proxy for all protocols in browser

I also learned about other Footprinting tools. For example, Whois, which is a commonly used tool and Host command and SamSpade and Greenwich.

Intelligent System – Week 2

Uniformed and Informed Search

This week I learned about Searching algorithms. I learned search methods such as DFS (Depth First Search) ,BFS (Breadth First Search) , Iterative deepening depth-first search and Uniform Cost Search. I also got exercises to do which required me to understand these search methods.

Ethical Hacking — Week 1

Course Introduction, Preparation

and Testing Procedures

In today’s session, I learned about definitions of terms used in ethical hacking as well as the laws of ethical hacking.

Ethical Hackers are employed by companies in order to perform penetration tests. Penetration tests are legal attempt to break into a company’s network in order to find their weakest link.

I also learned the difference between hackers, crackers and ethical hackers. Hackers access computer systems or network without proper authorisation. This is breaking the law. Crackers breaks into the system in order to steal or destroy data. Hackers and crackers are considered the same. Ethical hackers performs the same activities, however, they have the permission of the owner.

I also learned about the different penetration testing methodologies.One of them is White box model, which is where the tester is told everything about the network topology and technology and they are authorised to interview IT personnel and company employees. Another method is the Black box model, which is where the staff do not know about the test and the tester is not given the details about the network.Another method is the Gray box model which is a hybrid of the white and black box models.

I also learned about the common techniques of penetration testing which is Passive Research, Open Source Monitoring, Network mapping and OS fingerprinting, Spoofing, Network Sniffing, Trojan attacks, Brute force attack, Vulnerability scanning and Scenario analysis.

Intelligent System – Week 1

Introduction to AI and Agents

Today, I learned about the basic concepts of what AI is. There are lots of definitions for it by different people. I learned that there are different approaches for AI such as Acting Humaly, Thinking Humanly, Thinking Rationally and Acting Rationally. I learned the foundations of AI, which are philosophy, mathematics, psychology, control theory & cybernetics, linguistics, neuroscience and economics. I also learned about phases of AI history and application domains of AI. I also learned about Intelligent agents and how they are defined, their performance measure and task environment. I also learned about environmental factors