Course Description:

This class embarks on an immersive journey into the world of ethical hacking and penetration testing with CYSE 450. This dynamic course provides students with a comprehensive understanding of the fundamental terminologies and cutting-edge tools essential for ethical hacking and penetration testing on the renowned Kali Linux platform. Delve into the intricate landscape of cybersecurity as you learn to identify and exploit vulnerabilities across diverse systems.

Throughout the course, students gain hands-on experience utilizing industry-leading tools and frameworks to conduct penetration testing on a variety of target systems. From dissecting the vulnerabilities of Metasploitable2 to navigating the intricacies of Windows XP/7 environments, students will develop proficiency in employing advanced techniques to assess and fortify cybersecurity defenses.

By the end of CYSE 450, students will emerge equipped with the expertise to navigate the complexities of ethical hacking and penetration testing, armed with the practical skills necessary to safeguard digital assets in an ever-evolving cyber landscape.

Course Objectives:
• Upon completion of this course, the student should be able to:
• Know the basics of ethical hacking
• Understand the laws that govern ethical hacking
• Complete scanning, enumeration, and system hacking
• Test and breach web applications and data servers
• Write scripts using Bash and Python
• Complete a penetration test and report

Projects:

Assignment 1 –

Task A of the assignment focuses on conducting a stealth scan using the nmap tool within the Kali Linux environment. The student is instructed to explore available nmap commands, then execute a SYN scan targeting the IP address of either Metasploitable 2 or a Windows virtual machine. This scan aims to identify open ports and services without triggering intrusion detection systems. Furthermore, the student is required to limit the scan scope to port 443 using the -p flag to demonstrate targeted scanning capabilities, which can reduce the chances of detection.

Task B involves performing a vulnerability scan using nmap scripts, specifically targeting a brute force attack on the username/password of the target machine (Metasploitable or Windows). The student is encouraged to refer to lecture recordings or online resources for guidance on executing this scan effectively.

Task C explores the concept of creating a secure hacking environment using a web-based proxy. The student is tasked with explaining the steps involved in setting up such an environment, emphasizing the use of HTTPS encryption, anonymity features, and verifying proper routing of network traffic through the chosen proxy server. Additionally, the purpose of the Macchanger tool in hacking is discussed, highlighting its role in manipulating MAC addresses for anonymity, evading network security measures, and simulating different devices for penetration testing purposes. However, ethical considerations regarding the legal and ethical use of such tools are emphasized, stressing the importance of obtaining proper authorization before conducting security assessments or penetration tests.

Assignment 2-

Task A of the assignment revolves around understanding the concepts of payload, bind shell, and reverse shell. The student is required to answer two questions related to these concepts. Firstly, they are asked to define what a payload is, emphasizing its role as the malicious component of malware responsible for executing harmful actions on compromised systems or networks. Secondly, they are tasked with explaining the difference between a bind shell and a reverse shell, highlighting the direction of the initial connection establishment in each scenario.

Task B involves practical steps to create a Reverse TCP payload for Windows using msfvenom and Metasploit. The student is instructed to launch msfconsole, display available payloads, and search for the desired payload type. Then, they are guided through the process of creating the payload using msfvenom, setting up an HTTP server, and executing the payload on the target Windows machine. Additionally, the student is directed to set up a handler in Metasploit to receive the connection from the victim’s PC and establish a meterpreter session. The detailed steps provide a hands-on approach to understanding how to create and utilize a reverse TCP payload for Windows.

Extra Credit offers an opportunity to perform keylogging in Windows using the meterpreter session created in Task B. The student is instructed to initiate keylogging, open Notepad on the Windows machine to type some text, and then retrieve the keylogged data using the keyscan_dump command in the meterpreter shell. This additional task extends the learning experience by demonstrating a practical application of exploiting a compromised system for gathering sensitive information.

Assignment 3 –

Assignment-8 for CYSE450 delves into the practical exploration of SQL injection techniques using Burp Suite, with a focus on error-based and UNION-based injection. The lab utilizes the Metasploitable2 VM environment to simulate real-world scenarios.

Task A familiarizes students with SQL statements within the MySQL environment of Metasploitable2. Initially, students log in to the VM and access MySQL as root. They execute various SQL queries to retrieve database information, select specific databases and tables, and fetch data based on specified conditions. The tasks progressively guide students through querying the database, culminating in understanding how to retrieve specific data entries using SQL statements.

Task B transitions to executing SQL injection attacks from a webpage, simulating the perspective of a front-end user. Students interact with the Damn Vulnerable Web Application (DVWA) hosted on Metasploitable2, setting the security level to “Low” for experimentation. They proceed to the SQL Injection tab, where they craft injection queries to exploit vulnerabilities. By utilizing UNION statements, students aim to retrieve sensitive information such as database names, table names, and column names within the DVWA database. The task concludes with students leveraging the obtained column names to extract and display usernames and passwords for all users in the users’ table.