DVWA installation
1.) Download the file.
2.) unzip master.zip
3.) move the content from DVWA-master to web root directory in /var/www/html and change and make them the owner
4.) start apache2 and mysql, then install mysql
5.) create database and give all privileges to a user
6.) open the config and change the config based on the database
7.) click create/reset database
The first week we are introduced to the basics of ethical hacking, such as the difference between hackers, crackers, and ethical hackers. ethical hacking means to hack after receiving permission from the owner, the goal is to find vulnerability, and increase the security of your website.
I download virtual box and installed kali linux inside the virtual box to be used
There are a total of 1.024 well known ports ranged from 0 – 1.023. I learned about bash scripting during the class, and that there are many types of scanning. I also tried to use unicornscan and compare it with nmap, the advantage of using unicornscan is that the scan is much faster than nmap, but unicornscan is not as detailed as nmap.
IP test
syn scan
ack scan
What I learned:
– name server is used to provide an IP address
– cloud flare put in front of IP will give a random IP address
– hacking use more than 1 tools
– cloud storage: storage internal or externally
– avoid using share folder to avoid being hacked easily
– NBT (NetBIOS over TCP/IP): tool for enumerating Microsoft OS
– mitrei.org: CVE number
I learned how to find operating system of a website using nmap
first we must find the real IP Address
then, use nmap IP Address -O
adding -sV the version of the open ports
I learned that IP address can be hidden by using cloudflare, and the importance of updating old record. Old record can be used to brute force and hack the new website that have been updated by using specific website to gather information, such as dnstrails.com. we can get the historical data of the website and get the old script that may contain vulnerable code of their old website like database, etc.
IP address
mail server that is used by google
DNS server
The things I took note:
– mailbox is based on pop protocol
– open ports means an open way to the system
– Linux Torvalds: creator of linux kernel(source)
– people are trying to migrate to v6, because v4 is running out
– every time packet is sent, it goes through the gateway(virtual machine) which is translated to public address
– every system have vulnerability
– DNS provides a local map, shows the record of server IP address and name
– SOA is DNS authority record
– google scholar to find articles(only the latest document), use sci-hub to open the pdf in google scholar
– google dorks find out some leaked information such as sensitive documents, sensitive information, web configuration, and backup files from domain
– backup files that forgot to be saved can be downloaded to find out all the information of the websites
– get hash value, open md5 cracker to get password
– do not store your password in clear text
– salt is used to randomize code even if they have the same password
– how linux stole password: create salt in value of 16bit(created from random number based on things such as date logged in), hash+salt value
– create longer password is harder to crack
– maltego tool is used to find relationships or connection
linux command:
– ifconfig (own information)
– host targetdomain(website information)
Theharvester -d targetdomain -l 100 -b google (backtrack: collect information from Google, Bing, PGP, Linkedin)
harvester is one of the tools used to collect information, it shows the emails and host of the target domain
Today, I learned about DNS, the way to do penetration testing by separating the people into 2 teams of attacker and defender, domain of OSSTMM, a bit of OWASP. I tried to use zap as a testing tool, zap is similar to paros proxy, it is a testing tool to test the security and vulnerability of your system.
First, scan the web which you want to find the vulnerability
Then, zap will show the possible vulnerabilities in the website in the form of alerts.
Clicking the alerts will show the description, and possible action to be taken to solve the problem
There are 3 buttons on the home menu, press the play button is to start the game, tutorial consists of instruction and how to play the game, and credits will show the source of our background and sprite.
The game is simple, the player must slice the sea animals before it goes outside of the layout and avoid the poisonous fish. There is power-up in the game to make it more interesting and enjoyable for the player.
The game will end when the player failed to slice 3 of the sea animals or slicing the poisonous fish.
Known issue(s):
The project that my team wanted to make in construct 2 is a slicing game. This game is made for kids around 4 to 7 years old. This game helps the children to learn more about sea creatures while also simultaneously lets them differentiate things faster and increase their reaction speed. Therefore, it can be said that this game will let the children have fun while also letting them to learn things at the same time.
My team decided to split our work before we start our project in construct2. I did most of the actions and events in the event sheets, while my teammate search for the images and audio, make the video, and help me in making some of the events.
This application is made for the FASTCABS company. This application allows the the user to add orders made by clients, show list of orders that have been made, the status of those orders whether it has been completed or not, update the order that have been made by the clients.
An order via call made by clients will be handled by administrative staff who operates the software in an office. There are two types of clients, Private and Clients. For Private type, the price will be vary subject to mileage while Business’ order type is more formal and requires contract agreement between FASTCABS company and the business clients, the price will be fixed subject to agreement of the contract.
This application runs on Visual Basic and MySQL Database.
At this main menu, users have several buttons and a table. The table is automatically loaded lists the details of all recent orders made by both Private and Business clients, the table shows information of clients such as name of client, address, phone, order date, mileage, order status and driver’s name.
Opening the combo box will display several list of queries to acquire information from database . After the user choose an option from the combo box and click the execute button, the program will display the table according to the option he/she choose. For example, when the user choose option (a) which is the names and phone numbers of the manager in each office, the application will execute the query for option (a) and show it in the table view according to the database.
The Clients button display a table containing clientNo, fName(first name), lName(last name), and address of the clients.
The Office button performs an action which will display a table that lists the details of all FASTCABS’ office including city and address of each office.
The ‘order’ button will display the clients order number, taxiNo shows which taxi are used, clientNo, pickupAddress tells the location where the clients get picked up, dropAddress show the destination of the client, city display which city did the clients order from, phoneNo tells the clients phone number in case of emergency, orderType told the user to pick whether they ordered taxi for private or business purpose, dateOrder shows the date they made that order, mileage tells the distance from pickup to destination, statusOrder determine whether the order have been completed or not, and price shows the price list.
The staff button will query and get details from database to show a table containing staffNo, fName(first name), lName(last name), phoneNumber, position, sex, officeNo, and dob(date of birth).
The taxi button display a table regarding taxi which contans TaxiNo which shows which taxi are being reffered, staffNo show which staff are using that taxi, location shows the area where the driver is patrolling, owner_id tells the id of the owner of the taxi, jobs shows how many jobs those driver have taken within a certain period.
Add Order Form will be displayed by clicked ‘Add Order’ button in the main menu. When an order is made, the user save the information of the clients and the orders through this form. There are city options, the name, phone number and address of the clients, the pick-up address, the drop-off address, date order, order no, client no, and also taxi no. Lastly the user choose whether the order type was private or business depends on the client. The user is required to click the submit button in order to store all the addOrder informations to the database.
This Update Form allows users to update the selected order on main menu’s table, Update form will prompt users for mileage, prices and status whether the order is incomplete or complete. The status, however will depend on driver’s report on radio.