Long Live Game

I didn’t notice that I accidentally skip some of the lecture to try and summed up. Specifically Lecture 5 and 6. It’s not like I haven’t done it. In fact, I did your exercise for this lecture. But I haven’t make a summed up version of this lecture yet.

In this Lecture, our goal will be to try to Enumerate our target. For this one, we don’t need to have Kali Linux, we only needed Windows command prompt because it was used for enumerating Windows OS.

Enumeration is used to collect information about shares on the network, User names signed to the network, and last time user is logged on.

Alright, let’s try to enumerate an IP address. We will be using nbtstat command for this. Let’s see what nbtstat has to offer.

We will try the nbtstat -A [IP address] first. Here is the result.

On the Wifi, it shows a NetBIOS Remote Machine Name Table. But what is NetBIOS? NetBIOS is stands for Network Basic Input Output System. It was a programming interface and it allows computer communication over a LAN (Local Area Network).

On the table there is some numbers beside the name. It was called suffixes. It was used to describe what the services is.

<00> is the Workstation service registered the computer name, or in other words NetBIOS name.

<20> is registered by the server register. The computer must has this service so they could share printers or files.

<1E> is signifies that Browser Service Election is running. Browser Service is is a feature of Microsoft Windows to let users easily browse and locate shared resources in neighboring computers.

Conclusion: You can use nbtstat to enumerate Microsoft OS. If you wanted to use it on Kali Linux, you need to download it first. It was used to show connections between computers and more.

In this one, I will attempted to download DVWA. For this post, I will try to download with the help of friend’s walkthrough because the pdf walkthrough is confusing.

DVWA Installation

First, we would need to change the directory first to /var/www/html . Then download the github zip using wget. wget stands for “web get”.

After getting the zip, unzip it using unzip command and the filename.

The ls command is used to list the names of the files and folders within the file system. While mv stands for “move”, which mv command purpose is to move files from one folder to another. Because I already move the files into the folder, it looked like this.

The chown command changes ownership of files and directories in a Linux filesystem. The R stands for “recursive”. It’s purpose is to operate on files and directories recursively. Enter each matching directory, and operate on all its contents.

Service command is used for starting or stopping  services by running a script. We will be running service mysql and apache2. ps aux returns the full command line of each process.

The last step for now is to install it. Write “Y” for all of it.

After this, you would need to put your Linux IP address to test if the installation is successful or not. Use ifconfig to find the ip address.

If it was working, it will be look like this.

We would need to open a certain file to continue our installation. Here is the steps:

gedit used to open this file:

You needed a recaptcha key for this. So let’s enter the link and get our key. I already make the site and get the recaptcha key.

Now put the keys into this file:

Then restart apache2 and service mysql.

Time to check if I have fixed the error. Open localhost/setup.php, and apparently there is two more error.

To change the allow_url_include, you need to get into php.ini first, so let’s do that.

At first I was confused how to open the php.ini file here. But apparently, I only need to used the Path written on Configuration File (php.ini) Path.

After using gedit php.ini, this file will appear.

Use search (Ctrl + F) to found allow_url_fopen and allow_url_include.

Turn it all into On and check if it’s work on setup.php. If it didn’t work, then it would means you have to change the settings in different php.ini.

Do the same process where you change all allow_url_fopen and allow_url_include into On, and it should be work now.

Now the next thing to do is fix the last error. It was kept inside the config.inc.php just like the recaptcha one.

Then change all of the settings for DVWA user.

After that, enter the mysql -u root -p to show the mysql setup. -u stands for username and -p stand for password.

After you filled all of the information, the MySQL data in Setup.php would change but the php gd error is not disappeared yet. Apparently you have to press Create / Reset Database

After click on that button, the login page would appear. This is what it looks like.

Open the README.md file so you would know what is DVWA username and password.

Apparently, I was actually configure the Kali Linux the wrong way. Took me way too long to ask my teacher. That is also because I thought I already did it correctly, but apparently I was wrong. I still did it wrong.

I can tell it was wrong because every time I turned off the Kali Linux, all of my progress is disappear. But at that time, I thought it was simply the part of the Kali Linux program so that no hackers could track my Kali Linux data and progress. So I always try to do everything from the lectures in one go.

And before we continue with how I (this time) fixed my Kali Linux, I also figure out that apparently Kali Linux has their own default password : toor. Because of this, I don’t have to turn off my Kali Linux again every time Kali Linux went to Sleep Mode.

1. I deleted my old Kali Linux

2. Open “File” and pick “Import Appliances”.

3. Import the Kali Linux file you download from www.kali.org

4. When click “Next”, it will show this new window. Click Import after you sure with the configuration.

5. Then open “Settings” to change some of the configurations.

6. In “General”, change “Type” to “Linux” and “Version” to “Debian (64-bit)”.

7. Then finally start the Kali Linux!

Conclusion: It has now finally working! None of my process has disappear now.

In this week, we were asked to utilizing search engine. In this case, we will be using Kali Linux for the hacking. Although to be fair I’ve already used Kali Linux for the previous Week 2.

Our goal is to use tools in Kali Linux and Google to utilizing search engine.

I can’t figure out how to use goorecon… But at least I can figure out how to use theharvester! The harvester is used for looking hostnames with same names. The image I used here is not exactly a good example for it.

This program is used to limited the search of domain names and sees how many websites has the same domain names. For this example I used, apparently wikipedia.net is either not a hostname, or I used the search results number too low.

Then I also try to use Maltego. Too bad I needed an account if I wanted to use the free version which I haven’t make. But at least I can show you what it looks like now.

For Google Hacking… It apparently used for make the search you do in Google is even more specific. You can even search for things that only appear in the url.

It’s actually work! I only don’t know how to specify it to a certain website I want to look into.

Conclusion: You can use this tools and Google to find more information about the website you’re going to hack.

This is the first day we are learning about Ethical hacking. Sir Charles Lim is the one that will mostly taught as about this.

Our Goal is to learn about Ethical hacking and its rules.

We were taught that ethical hacking is different from the usual hacking we heard in the medias. Ethical hacking means that you must have a permission by the owner to break into their networks security, or penetration test.

Penetration test is a legal attempt for the hacker to find the weakest link in the network. But they are not allowed to try to fix the issues, only report their findings. While for Security Tester, they are allowed to give solutions to protect the networks better.

Having a knowledge on programming languages like Perl, C, and Python would help with hacking even more. For the starter of hacking, it would be better if theu used Tiger Box, because it already has a lot of OS and hacking tools.

He reminded us that we would need to know the rules about hacking first before we try to hack anything.

The first step you have to do before hacking is to collect information about the networks you are going to break as many as possible, no matter how small the info is. Sir Charles Lim shared with us a lot of interesting website we can use for helping us to collect information necessary to help us hacking.

This websites above show all the tools could be used for looking information.

Using this both websites, I used an IP address to find more information about the network like the location.

Conclusion:

Knowledge is power. That’s the reason you can’t hack without this information.

In my latest final project, me and my partner were ask to make a game for target user between 5 until 8 years old. My part were mostly to create sprites and assets for the game. The sprites will be put in another posts.

This is what the team consist of:

Brigitta Gloria Hegarini/2001586193

Ikhwan Fikri

Welcome to Binusian blog.
This is the first post of any blog.binusian.org member blog. Edit or delete it, then start blogging!
Happy Blogging 🙂