Investigating vulnerabilities in a home network with Kali Linux

Hamadi, Ashraf

January 2019

The advancement of the internet across the globe has made computer users implement several ways of protection against possible network threats. The goal of this thesis is to analyse vulnerabilities and threats that may occur in a home network and design a vulnerability classification for home users with the help of Kali Linux. The classification is proposed and briefly evaluated. Computer network threats are also examined in this thesis together with the network vulnerabilities and corresponding network security recommendations for these systems. Home users have a need for security and privacy being provided. There have been a number of recent security breaches affecting home users leading to mistrust among the users. Due to different classification of threats, there is a need for a common threat classification scheme that can help to improve the understanding of threats among different researchers. This thesis focuses on investigating possible vulnerabilities in a home network and consequently designing a vulnerability classification for home users.

vulnerabilities

home network

Kali Linux

Classification

network security

Engineering and Technology

Teknik och teknologier

Soubor laboratorních úloh k demonstraci počítačových útoků / Collection of laboratory works for demonstration of computer attacks

Plašil, Matouš

January 2015

Diploma thesis describes published attacks on computers and computer networks. Principles of footprinting such as availability check, OS detection, port scanning were described. Next part explains attacks on confidentiality, integrity and availability. In the practical part were created four laboratory tasks and a virtual environment which allowed testing of ARP spoofing, DNS spoofing, SSL strip, Cross-site scripting, SQL injection, flooding attacks (TCP, ICMP, UDP), TCP reset and attack on operating system using backdoor with Metasploit framework. In practical part were also created video samples with attacks and documentation for teachers.

Web Penetration testing : Finding and evaluating vulnerabilities in a web page based on C#, .NET and Episerver

Lundquist Amir, Ameena, Khudur, Ivan

January 2022

Today’s society is highly dependent on functional and secure digital resources, to protect users and to deliver different kinds of services. To achieve this, it is important to evaluate the security of such resources, to find vulnerabilities and handle them before they are exploited. This study aimed to see if web applications based on C#, .NET and Episerver had vulnerabilities, by performing different penetration tests and a security audit. The penetration tests utilized were SQL injection, Cross Site Scripting, HTTP request tampering and Directory Traversal attacks. These attacks were performed using Kali Linux and the Burp Suite tool on a specific web application. The results showed that the web application could withstand the penetration tests without disclosing any personal or sensitive information. However, the web application returned many different types of HTTP error status codes, which could potentially reveal areas of interest to a hacker. Furthermore, the security audit showed that it was possible to access the admin page of the web application with nothing more than a username and password. It was also found that having access to the URL of a user’s invoice file was all that was needed to access it. / Dagens samhälle är starkt beroende av funktionella och säkra digitala resurser, för att skydda användare och för att leverera olika typer av tjänster. För att uppnå detta är det viktigt att utvärdera säkerheten för sådana resurser för att hitta sårbarheter och hantera dem innan de utnyttjas. Denna studie syftar till att se om webapplikationer baserade på C#, .NET och Episerver har sårbarheter, genom att utföra olika penetrationstester och genom att göra en säkerhetsgranskning. Penetrationstesterna som användes var SQL-injektion, Cross Site Scripting, HTTP-förfrågningsmanipulering och Directory Traversal-attacker. Dessa attacker utfördes med Kali Linux och Burp Suite-verktygen på en specifik webbapplikation. Resultaten visade att webbapplikationen klarade penetrationstesterna utan att avslöja någon personlig eller känslig information. Webbapplikationen returnerade dock många olika typer av HTTP-felstatuskoder, som potentiellt kan avslöja områden av intresse för en hackare. Vidare visade säkerhetsgranskningen att det var möjligt att komma åt webbapplikationens adminsida med inget annat än ett användarnamn och lösenord. Det visade sig också att allt som behövdes för att komma åt en användares fakturafiler var webbadressen.

Ethical hacking

Penetration testing

Cybersecurity

DREAD

HTTP

HTTPS

Episerver

Kali Linux

Burp Suite

SQL injection

XSS

HTTP Method Tampering

Directory Traversal

HSTS

IDOR

Authentication

MFA

Computer and Information Sciences

Data- och informationsvetenskap