JABATAN TEKNOLOGI MAKLUMAT DAN KOMUNIKASI

POLITEKNIK UNGKU OMAR

SESI 1 2022/2023

KOD KURSUS : DFS 40203

NAMA KURSUS : ETHICAL HACKING
PENILAIAN : CASE STUDY (PRESENTATION)

SESI SEMASA : SESI 1 2022/2023

SEKSYEN KURSUS : DDTS4A
NAMA PENSYARAH KURSUS : EN.MOHD NIZAM

ARAHAN PENILAIAN:
1. Jawab semua soalan dalam masa 30 minit
2. Jawapan adalah secara * individu/kumpulan (potong mana yang tidak berkenaan)

NO.
NAMA CLO MARKAH
PENDAFTARAN
01DDT21F1040 AARON JOSHUA A/L AROKIASAMY 1 100
01DDT21F1080 KAVINESH A/L GANESAN
2
01DDT21F1009 SIVANEKA A/P SEVAM
3

Jumlah 100

Disediakan oleh: Disemak dan Disahkan

oleh:

NURUL AHMAD NIZAM BIN TAHER

JABATAN TEKNOLOGI MAKLUMAT DAN
KOMUNIKASI
POLITEKNIK UNGKU OMAR
IPOH PERAK
 DFS 40203 | CASE STUDY (PRESENTATION)
CLO 2 | TOPIC 3 & 4 | 100 MARKS

CLO2: Demonstrate the effective leadership in performing penetration testing skills ( A4, PLO 5 )

Scenario:

The infamous hacking saga of Kevin Mitnick is always a good read for ethical hackers as well as
Tom Clancy fans. Mitnick’s hacking activities finally landed him in prison in 1995, but the events
leading up to the arrest read like a suspense novel. The noteworthy portion of the story is the fact
that Mitnick used IP spoofing and a form of TCP session hijacking to gain access to the resources
that inevitably landed him in hot water. This is not to say that all session hijacking leads to prison
time but rather to demonstrate that session hijacking has a usable presence in the real world. It’s
equally amazing to see just how real things can get when someone succeeds at hacking high-
profile corporations with such a conceptually straightforward attack.

Check out http://www.takedown.com for some details on the Kevin Mitnick story.

Task (Grouping):

1. Based on the Case Study assignment, present your finding within 15 – 30 minutes.
 SESSION HIJACKING ATTACK

1. Firstly, open the three virtual machine operating systems that are Kali Linux ,
Metasploitable and Windows 7.

Kali Linux

Metasploitable
 Windows 7

2. Open metasploitable and type ifconfig command to find out the ip address for
metasploitable.

IP address: 10.0.2.4
3. Open windows 7 and click on the start menu and type cmd and open cmd. start menu >
cmd.Type ipconfig command to find out ip address for window 7.

IP address: 10.0.2.5

4. Open Kali Linux and click on application icon and click all application and then search for
Ettercap application on the search bar and open the Ettercap application. For the password
part enter your Kali Linux password to enter inside the application.
5. After entering inside the application just keep everything in default and click accept icon
that is in the top. Then click on the ettercap menu > hosts > scan hosts to scan hosts. After
that click ettercap menu > hosts > host list makes the metasploitable ip address as target 1
and windows 7 ip address as target 2.

6. Open Wireshark application in Kali Linux, double click the eth0 port and then open
terminal emulator in Kali Linux and type ping 10.0.2.4 command to ping the metasploitable
ip address .
7. Click the MITM icon in the ettercap application and click the ARP poisoning option and
select the sniff remote connections and click OK to continue.
8. Go to windows 7 operating system and open google chrome search engine and search for
the metasploitable ip address that is 10.0.2.4.
9. Select the DVWA option and do the login using login id: admin and password: password.
Now the id and password will be captured by the etteracap application.
 RUBRIC LEADERSHIP (PLO5, A4, CLS3d)
CASE STUDY (PRESENTATION)

PERFORMANCE LEVEL
Criteria Excellent Good Moderate Poor Weightage Standard Score
4 3 2 1
Cooperation Highly Cooperative and Occasionally Uncooperative
cooperative and willing to listen or cooperative and and unwilling to
highly willing to support others to willing to listen listen to and
20% Score/ 4 *
listen or support complete tasks and support others to
20
others to support others to complete tasks
complete tasks complete tasks
Leadership Highly positive Positive in looking Occasionally Passive in looking
in looking ahead ahead and positive in looking ahead and
and supporting other ahead and supporting other
Score/ 4 *
supporting other team members to supporting other team members to 20%
20
team members complete team members to complete
to complete presentation complete presentation
presentation presentation
Interaction Able to interact Able to interact with Able to interact Unable to interact
actively with other group with other group with other group
Score/ 4 *
other group members with members without members without 30%
30
members with respect respect respect
respect
Delivery Able to engage Able to cover tracks Able to engage Unable to engage
-voice all minimal guidance some points all points
-clear points thoroughly Score/ 4 *
30%
explanation thoroughly 30
-preparation and creatively
-pronunciation
TOTAL /100

Course Policy Statements

• Assessment items submitted more than five working days after the due date are awarded zero marks. Course lecturer(s) may use their discretion in handling any unusual
cases of late submission/ absence for assessment activities on a case-by case basis, while adhering to the Head of Program.
• Politeknik Ungku Omar values academic integrity. Therefore, all students must understand the meaning and consequences of cheating, plagiarism, and other academic offenses
under the Akta 174 (Arahan-arahan Peperiksaan & Kaedah Penilaian (Diploma), Edisi 6, Jun 2019). Any plagiarism will be awarded zero marks.