Ethical Hacking and Digital Forensics

1. Ethical Hacking Tool - Executing vulnerabilities assessment tasks using legion

network penetration testing tool that aids in discovery, reconnaissance and
exploitation of information systems

1.1 Aim:
Perform network penetration testing framework using Kali Linux and adding
targeted websites.

1.2 Tools and Techniques:

The Information Gathering and vulnerability Analysis tool is LEGION.

1.3 Algorithm:
Run the Legion on Kali Linux to assess Yahoo, Hack the Box, CTFlearn,
HackThisSite and Google Gruyere websites using either the Easy or Hard
scanning method.

1.4 Methodology:
The tool (Legion) can be accesed via
i. The terminal emulator
ii. Kali Graphical User Interface

Step 1
Terminal Emulator Method
Usually, Legion tool comes pre-installed with Kali Linux but, if we need to
install it, we can run the following command:
sudo apt-get install legion -y

Below is Figure 1.1 showing output after running the command

After the complete execution of the above command, you can start the legion
tool from any terminal by the command “sudo legion” command.
sudo legion

Below is Figure 1.2 showing output after the sudo legion commnad

Kali Graphical User Interface method (Figure 1.3)

To access Legion toolkit, open KALI Linux and:
1. Click the Kali start icon
2. Click Information Gathering or Vulnerability Analysis
3. Click to choose legion

Below is Figure 1.3 showing the steps to launch legion from Kali Linux
 After clicking Legion, you will prompted to enter the sudo password for Kali and then you get
(Figure 1.4), the same interface which popped in Figure 1.2

Below is Figure 1.4 showing output after launching Legion

There are three main sections of the dashboard. The input section is on the left side
with Scan and Brute as core functionalities of Legion. The output is on the right-hand
side of the dashboard.
The Scan option in the input section performs host discovery, information gathering,
and vulnerabilities finding tasks. The Brute option can be used to brute-force a target
host.

Step 2

In the Hosts section, we have an option to add hosts to the scope. Click the
Add Icon (+) to add target hosts, IPs, IP Ranges or websites to be scanned

Below is Figure 1.5 showing how to add target hosts to be scanned

Click to Add
Hosts

Step 3

Add Host / IP / IP Range / websites to scan the host’s ports, Host details and
Click Submit.

Here we can add a single IP, a range of IPs, or hostnames in the section. In
order to add multiple targets, separate them with a semicolon.
Then there is the option for Mode Selection, in this section, we have Easy and
Hard mode. In Easy mode, we got nmap scanning options like staged scan and
nmap host discovery. In Hard mode, we get options like host discovery,
custom port scanning, and custom discovery options. In the additional
arguments we have -O flag for OS detection and -sV flag for service version.
Below is Figure 1.6 showing hosts, mode selection and other options which
can be chosen to initiate scanning Yahoo, Hack the Box,CTFlearn,
HackThisSite and Google Gruyere websites

When the scanning process is initiated, Legion starts populating the live hosts
on the left-side of the interface with scan results on the right-side.

Below is Figure 1.7 showing population of live hosts and scan results in
progress
After adding the host, Legion will start the process to scan the host, you can see
(Figure 1.8) the tools like nmap and screenshot are scanning the host.

Below is Figure 1.8 showing some of the tools scanning the hosts

After completing the process, you can view the output of the Legion scanner.

1.5 Results:
We can analyze the scan results by clicking on the tabs in the right section. For
example, if we click the Information tab as in Figure 10 below, we can see the
host status, MAC address, and OS information.
 Below is Figure 1.9 showing results on the information tab

We can explore the attack vectors (vulnerabilities) by clicking the additional tabs after
Notes for example you can see the screenshots scanned details

Below is Figure 1.10 showing results of screenshots

The aforementioned scan results are the outcome of default modules triggered by
Legion. We can expand the scan results by initiating more tools and scripts
through Services and Tools options in the input section.

Figure 1.11 showing the ports opened based on the service running the target
machine.

Figure 1.12 showing the tools are processed automatically by Legion

Demonstration Video
The demonstration video for Legion is available on the following link:
https://youtu.be/BW3VmrB4Jow
2. Digital forensics Tool - Performing email forensics investigations using Email
Dossier and Email Header Analysers

2.1 Aim:
Perform email forensics investigations using email forensic tools Email
Dossier and Email Header Analysers to collect credible eveidence during
forensic processes.

2.2 Tools and Techniques:

The digital forensics tool on emails is Email Dossier.

2.3 Algorithm:
Investigate email address on the Email Dossier website
(https://centralops.net/co/EmailDossier.aspx)
Analyse email header on:
i. Trace Email Analyzer fom MyIPAddress website
(https://whatismyipaddress.com/trace-email)
ii. MessageHeader provided by Google Admin Toolbox accessible on
https://toolbox.googleapps.com/apps/messageheader/analyzeheader.

2.4 Methodology:
Step 1
Open the online website for Email Dossier and enter the email address whose
emails will be investigated as shown in Figure 2.1 below.

Figure 2.1 showing Email Dossier interface

Step 2
Open any one email from the mailbox used on our Email Dossier in Figure 2.1
above.
Look for settings to Show Original email as shown in Figure 2.2 below
 Figure 2.2 showing Email and option to show original email format

The original Message is shown as in Figure 2.3 below

 Step 3
Copy the header component of the message. Open MyIPAddress website
(https://whatismyipaddress.com/trace-email) and paste the email’s header to the site’s
Trace Email Analyzer (Figure 2.4) to find email sender details (Figure 2.5)

Figure 2.4 showing Trace Email Analyzer

2.5 Results:
- Results analysed by Trace Email Analyzer are as in Figure 2.5 below

Below is Figure 2.5 showing Analysis results

Sender details from the Analysis report in Figure 2.5 above include:
- Time and dates the email was received at each hop
- the source host name and source IP Address at the end.
MessageHeader provided by Google Admin Toolbox accessible on
https://toolbox.googleapps.com/apps/messageheader/analyzeheader can also be used to analyse
the header. The results are shown in Figure 2.6 below.

Figure 2.6 showing Messageheader from Google Suite

In digital forensics, email analysers are used to track and get any communication trails by
gangs, robbers, cahoot of frauds, etcetera as evidence for court processes. Email forensics
is the study of source and content of email as evidence to identify the actual sender and
recepient of a message along with some other information such as date/time of
transmission and intention of sender.

Demonstration Video
The demonstration video for Legion is available on the following link:
https://youtu.be/BW3VmrB4Jow