DEV Community: Timothy Imanuel

Week 7

Timothy Imanuel — Mon, 13 Apr 2026 11:57:01 +0000

Ethical Hacking Week 7: Target Exploitation

This week, we’ve finally moved into the hands-on phase of the course: Target Exploitation. This is where we stop looking for doors and start attacking our target.

Metasploit

Our primary focus this week was the Metasploit Framework, the world’s most used penetration testing software. Metasploit is essentially a giant library of pre-made exploits, payloads, and auxiliary tools that simplify the complex process of attacking a target.

Exploiting EternalBlue

In our lab, we tackled one of the most famous vulnerabilities in recent history: EternalBlue. This is a flaw in the Windows SMB protocol that allows for unauthenticated Remote Code Execution.

Here is the standard workflow we used to compromise the target:

Search: Finding the right module for the job (e.g., search eternalblue).
Select: Loading the exploit module (e.g., use exploit/windows/smb/ms17_010_eternalblue).
Configure: Setting our parameters, like RHOSTS (the target’s IP) and the PAYLOAD.
Exploit: Running the command and waiting for the magic to happen.

The Meterpreter Shell

Once the exploit was successful, we dropped into a Meterpreter shell. Meterpreter is an advanced, extensible payload that runs in memory to avoid detection.

Common commands we used to control the target:

sysinfo: Displays the target's OS and architecture.
getuid: Shows which user we are running as (usually SYSTEM after EternalBlue!).
shell: Drops us into a standard Windows Command Prompt for deeper control.

The Rules of Engagement

Even in a lab environment, ethical hacking has strict rules. For our final projects, we have clear boundaries:

No DoS/DDoS: We are here to learn, not to crash the server.
Integrity: Never change passwords after gaining access.
Persistence: Leave a simple text file or post on the target to prove you were there.

Target exploitation is intense and requires precision. Seeing a session open for the first time is an incredible feeling, but it’s a reminder of why security configuration is so important.

Week 6

Timothy Imanuel — Mon, 13 Apr 2026 11:49:41 +0000

Ethical Hacking Week 6: Vulnerability Mapping

This week in Ethical Hacking and Penetration Testing, we go into the critical phase of Vulnerability Mapping. Once we know our target exists and what services it’s running, we need to find the vulnerabilities that they have.

What is Vulnerability Mapping?

Vulnerability mapping is the process of identifying, classifying, and prioritizing weaknesses in a system. Not all bugs are created equal, and understanding their origin helps us decide how to exploit or fix them.

The Three Main Types of Vulnerabilities

We categorize vulnerabilities based on where they come from:

Design Vulnerabilities: Flaws in the actual specifications of the software or protocol. These are "broken by design."
Implementation Vulnerabilities: Mistakes made while writing the code, such as poor error handling or logical flaws.
Operational Vulnerabilities: Weaknesses caused by improper configuration or poor deployment choices in live environment.

Local vs. Remote Attacks

Local Vulnerabilities: The attacker needs physical access or a local account to trigger the flaw. These are often used for Privilege Escalation (moving from a standard user to an Admin/Root access).
Remote Vulnerabilities: The attacker can trigger and exploit the flaw over the network without needing any prior access. These are the "holy grail" for external attackers.

Web Application Auditing

A large part of our lab focused on the unique vulnerabilities found in websites. We looked at how to audit applications for:

SQL Injection (SQLi): Attacking the database by inserting malicious SQL commands into input fields.
Cross-Site Scripting (XSS): Injecting malicious scripts into web pages viewed by other users.
Cookie Security: Checking for missing security flags like HttpOnly (prevents JS access) and Secure (prevents transmission over unencrypted connections).

The Pentester's Toolkit

To find these flaws efficiently, we use a variety of specialized auditing tools:

Burp Suite: The industry standard for intercepting and modifying web traffic.
Nikto / Nikto2: A powerful web server scanner that looks for dangerous files and outdated software.
SQLmap: An automated tool that detects and exploits SQL injection flaws.
W3af: A web application attack and audit framework.

Vulnerability mapping turns a list of open ports into a prioritized list of targets. By understanding the taxonomy of these flaws, we can move from simple scanning to high-impact exploitation.

Week 4

Timothy Imanuel — Wed, 11 Mar 2026 15:23:29 +0000

Ethical Hacking Week 4: Target Discovery & OS Fingerprinting 🎯🔍

In Week 4 of Ethical Hacking and Penetration Testing, we officially started mapping out our targets. Before you can exploit a system, you have to find it and figure out exactly what it’s running. This phase is all about Target Discovery and OS Fingerprinting.

Finding the Target (Discovery)

We looked at the command-line tools used to identify live machines on a network. The classic ping sweep is great, but we also explored arping, fping, hping, and nbtscan for mapping out local networks. For modern setups, we even touched on IPv6 discovery tools like alive6.

OS Fingerprinting (Who are we talking to?)

Once we know a machine is alive, we need to know what operating system it’s running so we can look up vulnerabilities. There are two ways to do this:

Active Fingerprinting: We send carefully crafted packets to the target and analyze the unique ways its TCP/IP stack responds. Tools like Nmap do this perfectly. It’s fast, but very noisy (firewalls will log you).
Passive Fingerprinting: We quietly sniff the network traffic without sending anything. Tools like p0f let us figure out the OS just by observing how the target naturally communicates. It's slower, but totally stealthy.

TCP vs. UDP (The Delivery Methods)

To understand port scanning, you have to understand how data moves across the network.

TCP (Transmission Control Protocol): Connection-oriented and highly reliable. It uses a strict 3-way handshake (SYN ➔ SYN-ACK ➔ ACK) before sending data, and will automatically retransmit lost packets and reorder them at the destination.
UDP (User Datagram Protocol): Connectionless and fast. It just fires datagrams at the target without checking if they arrive. It's up to the application (like DNS or SNMP) to handle lost data.

We also learned the layout of the port neighborhood:

0 - 1,023: Well-Known Ports
1,024 - 49,151: Registered Ports
49,152 - 65,535: Dynamic/Private Ports

Reading Port Scans like a Pro

When we use a network scanner like Nmap, Unicornscan, or Amap, the target's response tells us exactly what state the port is in.

Decoding a TCP Scan:

Gets a SYN+ACK? The port is open and listening.
Gets an RST+ACK? The target explicitly rejected you (Port Closed).
Gets an ICMP Unreachable or absolutely nothing? The port is Filtered by a firewall.

Decoding a UDP Scan:

Gets a UDP response? The port is open.
Gets an ICMP Port Unreachable? The port is closed.
Gets nothing? The firewall might be dropping it, or the inbound packet was blocked.

Wrapping Up

We are officially mapping networks! Understanding how TCP and UDP respond to our probes is the difference between guessing and knowing. Stay tuned for the next phase. Keep hacking!

cybersecurity #infosec #ethicalhacking #nmap #networking

Week 5

Timothy Imanuel — Tue, 10 Mar 2026 14:33:07 +0000

Ethical Hacking Week 5: The Art of Target Enumeration 🕵️‍♂️🔍

This week in Ethical Hacking and Penetration Testing, we moved into Enumeration—the intrusive phase where we actively communicate with targets to extract actionable intelligence like network shares, usernames, and passwords.

The Core of Windows Enumeration: NetBIOS

Because many attacks on older Windows systems still work today, enumerating Microsoft targets is a major focus. To do this, you must understand NetBIOS (Network Basic Input Output System).

NetBIOS Names: These are limited to 16 characters and must be unique on the network. The final character is a hex suffix that identifies the specific service running.
- <00>: Workstation service
- <20>: Server service (sharing enabled)
- <1C>: Domain Controller or IIS
Null Sessions: An infamous, unauthenticated connection to a Windows system that doesn't require a username or password. Surprisingly, it still exists on systems like Windows XP!

The Enumeration Toolkit 🧰

We covered a mix of command-line and GUI tools used to pull this data directly from targets:

Command-Line Essentials

nbtscan: Scans a range of IP addresses for NetBIOS information.
nbtstat: Displays the NetBIOS table of a remote machine.
net view: Checks for shared resources on a specific network host.
net use: Connects to those shared folders or files.

GUI & Advanced Tools

NetScan Tools Pro: Graphically maps NetBIOS services and verifies access to shared resources.
DumpSec: Connects to a server to "dump" detailed permissions, user tables, policies, and registry details.
Hyena: A management tool that visually maps shares, user logins, and terminal services.
Nessus Client: A heavy hitter that identifies OS versions, open shares, and even firewall vulnerabilities across large networks.

Beyond Windows

While NetBIOS is the star of the show for Windows, we also briefly explored service enumeration tools for other protocols, including Amap, Httprint, Httsquash, and Ike-scan.

Wrapping Up

Enumeration transitions us from passively "looking" at a target to actively "touching" it, giving us the exact keys we need for exploitation. Next week, we dive into Vulnerability Mapping!

Week 3

Timothy Imanuel — Sat, 28 Feb 2026 03:27:58 +0000

Week 03: Information Gathering and OSINT Tools

Disclaimer: The tools and techniques discussed in this blog are strictly for educational purposes.

This week in our Ethical Hacking and Penetration Testing class, we moved past the rules of engagement and into the actual **reconnaissance **phase. The focus was on utilizing search engines and Open Source Intelligence (OSINT) tools within Kali Linux to gather information about a target.

We covered three main tools that automate the process of scraping and connecting public data.

1. TheHarvester

The first tool is TheHarvester. Its primary function is to hunt down email accounts, usernames, and hostnames/subdomains associated with a specific target domain.

Instead of manually searching, TheHarvester automates queries across multiple search engines and databases. It supports scraping from sources like:

Google and Bing
LinkedIn and Google Profiles
PGP servers and Shodan

2. Metagoofil

While TheHarvester looks for accounts and domains, Metagoofil is designed specifically to extract metadata from public documents.

It works through an automated pipeline:

It uses Google to search the target domain for specific file types (like PDFs or Word docs).
It downloads all the discovered documents to your local disk.
It extracts the hidden metadata and generates an HTML report.

This is highly effective because metadata often leaks sensitive internal information, such as employee usernames, the software versions used to create the files, and internal server or machine names.

3. Maltego

The most visually complex tool we looked at is Maltego. It is an open-source intelligence and forensics application that maps out how different pieces of data are connected.

Instead of just giving you a list of data, Maltego builds a relationship graph. We use different "Palettes" depending on what we are investigating:

Infrastructure Reconnaissance: You can map out the technical footprint of a target by finding the relationships between domains, DNS names, IPv4 addresses, and net blocks.
Personal Reconnaissance: You can find relationships between people, linking them to their email addresses, phone numbers, mutual friends, companies, and social media affiliations like Twitter and Facebook.

Information gathering is about building a comprehensive profile of the target's attack surface before launching any exploits. We will likely use the data collected from these tools in the later stages of our semester project.

Week 2

Timothy Imanuel — Sat, 28 Feb 2026 03:20:04 +0000

Week 02: Testing Methodologies and the Rules of Engagement

Disclaimer: The tools and techniques discussed in this blog are strictly for educational purposes.

This week in the Ethical Hacking and Penetration Testing class, we focused heavily on the theory and legalities of penetration testing. Before we start actively breaking into systems, we need to understand the structural boundaries and the legalities involved

The Types of Hackers

The industry separates security personnel and attackers into a few distinct buckets:
Ethical Hackers: break into systems with permission to find the weak links and report them so the organization can patch them.
Hackers & Crackers: These are individuals accessing systems without authorization, often to steal or destroy data, which is a fast track to prison.
Script Kiddies: Young, inexperienced amateurs who just copy and paste scripts and techniques without actually understanding the underlying cod.

Penetration Testing Models

When executing a real-world test, your approach depends entirely on how much information the client gives you upfront.
White Box: You are given the full network topology and have authorization to interview the IT staff.
Black Box: You get zero details, and the internal company staff doesn't even know the test is happening. [cite_start]You have to find and map everything yourself.
Gray Box: A hybrid approach where the client provides you with partial information to start the engagement.

Red Team vs. Blue Team

Security operations are usually split into two opposing sides.
Red Team: Acts as the attackers, performing tests without the knowledge of the IT staff, usually to reveal system defense capabilities.
Blue Team: The internal team that defends the system. [cite_start]They are the opposing side of the red team.

The Legal Reality (UU ITE)

This is the most critical takeaway. [cite_start]Accessing a computer without explicit permission is illegal. [cite_start]Here in Indonesia, we operate under the UU ITE (Information and Electronic Transactions Law).

Under Pasal 31 (Indoneisan Law), intercepting or wiretapping electronic information or documents in a system you do not own is a crime.
Even seemingly harmless reconnaissance might be viewed as a violation depending on your ISP's Acceptable Use Policy.

The golden rule of penetration testing: Using a contract is just good business, and you should have an attorney read over your contract before signing it.

Week 1

Timothy Imanuel — Sun, 22 Feb 2026 12:14:55 +0000

Week 01: Course Setup and Kali Linux Installation

Disclaimer: The tools and techniques discussed in this blog are strictly for educational purposes. Do not use this information for illegal activities.

This week marks the start of the Ethical Hacking and Penetration Testing course at campus. The goal of this class isn't just to teach us how to run automated scripts (eg: becoming a script kiddie), but to actually understand how to find vulnerabilities, escalate privileges, and cover our tracks.

Before getting into the technical stuff, we went over the ground rules for the semester.

Class Rules & Expectations

The administration made a few things very clear on day one:

Collaboration vs. Cheating: Working together is encouraged, but outright copying is a hard no.
Attendance: Arriving more than 30 minutes late means you are locked out of the class and marked absent.

The Main Project

The core of this course is a hands-on penetration testing project that runs throughout the semester.

The Targets: We will be testing web apps, client/server applications, and a specific cloud environment prepared for the class.
Hard Rule: DDoS attacks against the targets are strictly forbidden.
Reporting: Everything we do has to be documented. This blog serves as my ongoing journal for the project. At the end of the course, we have to submit a final Penetration Testing Report and present our findings.

Lab Setup: Kali Linux

You cannot do penetration testing safely on your main host OS. You need an isolated virtual machine.

For our lab environment, we are using VirtualBox (or VMware) to run Kali Linux.

Minimum VM Requirements:

RAM: 4 GB
Storage: 40 GB (Running this on an SSD is highly recommended so it doesn't lag).
CPU: 2 vCPUs

Once the VM is set up and running, the baseline environment is ready.