Itnet302A Penetration Test And B2R Assessment Answers

Your first task is to complete a penetration test against the target box (10.222.0.251) including identifying vulnerabilities, exploitation of vulnerabilities (where applicable) and creating a report summarising your penetration test. The term “vulnerability” should be considered to include anything that poses a security risk, such as:

• Out of date software
• Misconfigurations
• Weak credentials

Answer:

Generally the kali Linux is used to the testing such as penetration testing. The penetration testing has three types. They are white box testing, black box testing and gray box testing. For eh penetration testing the kali Linux and other kind of tools are used. The intelligence of network is found using the target system. And this target is used to collect the information. The target identification is essential for provide the details about the customer. Using this data we can obvious search out the great flow to approach the important outputs. Reconnaissance resources are also known as detail collecting process done by kali Linux. The major goal of reconnaissance is use applications and services, acknowledge the types of system, social engineering information, and also document information. We know that, in kali Linux we are using several tools and these types of tools are also known as vulnerability analysis. The assessment objectives are done the below resources, such as asses the target system vulnerability, priority of vulnerable system, mapping the vulnerable system, and problem discovery.

Scope

The net server is analyzed by using kali Linux. Net server is known as the main server and it contains the services and this is used to the products. And these kind of server is used as the framework. And this server appear like generic server and also it includes the single connection server. We need to study the important objectives for analyze the net server. So in this situation we are using the penetration testing. The major for using this system is the weak points of the system is easily recognized. After the penetration analysis is completed by using the kali Linux, and then we need to perform the Boot to Root activity.  The target range is known as 10.222.0.251 and 10.222.0.252.

Testing Methodologies

Reconnaissance

Reconnaissance phase is define at tester gather original and possible information and attack aimed systems or applications. Target range of reconnaissance is under third parties. Tester use for reconnaissance test classified in two types, passive and active. Active reconnaissance is not invisible interact can be straightly conversation is liked. Invisible interact means not straight conversation. Passive reconnaissance capture all details and without face to face communication with aimed systems.

Scanning

Scanning means tester can check previously all data and vulnerabilities, worth able files or documentation. Is called sample attack. Scanners followed many tools for finished the work. Also find the target place and use some tools, to use open the ports on current systems. Scanning process in detect any weakness that be explained at entire network access. Managing the all tools and fixed suitably tool at types of weakness system, important role of scanning.

In this process the security test was carried out to check whether the system have any flaws. So the checking of the flaws in the system was known as scanning. Here we check the confidentiality of the system. Also the authentication system undergoes to the test. In this stage any weaker area of the network system was identified.

Exploitation

To find first system weakness, after catch many weakness to cross the over rule in the security. To get many workstation and application for exploitation work freely available. They important tools used for exploitation work and get result as fast, core impact, canvas, database map, nets parker.

Post-Exploitation

This methodology refer to relative automation value is calculated by the worth full of the database system. It also helped to classify the machine extra exploiting works. Post exploitation check the follow infrastructure as, configuration network, interfaces. Find track the any application or bugs. Easily extend the connectivity from one or more system. This techniques will establish the some manageable works and to created legal way to access aimed networks.

Clearing tracks/reporting

The reported of penetration testing easy knowledge to understandable. This report help to what kinds of work can makes in our system or client it systems usefully. Refer to other person with testing of methodology helped to this documentation. This testing used for no unwanted person or hackers not easily allowed for this testing. Which strongly at vulnerability parts all of place in system. You want check to make hack with own entire systems. This reporting presented at various ways at, executive level and technical reporting.

Findings Summary

In the risks analysis the list of vulnerabilities are shown and the solution for the vulnerabilities are found, explained about the vulnerability result. And the attacks are shown using the kali Linux and also the risks are analyzed by the range. And in that each risk has own value and specified based on each criteria. And the penetration has implemented using the kali Linux with VMware. And also the attacks are analyzed through the implementation.

Risk Assessment Criteria

The risk is find based on the effects and it can be medium, low, high and extreme. And in that number of faults are eligible with low and medium. And in this analysis the medium and high risks are identified and there is an option discard and it is mentioned for low chance to get a risk. And another way the risks are recognized and documented. And the risk defined by moderate, low and critical based on the risk it planned the impact zone.

Likelihood (Weight Factor)	Definition
High (1.0)	The hazard cause is extremely drive and adequately continuous, and management to avoid the weak from being practice are ineffective
Medium (0.5)	The menace cause is drive and continuous, but management are in location that may block great full practice of the vulnerability.
Low (0.1)	The cause of hazard many number of thinking or continuous, or management are in area to block, or at low number of impede, the susceptibility from being made.

From the vulnerability analysis we have found the risks as high risk and also the medium risk. And the risks are analyzed depending on the vulnerablity and attack. If it is high risk it used to control the vulnerability and the medium has some range and in this threat source is capable.

In the high risk it analyzed through the conclusion as weak password for the system. So the risk is considered as high risk . And in the medium risk is analyzed through the conclusion as affects in the server.

Penetration Test Findings

Penetration testing track some risks or faults. This risk which type can be measured and splitted at high, low, medium. They results are described below at screen shots,

Website Penetration Testing

ZapProxy Tool

It is one of the tools of website penetration testing. It is mainly focused on identifing the affects of this testing. It can be handled in easy way to access. This is important benefits of Java interfaces.

The following steps are categorized with this testing as how to identify the affects of these testing.

In this step, its open the Owaspzap tool in the Kali Linux at the following operation such as first select the applications tag and go to the owaspzap tool from the web application analysis part.

If the Owaspzap tool is open, it choose the option of the start button to be pressed. Finally, enter the URL link of addressing the attacks to be tested.

From the testing we got the reports of output, action, alerts regarding to the given ip range such as 10.222.0.251.

Database tools usage

Sqlmap

It is an open source tools of this testing. It can be identified and detected automatically. The following features can be characterized with a commands to be compiled at the file system, data retrieving from the database, wide range of switching and accessing some file system under. The most important thing is more powerful to detect the engine.

The following steps are involving to open the sqlmap tool and performing the detection to be identified.

This is a sqlmap tool as show in that picture. It can be detected the effects of some attacking to be configured.

From the testing with the database tool has configured and got the vulnerable in the kind of username and the details are provided in the diagrams mentioned above.

Sqlninja

This part can be injected with the Microsoft SQL server and accessing with the graphical interfaces such as GUI. It can be used as the exploits of vulnerabilities. The following picture can be expressed as the sqlninja has been shown.

This is the open tool of sqlninja in which detect the vulnerabilities of the attacks. It can be formulated to go through the following link as choose the sqlninja from the applications including with the Database Assessment.   

CMS Scanning tools

JOOMSCAN

It can be mainly focused as the identity of the attacks to prevent the security aspects of the scanning mechanism to be deployed. The important configuration of this tool is its flexibility. The following picture is explained about the scanner tool of the Joomscan.

The following steps are considered to the security weakness to prevent its operationability from the web masters.

This is the picture of the detecting the security weakness as the Joomscan tool has shown in the figure.

This picture has shown in the scan the URL link from the websites to detect the victim. Then the result made upon from the victim of the databases has been stored. From this scanning we got vulnerablities with the given ip range and that details mentioned in the above diagrams.

High Risk Findings

From the vulnerability analysis it seems to be high risk in the form has weak passwords for the authentication and the administration has the weak password. And here more techniques are used to solve the weakness in the password so resolving this by the way of making strong password.

Description

The head or administration seems to be weak password.

Impact

The impact of this has to lead the usage of techniques and solved by using the interface. And the text of the password should be encrypted.

Resolving method

Make the interfaces with the complex passwords.

Another risk findings made on the port no 445 analyzed through the running server. And the vulnerability known as ms17 and the attack such as wannacry in the exploit and create the vulnerable attack in the network.

And from the nmap scanning the port is analyzed as 49152 and it is described as a secret scanning reports. And this method is used as the web interface using the port no such as 49152 to run in the server. This affect as vulnerable attack to get the details about the data and files about the login details. And for the simple service 4915 ports are used.

Boot 2 Root challenge

The boot to root challenge is worked in protect and also used in loading as good as helped to generate he vulnerable. It has many number of exploitation to bring the approach of the root as privileged.

Exploitation

Using metasploit

This metasploit attack is considered as distribution of the kali Linux. And it has msfconsole to make the process. And for the target address the exploitation is mentioned below.

In the above one it shows about the database creation for that msf console.

In the above one the vision of the console shown with the corresponding details.

In the below diagram it displays the options of the auxiliary attack used in this attack.

In the above one the target ip was provided as 10.222.0.252 to the exploitation using the msf console.

Result

From the metasploit exploitation the given ip address taken as the target and get analyzed by the command such as RHOST and done exploit with the syn flooding. So it has the exploits with the given target range.

Using Armitage

The Armitage is known as a complement tool and used to metasploit kind of target vision. And for this kind of exploits the screenshots added below.   

In the Armitage exploits it first get the target range to connect with the console. And the range of target ip was connected and making the login process.

And in the above one shows the input such as scan range of ip address.

In this diagram it shown about the complete process of scanning and make a way to the attack.

Above screenshots shown about the query process and the atack completion notification.

Result

Through the armitage exploitation we made the attacck with the scan reports for the ip address range  and got the output as the session delivery reports involved in the process.

Using BeEF

     It is known as the framework for browser exploitation and it is a kind of tool and has a concern about the browser and it is used for mainly for the security issues.

In the above one it explains about the process of installation of the tool and make a connection of this framework.

And in the above diagram the tool authentication process was shown.

Privilege escalation techniques

Kernel exploits

It is known as a program to list the vulnerabilities in the kernel and to provide the permission for the access. And it used in many issues such as escalate the root on the Linux.

       In the above diagram the user and the related id has shown.

Exploiting services running as root

In this the service such as mail and database servers and this kind of services run locally in the system.

In the above one the net stat command executed and this net stat is used to list out the scan reports.

In the above diagram it shows the root access using the grep command.

Exploiting SUID

It is known as the user identification set and it is used to execute the file by the help of user.

Exploiting using cron job

And using this cron we can make the process running with the root privileges and used to execute the codes with root.

Vulnerability analysis

In the vulnerability analysis the tools are used to analyze the affects in the system. In that cisco has the main contribution to scanning the vulnerabilities.

In the above one it shown about the configuration of file using cisco commands. And the specification includes the various scan reports.

In the above screenshot it shown about the enumeration of the domain name server with the specification such as version and file types.

In the above one the auditing tool is used for the given ip range and it delivers the host process and password guessing operation.

Result

And from the vulnerability analysis using cisco tools we can found the vulnerable of the ip address range such as 10.222.0.251 by the usage of cisco configuration.

Exploit attack against target address

1. Ftp brute

1. Telnet brute

1. SMB brute

1. MYSQL brute

Conclusion

The kali Linux provide a set of exploit tools for avoid the vulnerabilities these tools are known as exploitation tool. And also it includes some social engineering packages. Exploiting vulnerabilities, gaining access, capturing access, unauthorized data, social engineering implementation, and system applications are known as major exploit goals. The defection of attacks is most difficult, and also reduces the security defense attack.  It includes deletion of user log, exiting channel access, and deletes the corrupted message.

Maintaining access means directory of kali Linux. It is used to create a foothold on the target system. It allows multiple access point on the target network, evidence removing, and so many things. The communication method is hiding by encryption, and repairs the affected system. And also the boot to root challenge implemented through the kali Linux by the commands related to the networks. And the exploit attacks against the target address is implemented through msf console in Kali Linux.  

References

Anwar, C., Kuntjoro, K., Sukobar, S. and Harijanto, F. (2014). Memfungsikan Kembali (Refunction) Kali Gedeg Sebagai Short Cut Pengendali Banjir DAS Kali Marmoyo. Jurnal Aplikasi Teknik Sipil, 12(1), p.27.

BEAVER, K. (2018). HACKING FOR DUMMIES. [S.l.]: JOHN WILEY.

Engebretson, P. and Kennedy, D. (2013). The basics of hacking and penetration testing. Waltham (Mass.): Syngress.

Gupta, A. and Anand, A. (2017). Ethical Hacking and Hacking Attacks. International Journal Of Engineering And Computer Science.

Kali Linux – Assuring Security by Penetration Testing. (2014). Network Security, 2014(8), p.4.

, 16(2), pp.445-453.

VULNERABILITY ASSESSMENT & PENETRATION TESTING (VAPT). (2018). International Journal of Recent Trends in Engineering and Research, 4(3), pp.326-330.

Ali, S. and Heriyanto, T. (2011). BackTrack 4. Birmingham, U.K.: Packt Open Source.

Bonifácio, A. and Moura, A. (2017). Test suite completeness and black box testing. Software Testing, Verification and Reliability, 27(1-2), p.e1626.

Ehmer, M. and Khan, F. (2012). A Comparative Study of White Box, Black Box and Grey Box Testing Techniques. International Journal of Advanced Computer Science and Applications, 3(6).

LI, H., WANG, S., LIU, C., ZHENG, J. and LI, Z. (2014). Software Reliability Model Considering both Testing Effort and Testing Coverage. Journal of Software, 24(4), pp.749-760.

Penetration Testing and Network Auditing: Linux. (2014). Journal of Information Processing Systems