Attack Narrative
Penetration testing is a type of method, which is conducted on the IP addresses of organizational network, in order to identify the various kinds of vulnerabilities which are present within the system (Ghanem and Chen 2019). Here, grey – box penetration testing will be conducted. This means that, few information about the server will be known before – hand. Before proceeding with the penetration test on the server, the IP address of the server has been acquired. The IP address of the server is 192.168.2.29. Here, various kinds of tools and software application has been used in order to identify the various kinds of vulnerabilities which are present within the server. Furthermore, the report will also explain about the harm which the identified vulnerabilities cause towards the organizational network (Hatfield 2019). Adding to that, the report will also explain the various kinds of mitigation techniques which the organization can take in order to remove the vulnerabilities from the server.
To proceed with the penetration test on the server, a VPN service has been used. The name of the VPN service Red Net VPN. First, the configuration has been conducted for the Red Net VPN, so that, the targeted server can be reached using the Kali Linux Operating system (Casola et al. 2018). Once the connection has been established with the Red Net VPN, a test ping has been sent to the target IP address in order to check whether the connection has been established or not.
Figure 1 – Ping Test to Target IP Address
(Source – Created by Author)
The above screen shot is from the Kali Linux Operating system. Here, first the Red Net VPN connection has been configured. After that, a ping has been sent to the target IP Address. Once the ping has been sent, significant replies has been received (Bock, Hughey and Levin 2018). This confirmed, that the, network connection with the target server has been established using the Kali Linux Operating System. The next part of the penetration test is to identify the vulnerabilities which are present within the server of the organization.
Figure 2 – Nmap Scan 1
(Source – Created by Author)
Figure 3 – Nmap Scan 2
(Source – Created by Author)
The above two screen shot contains the result which has been generated through the Nmap tool. The Nmap tool is present within the Kali Linux Operating System (Munaiah et al. 2019). This tool helps in identifying the open ports and the services they offer such as HTTP, SSH, MySQL. The ports are gateways, through which data and information are sent from the server and receive from the various computer system. However, if there are open ports in the server, then the cyber criminal would be able to get inside the ports and then conduct malicious attacks, which will result in data breach. Here an intense scan has been conducted using the Nmap tool (Schwartz and Kurniawati 2019). The command which has been used in order to conduct the intense scan is nmap -T4 -A -v 192.168.2.29. After the scan, below are the ports which were found to be in open state –
|
Port |
State |
Service |
Version |
|
22 / TCP |
Open |
SSH |
OpenSSH 4.4 (protocol 1.99) |
|
80 / TCP |
Open |
HTTP |
Apache httpd 1.3.37 ((Unix) PHP / 4.4.4) |
|
139 / TCP |
Open |
Netbios – ssn |
Samba smbd 3.x – 4.x (workgroup: WORKGROUP) |
|
445 / TCP |
Open |
Netbios – ssn |
Samba smbd 3.0.14a (workgroup: WORKGROUP) |
|
3306 / TCP |
Open |
MySQL |
MySQL (unauthorized) |
|
5544 / TCP |
Open |
Bindshell |
Bash Shell (**BACKDOOR**) |
Vulnerabilities and Mitigation
The above table contains the list of the open ports which has been identified by the Nmap tool. Using this information, the vulnerabilities can be tested, in order to gain access to the data and information.
Figure 4 – Metasploit
(Source – Created by Author)
The above screen shot is of the Metasploit tool, which is used in order to conduct the exploitation on the vulnerabilities which has been found in the server (Rahman and Williams 2019). Various commands are available, with the help of which the exploitation is conducted.
Figure 5 – Accessing the IP address through the Web Browser
(Source – Created by Author)
To find out more about the target server, the IP address has been entered into the search bar of the web browser. Once the IP address has been entered the above screen has been displayed into the web browser (Paráda 2018). As it is evident from the above screen shot, the server is not protected by any SSH layer.
Figure 6 – HTTP Exploit
(Source – Created by Author)
In order to proceed with the exploitation part, first, the auxiliary options for the services needs to be checked. Here the http version which is being used in the server has been checked. Using the command, set RHOSTS 192.168.2.29 the IP address has been assigned in order to conduct the exploitation (Chowdhary et al. 2020). When the command run is being executed, the Apache and PHP version of the server has been displayed.
Figure 7 – Searchsploit
(Source – Created by Author)
This command has been used on both the Apache version and the PHP version of the service, to find the vulnerability which is present. According to the command, that has been used, that is, searchsploit, the vulnerabilities are Remote Code execution and Remote Code Execution + Scanner, server – side denial of service.
Figure 8 – CGI ARG injection
(Source – Created by Author)
Here the CGI ARG injection has been used in the Metasploit console, in order to exploit the vulnerability, that has been found in the HTTP service.
Figure 9 – Nikto
(Source – Created by Author)
Here, the Nikto software application has been used in the Kali Linux Operating System. Through this tool, several vulnerabilities have been identified. One of the vulnerabilities which has been identified is associated with the Apache server, where with the help of the vulnerability the cyber criminals would be able to conduct the Brute force attack (Nagpure and Kurkure 2017). With the help of the Brute force attack, the cyber criminal would be able to get inside the server and then have access to the files and folders which are present.
Figure 10 – OWASP
(Source – Created by Author)
The above screen shot displays the result that has been generated by the OWASP software application, which is also present within the Kali Linux Operating System. Through this vulnerability, the cyber criminals would be able to use unauthorised APIs, in order to access the contents of the server.
Figure 11 – X – Frame Options Header Not Set
(Source – Created by Author)
Following the OWASP result, another vulnerability which has been found is that, the X – Frame Options Header has not been set in the HTTP response, which makes the server vulnerable to the Clickjacking Attacks.
The port 22, in the server is being used for the SSH service. With the help of the vulnerability present within this port, the cyber criminals would be able to send random TCP traffic through the port 22, and then have unauthorised access to the server (Mateo Tudela et al. 2020). They would be able to access all the data and information which are stored in the server. In order to mitigate this vulnerability, TCP Wrapper can be used in the SSH port. This will help in preventing the unauthorised access to the server. Specific permission can be provided to the IP addresses, through which the server can be accessed.
The port 80 is being used by the HTTP service. Here the Apache server which is being used, has found to be out of date. This means that, the software which is being used in the Apache server, does have the latest update, thus due to lack of security patch, it becomes a vulnerability to the server (Goutam and Tiwari 2019). With the help of the vulnerability, the cyber criminals would be able to elevate their privileges to administrator and then conduct system commands. In order to mitigate the vulnerability, the Apache server needs to be updated. With the help of update, security patches will be conducted, through which the cyber criminals can be prevented from entering into the server.
The port number 3306 is being used for the MySQL service. Through this service, the server would be able to access the data and information which are stored in the database. The MySQL service is also used by the web application to store the data and information into relevant tables in the database. In order to mitigate this vulnerability, data encryption needs to be enforced into the data, which are present within the database.
Conclusion
In order to conclude, in this report, the penetration testing of a server has been explained. Adding to that, the processes which has been used in order to commence the penetration test, has also been discussed. Several types of vulnerabilities have been identified, with the tools that are present in the Kali Linux Operating System. After that, based on the vulnerabilities present, the mitigation strategies for the vulnerabilities have also been discussed. With the help of the mitigation strategies, the server which is being used in the organization can be protected from various kinds of cyber security threats and attacks.
References
Bock, K., Hughey, G. and Levin, D., 2018. King of the hill: A novel cybersecurity competition for teaching penetration testing. In 2018 USENIX Workshop on Advances in Security Education (ASE 18).
Casola, V., De Benedictis, A., Rak, M. and Villano, U., 2018, June. Towards automated penetration testing for cloud applications. In 2018 IEEE 27th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE) (pp. 24-29). IEEE.
Chowdhary, A., Huang, D., Mahendran, J.S., Romo, D., Deng, Y. and Sabur, A., 2020, December. Autonomous security analysis and penetration testing. In 2020 16th International Conference on Mobility, Sensing and Networking (MSN) (pp. 508-515). IEEE.
Ghanem, M.C. and Chen, T.M., 2019. Reinforcement learning for efficient network penetration testing. Information, 11(1), p.6.
Goutam, A. and Tiwari, V., 2019, November. Vulnerability Assessment and Penetration Testing to Enhance the Security of Web Application. In 2019 4th International Conference on Information Systems and Computer Networks (ISCON) (pp. 601-605). IEEE.
Hatfield, J.M., 2019. Virtuous human hacking: The ethics of social engineering in penetration-testing. Computers & Security, 83, pp.354-366.
Mateo Tudela, F., Bermejo Higuera, J.R., Bermejo Higuera, J., Sicilia Montalvo, J.A. and Argyros, M.I., 2020. On Combining Static, Dynamic and Interactive Analysis Security Testing Tools to Improve OWASP Top Ten Security Vulnerability Detection in Web Applications. Applied Sciences, 10(24), p.9119.
Munaiah, N., Rahman, A., Pelletier, J., Williams, L. and Meneely, A., 2019, September. Characterizing attacker behavior in a cybersecurity penetration testing competition. In 2019 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM) (pp. 1-6). IEEE.
Nagpure, S. and Kurkure, S., 2017, August. Vulnerability assessment and penetration testing of Web application. In 2017 International Conference on Computing, Communication, Control and Automation (ICCUBEA) (pp. 1-6). IEEE.
Paráda, I., 2018. Basic of cybersecurity penetration test. Hadmernok, 13(3), pp.435-442.
Rahman, A. and Williams, L., 2019, April. A bird’s eye view of knowledge needs related to penetration testing. In Proceedings of the 6th Annual Symposium on Hot Topics in the Science of Security (pp. 1-2).
Schwartz, J. and Kurniawati, H., 2019. Autonomous penetration testing using reinforcement learning. arXiv preprint arXiv:1905.05965.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
