Steps for Performing Penetration Testing using Kali Linux
The penetration testing is done by using kali Linux. In earlier stage we are just using white box testing, black box testing, and gray testing. The penetration testing is performed by kali Linux or other tools also. The following steps are used for perform the penetration testing.
The target system is confirmed in this level, also the find the intelligence of the network. The survey is used for gather the information from the identified target. Once the target is identified then automatically go to the survey part. It needs to provide the details about the customer information. Using this data we can easily find out the best way to get the effective result. Reconnaissance resources are also known as information gathering done by kali Linux. The network investigation, data centers, wireless networks, and host systems are the types of tools provided by kali Linux. The goals of reconnaissance are use applications and services, acknowledge the types of system, social engineering information, and document information.
In kali Linux we are using lot of tools, and these tools are known as vulnerability analysis. The assessment objectives are done by the following resource; asses the target system vulnerability, priority of vulnerable system, mapping the vulnerable system, and problem discovery.
The important objective of the study was to analyze the net server by using the kali-Linux. Here the penetrating test will be carried out. From this test all the weak points of the system was easily recognized. After the penetration analysis by using the kali-Linux, the Boot-to-Root activity will be carried out.
This the first action carried out to identify the key vulnerability which is favor of easy attacking of the system. This is the genuine action carried out to find the security vulnerability of the system. This is carried out to take the corrective action against the security breach. It is done by the security administrator. This analysis used to avoid the cyber-attacks conducted from the outside the server. This parse is used for analyze the target environment and characteristics of the system. Using penetration testing the targeted informations is easily identified and also very fast. Compare to white box testing the black box testing needs more reconnaissance, because the testers do not get any additional data. The network IP addresses are scanned, and also scan the social engineering service. In penetration testing, reconnaissance is the first step.
In this process the security test was carried out to check whether the system have any flaws. So the checking of the flaws in the system was known as scanning. Here we check the confidentiality of the system. Also the authentication system undergoes to the test. In this stage any weaker area of the network system was identified. The next one is access the vulnerability of the target, in this phase the tester gain the knowledge about the target. So we can learn the details about how the vulnerabilities are analyzed. The test vulnerabilities includes so many things like how to run the web applications, which types of informations are used, what are port communications are used, and so on. The informations are scouted for improve the potential vulnerabilities, and also avoid the exiting security. The owner of the asset in the web application is worn by the generic vulnerability scanner. There are two different ways are used for complete the target one is manually and another one is through tools.
Tools Used in Penetration Testing
This is the process of using the things for our own advantage. In our case we need to find the software or tool which exploits the data for attacker’s welfare. It occurs because of the weakness of the system software (OS). Exploration is used for check the vulnerability is true or false. And also it is used for check the current status of the vulnerability. There are two passive services are used one is assessment and another one is auditing. The vulnerability exploits and all the subsequent steps are accessed without any proper authentication from the owner of the system, this situation is avoided in this phase.
The above two steps are executed successfully then only this step is performed well. Exploitation is the most famous technique for identify the vulnerability and also incorrect performance. In the target system use two different ways for exploits their vulnerable, one is manual and another one is automated. In SQL injunction there are different gain administrative access are used for the web application development.
In this test carried out find any traces of the exploiting software or bugs. For this test we simply perform the ip config command. That shows all the established connection in the system. So we can able to find the details about the attacker’s system details if any. Only the restriction data and resources are allowed in vulnerable system. The evaluation of privilege includes password breaking, user account, unlicensed IT space, and so on. If you want to gain the privilege evaluation, then we need some vulnerable toolkits this toolkit is provided by kali Linux. The post exploitation goals are obtain the highest privilege, reveal the user account information, and other system access.
In this penetration testing method the last stage is reporting. The reporting phase is one of the most important phases, it includes two parts one is management and another one is technical part. It provides the effective informations about the graphs, and figures. The vulnerable presentation is providing by the penetration tester, and the technical description is providing by the document. The client requirements of the document are meeting by the tester. And also provide the detailed information about the document.
The risk is identified based on the impact and it can be medium, low, high and extreme. And in that many risks are possible with low and medium. And in this analysis the medium and high risks are identified and there is an option unlike and it is mentioned for low chance to get a risk. And by the way the risks are analyzed and reported. And the risk described by moderate, low and critical based on the risk it analyze the impact level.
|
Likelihood (Weight Factor) |
Definition |
|
High (1.0) |
The threat-source is highly motivated and sufficiently capable, |
|
Medium (0.5) |
The threat-source is motivated and capable, but controls are in |
|
Low (0.1) |
The threat-source lacks motivation or capability, or controls are |
Objectives of Penetration Testing
Penetration testing is used to finding the vulnerabilities in the website or the system by using the tool such as nmap. In the nmap the testing has accomplished using the proper command. For finding vulnerabilities the commands are described below.
- nmap basic specification
- nmap -v -sS -p–A -T4 10.222.0.251
- nmap -v -sU -sS -p- -A -T4 10.222.0.251
- nmap -v -p 445 –script=smb-check-vulns–script-args=unsafe=1 10.222.0.251
- nmap -A –script vulners 10.222.0.251 –vv
From the vulnerability analysis it seems to be high risk in the form has weak passwords for the authentication and the administration has the weak password. And here more techniques are used to solve the weakness in the password so resolving this by the way of making strong password.
Description
The head or administration seems to be weak password.
Impact
The impact of this has to lead the usage of techniques and solved by using the interface. And the text of the password should be encrypted.
Resolving method
Make the interfaces with the complex passwords.
Medium Risk Findings
A misconfigured name server is providing a DNS zone transfer, and this DNS zone transfer is fully unrestricted. The impact is DNS zone transfer.
Range- medium
Description- the unrestricted DNS zone is transfer by the misconfigured DNS server.
Impact – It allow any DNZ server for configure the zone transfer. The sensitive information is provided by the DNS server. And the network layouts are corporate by the same DNS server.
Resolving method- the DNS zone transfer is only allow the pre approved servers.
The kali Linux provide a set of exploit tools for avoid the vulnerabilities these tools are known as exploitation tool. And also it includes some social engineering packages. Exploiting vulnerabilities, gaining access, capturing access, unauthorized data, social engineering implementation, and system applications are known as major exploit goals. The defection of attacks is most difficult, and also reduces the security defense attack. It includes deletion of user log, exiting channel access, and deletes the corrupted message.
Maintaining access means directory of kali Linux. It is used to create a foothold on the target system. It allows multiple access point on the target network, evidence removing, and so many things. The communication method is hiding by encryption, and repairs the affected system.
References
Cheung, F. (2010). Biophysics: Penetration testing. Nature China.
Foulser-Piggott, R., Bowman, G. and Hughes, M. (2017). A Framework for Understanding Uncertainty in Seismic Risk Assessment. Risk Analysis.
Gold, S. (2011). Advanced evasion techniques. Network Security, 2011(1), pp.16-19.
Johnson, B. (2011). Risk Assessment, Risk Management, and a Historic Political Deal. Human and Ecological Risk Assessment: An International Journal, 17(6), pp.1171-1172.
Kali Linux – Assuring Security by Penetration Testing. (2014). Network Security, 2014(8), p.4.
Penetration Testing. (2014). Network Security, 2014(7), p.4.
Social Engineering Penetration Testing. (2014). Network Security, 2014(11), p.4.
VULNERABILITY ASSESSMENT & PENETRATION TESTING (VAPT). (2018). International Journal of Recent Trends in Engineering and Research, 4(3), pp.326-330.
Vulnerability Assessment and Penetration Testing through Artificial Intelligence. (2018). International Journal of Recent Trends in Engineering and Research, 4(1), pp.217-224.
Wright, M. (2001). The Advanced Encryption Standard. Network Security, 2001(10), pp.11-13.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
