Professional Documents
Culture Documents
A Project Report
On
PENETRATION TESTING
USING
KALI LINUX
by
2100032127 U. Satish
1
Declaration
own effort.
Student Name Id
Number
2
CERTIFICATE
FACULTY IN CHARGE
3
ACKNOWLEDGEMENTS
Last but not the least, we thank all Teaching and Non-Teaching
Staff of our department and especially our classmates and our friends
for their support.
INDEX
4
S.NO TITLE PAGE NO
1 Abstract 06
2 Introduction 07-08
3 Literature Work 09
5 Methodology 11-12
7 Result Analysis 15
8 Conclusion 16
9 Bibliography 17
ABSTRACT
5
Penetration testing is a type of security testing that is used to test the
insecurity of an application. It is conducted to find the security risk
which might be present in the system.
If a system is not secured, then any attacker can disrupt or take
authorized access to that system. Security risk is normally an
accidental error that occurs while developing and implementing the
software. For example, configuration errors, design errors, and
software bugs, etc.
In this Project, we are going to elaborately describe the Burp Suite
tool and its features that are bundled in a single suite made for Web
Application Security assessment as well as Penetration testing.
A vulnerability assessment simply identifies and reports noted
vulnerabilities, whereas penetrations test (Pen Test) attempts to
exploit the vulnerabilities to determine whether unauthorized access
or other malicious activity is possible. Penetration testing typically
includes network penetration testing and application security testing
as well as controls and processes around the networks and
applications, and should occur from both outside the network trying to
come in (external testing) and from inside the network.
6
INTRODUCTION
7
you can easily and accurately manage your security system by
allocating the security resources accordingly.
Avoid Fines − Penetration testing keeps your organization’s
major activities updated and complies with the auditing system.
So, penetration testing protects you from giving fines.
Protection from Financial Damage − A simple breach of
security system may cause millions of dollars of damage.
Penetration testing can protect your organization from such
damages.
Customer Protection − Breach of even a single customer’s data
may cause big financial damage as well as reputation damage. It
protects the organizations who deal with the customers and keep
their data intact.
8
LITERATURE WORK
Penetration testing is a crucial element in ensuring the security of
computer systems and networks. In this project, we will explore the
importance of penetration testing and how it can be used to identify
vulnerabilities in computer systems and networks. We will also
discuss the various types of penetration testing and the tools and
techniques that can be used to perform effective penetration tests.
Penetration testing, also known as pen testing, is the process of testing
a computer system, network, or web application to identify security
weaknesses that could be exploited by attackers. The goal of
penetration testing is to identify vulnerabilities and provide
recommendations for remediation.
Types of Penetration Testing:
There are various types of penetration testing, including black box
testing, gray box testing, and white box testing.
Black Box Testing: This type of testing involves simulating an attack
from an external perspective, without any prior knowledge of the
target system or network. The tester has no knowledge of the internal
workings of the system being tested.
Gray Box Testing: This type of testing involves simulating an attack
with some knowledge of the target system, such as access to a limited
set of credentials. The tester has some knowledge of the internal
workings of the system being tested.
White Box Testing: This type of testing involves simulating an attack
with full knowledge of the target system or network, including access
to source code and other sensitive information. The tester has full
knowledge of the internal workings of the system being tested.
HARDWARE REQUIREMENTS:
The hardware requirements that map towards the software are as follows:
METHODOLOGY
The purpose of this methodology is to provide a structured approach
for conducting a penetration test on a computer system or network.
10
The methodology includes the following steps: reconnaissance,
scanning, enumeration, vulnerability analysis, exploitation, post-
exploitation, and reporting.
Reconnaissance:
The first step in a penetration test is reconnaissance, which involves
gathering information about the target system or network. This can
include information such as IP addresses, network topology, system
and application versions, and user accounts.
Scanning:
The next step is scanning, which involves using automated tools to
scan the target system or network for open ports, services, and
vulnerabilities. This can include tools such as Nmap and Nessus.
Enumeration:
Once vulnerabilities have been identified, the next step is
enumeration, which involves gathering information about the
vulnerabilities and the systems they are present on. This can include
information such as user accounts, passwords, and system
configurations.
Vulnerability Analysis:
The next step is vulnerability analysis, which involves analyzing the
vulnerabilities that have been identified to determine which ones are
most critical and which ones are exploitable.
Exploitation:
The next step is exploitation, which involves attempting to exploit the
vulnerabilities that have been identified. This can include using
11
automated tools or manual techniques to gain access to the target
system or network.
Post-Exploitation:
Once access has been gained to the target system or network, the next
step is post-exploitation, which involves exploring the system or
network to identify additional vulnerabilities and to gather more
information.
Reporting:
The final step in the penetration testing methodology is reporting,
which involves documenting the vulnerabilities that have been
identified, the techniques that were used to exploit them, and the
recommendations for remediation.
12
13
RESULT ANALYSIS
14
Based on the above testing activities, the average risk level across the
board is EXTREME Complete system compromise is trivially
achieved on critical security and file servers, systems that contain
myriad important and confidential files which, if breached, can put
CLIENT at great risk to large fines and significant business impact.
Disable SMB on any system that does not require it for business
functionality. Even with recent patches, Windows systems using SMB
remain vulnerable to ETERNALBLUE type exploits so long as the
service is running. System hardening needs to be implemented
immediately to shrink the risk landscape of the infrastructure.
Controls and configurations should be centrally managed;
management and security systems such as the McAfee server should
be secured using controls designed around Least Privilege and Critical
Infrastructure NIST recommendations. Compromise of these systems
pose a critical threat.
Implement system patching management cycle to ensure that all
systems are regularly receiving important security updates from
vendors. Revoke or replace PFX files in user profiles as a precaution
Data compliance and end user social engineering training should be
implemented to promote safer practices. HIPAA data should be
contained to ONLY systems that require access to the data; it is
encouraged that these systems employ good data at rest encryption
and least privilege access controls to prevent unauthorized access.
Best practice is to centrally store these types of files on a managed,
hardened network location, users should access the files only via
network connectors in their in profiles with configured security
permissions.
CONCLUSION
15
An attacker would most likely start an attack against CLEINT with
social engineering techniques. (this is the most successful type of
attack) and given that ETERNALBLUE is easily exploited, this is the
most likely compromise of the entire system. Attacking the McAfee
Security Server would be an ideal first target; once an attacker has
attained root access to this system, they can disable all the security
controls and systems in place, allowing for much more evasive
traversal of the internal network, as well as potentially creating more
targets without the hindrance of the security systems. From here, the
ideal goals of an attacker would be data exfiltration of ePHI,
Personally Identifiable Information (PII) and PCI data - for purposes
of fraud, ransom, targeted phishing, sale, etc. - and any payment
information that may be available for similar purposes. An adversary
would attempt to access to the Domain Controllers to help facilitate
network traversal and further compromise of security controls and
monitoring systems. With Domain access, complete infrastructure
compromise is likely; with this level of access an attacker presents
numerous serious security risks to critical and confidential
information systems. Internet facing assets at CLIENT have little to
no interactivity and so pose less of a threat to intrusion through these
systems. However, the systems are vulnerable to Man-in-the-middle
(MITM) type attacks which could be utilized by an attacker to gain
access to private communications and potentially steal passwords to
gain further access into the network.
REFERENCES
CAI Miaoqi, "Based on the Research of Linux Firewall and Log
Analysis", D. Anhui University of Science and Technology, 2013.
16
LAI Yuefang, "Design and Implementation of Firewall Network Security
under the Environment of Linux", South China University of Technology,
2013.
17