21CS2109PA – Operating System

A Project Report

On

PENETRATION TESTING
USING
KALI LINUX

Under the Guidance of

Dr. Vijaya Chandra Jadala

by

I.D NUMBER NAME

2100030016 A. Yaswanth Prabhu

2100031617 R. Murali Krishna

2100032127 U. Satish

KONERU LAKSHMAIAH EDUCATION FOUNDATION

DEPARTMENT OF COMPUTER SCIENCE AND

ENIGNEERING
(DST-FIST Sponsored Department)
Green Fields, Vaddeswaram, Guntur District-522 502

1
 Declaration

We here by declare that this Project report entitled Penetration

Testing using kali Linux has been prepared by us in the course

21CS2109PA-Operating System in COMPUTER SCIENCE AND

ENGINEERING during the Even Semester of the academic year

2022-2023. We also declare that this project-based lab report is of our

own effort.

Student Name Id
Number

A. Yaswanth Prabhu 2100030016

R. Murali Krishna
2100031617
U. Satish 2100032127

2
 CERTIFICATE

This is to certify that the project based Lab report entitled

Penetration Testing using kali Linux is a bonafide work done
Mr.Yaswanth Prabhu, Mr.Murali Krishna, Mr.Satish bearing
Regd. No. 2100030016, 2100031617, 2100032127 to the course
21CS2109PA Operating System in COMPUTER SCIENCE AND
ENGINEERING during the Even Semester of Academic year 2022-
2023.

FACULTY IN CHARGE

3
 ACKNOWLEDGEMENTS

Our sincere thanks to Dr. Vijaya Chandra Jadala in the lab

sessions for his outstanding support throughout the project for the
successful completion of the work.
We express our gratitude to Dr. Vijaya Chandra Jadala , Course
Co-Ordinator for the course 21CS2109PA-Operating System in the
Department of Computer Science and Engineering for providing us
with adequate planning and support and means by which we can
complete this project.

We express our gratitude to Prof. V. HARI KIRAN, Head of the

Department for Computer Science and Engineering for providing us
with adequate facilities, ways and means by which we can complete
this project.

We would like to place on record the deep sense of gratitude to

the Vice Chancellor, K L University for providing the necessary
facilities to carry out the project.

Last but not the least, we thank all Teaching and Non-Teaching
Staff of our department and especially our classmates and our friends
for their support.

INDEX

4
S.NO TITLE PAGE NO

1 Abstract 06

2 Introduction 07-08

3 Literature Work 09

4 System Requirement Specification 10

5 Methodology 11-12

6 Coding and implementation 13-14

7 Result Analysis 15

8 Conclusion 16

9 Bibliography 17

ABSTRACT
5
Penetration testing is a type of security testing that is used to test the
insecurity of an application. It is conducted to find the security risk
which might be present in the system.
If a system is not secured, then any attacker can disrupt or take
authorized access to that system. Security risk is normally an
accidental error that occurs while developing and implementing the
software. For example, configuration errors, design errors, and
software bugs, etc.
In this Project, we are going to elaborately describe the Burp Suite
tool and its features that are bundled in a single suite made for Web
Application Security assessment as well as Penetration testing.
A vulnerability assessment simply identifies and reports noted
vulnerabilities, whereas penetrations test (Pen Test) attempts to
exploit the vulnerabilities to determine whether unauthorized access
or other malicious activity is possible. Penetration testing typically
includes network penetration testing and application security testing
as well as controls and processes around the networks and
applications, and should occur from both outside the network trying to
come in (external testing) and from inside the network.

6
 INTRODUCTION

Penetration testing normally evaluates a system’s ability to protect its

networks, applications, endpoints and users from external or internal
threats. It also attempts to protect the security controls and ensures
only authorized access.
Penetration testing is essential because −
 It identifies a simulation environment i.e., how an intruder may
attack the system through white hat attack.
 It helps to find weak areas where an intruder can attack to gain
access to the computer’s features and data.
 It supports to avoid black hat attack and protects the original
data.
 It estimates the magnitude of the attack on potential business.
 It provides evidence to suggest, why it is important to increase
investments in security aspect of technology

Penetration testing is an essential feature that needs to be performed

regularly for securing the functioning of a system. In addition to this,
it should be performed whenever −
 Security system discovers new threats by attackers.
 You add a new network infrastructure.
 You update your system or install new software.
 You relocate your office.
 You set up a new end-user program/policy.

Penetration testing offers the following benefits −

 Enhancement of the Management System − It provides
detailed information about the security threats. In addition to
this, it also categorizes the degree of vulnerabilities and suggests
you, which one is more vulnerable and which one is less. So,

7
 you can easily and accurately manage your security system by
allocating the security resources accordingly.
 Avoid Fines − Penetration testing keeps your organization’s
major activities updated and complies with the auditing system.
So, penetration testing protects you from giving fines.
 Protection from Financial Damage − A simple breach of
security system may cause millions of dollars of damage.
Penetration testing can protect your organization from such
damages.
 Customer Protection − Breach of even a single customer’s data
may cause big financial damage as well as reputation damage. It
protects the organizations who deal with the customers and keep
their data intact.

8
 LITERATURE WORK
Penetration testing is a crucial element in ensuring the security of
computer systems and networks. In this project, we will explore the
importance of penetration testing and how it can be used to identify
vulnerabilities in computer systems and networks. We will also
discuss the various types of penetration testing and the tools and
techniques that can be used to perform effective penetration tests.
Penetration testing, also known as pen testing, is the process of testing
a computer system, network, or web application to identify security
weaknesses that could be exploited by attackers. The goal of
penetration testing is to identify vulnerabilities and provide
recommendations for remediation.
Types of Penetration Testing:
There are various types of penetration testing, including black box
testing, gray box testing, and white box testing.
Black Box Testing: This type of testing involves simulating an attack
from an external perspective, without any prior knowledge of the
target system or network. The tester has no knowledge of the internal
workings of the system being tested.
Gray Box Testing: This type of testing involves simulating an attack
with some knowledge of the target system, such as access to a limited
set of credentials. The tester has some knowledge of the internal
workings of the system being tested.
White Box Testing: This type of testing involves simulating an attack
with full knowledge of the target system or network, including access
to source code and other sensitive information. The tester has full
knowledge of the internal workings of the system being tested.

SYSTEM REQUIREMENT SPECIFICATION

9
  SOFTWARE REQUIREMENTS:
The major software requirements of the project are as follows:

Language : kali linux commands

Tools : Kali linux, Burp suite

 HARDWARE REQUIREMENTS:
The hardware requirements that map towards the software are as follows:

 Intel (or AMD equivalent) i5 or better processor, 7th generation

or newer (Virtualization must be supported)
 Windows 10 Operating System
 1920 x 1080 or greater screen resolution
 500 GB or larger SSD
 Minimum 8 GB of RAM (12GB -16GB RAM recommended)
 Access to High Speed Internet

METHODOLOGY
The purpose of this methodology is to provide a structured approach
for conducting a penetration test on a computer system or network.

10
The methodology includes the following steps: reconnaissance,
scanning, enumeration, vulnerability analysis, exploitation, post-
exploitation, and reporting.
Reconnaissance:
The first step in a penetration test is reconnaissance, which involves
gathering information about the target system or network. This can
include information such as IP addresses, network topology, system
and application versions, and user accounts.
Scanning:
The next step is scanning, which involves using automated tools to
scan the target system or network for open ports, services, and
vulnerabilities. This can include tools such as Nmap and Nessus.
Enumeration:
Once vulnerabilities have been identified, the next step is
enumeration, which involves gathering information about the
vulnerabilities and the systems they are present on. This can include
information such as user accounts, passwords, and system
configurations.
Vulnerability Analysis:
The next step is vulnerability analysis, which involves analyzing the
vulnerabilities that have been identified to determine which ones are
most critical and which ones are exploitable.

Exploitation:
The next step is exploitation, which involves attempting to exploit the
vulnerabilities that have been identified. This can include using

11
automated tools or manual techniques to gain access to the target
system or network.
Post-Exploitation:
Once access has been gained to the target system or network, the next
step is post-exploitation, which involves exploring the system or
network to identify additional vulnerabilities and to gather more
information.
Reporting:
The final step in the penetration testing methodology is reporting,
which involves documenting the vulnerabilities that have been
identified, the techniques that were used to exploit them, and the
recommendations for remediation.

CODING AND IMPLEMENTATION

12
13
RESULT ANALYSIS

14
Based on the above testing activities, the average risk level across the
board is EXTREME Complete system compromise is trivially
achieved on critical security and file servers, systems that contain
myriad important and confidential files which, if breached, can put
CLIENT at great risk to large fines and significant business impact.
Disable SMB on any system that does not require it for business
functionality. Even with recent patches, Windows systems using SMB
remain vulnerable to ETERNALBLUE type exploits so long as the
service is running. System hardening needs to be implemented
immediately to shrink the risk landscape of the infrastructure.
Controls and configurations should be centrally managed;
management and security systems such as the McAfee server should
be secured using controls designed around Least Privilege and Critical
Infrastructure NIST recommendations. Compromise of these systems
pose a critical threat.
Implement system patching management cycle to ensure that all
systems are regularly receiving important security updates from
vendors. Revoke or replace PFX files in user profiles as a precaution
Data compliance and end user social engineering training should be
implemented to promote safer practices. HIPAA data should be
contained to ONLY systems that require access to the data; it is
encouraged that these systems employ good data at rest encryption
and least privilege access controls to prevent unauthorized access.
Best practice is to centrally store these types of files on a managed,
hardened network location, users should access the files only via
network connectors in their in profiles with configured security
permissions.

CONCLUSION

15
An attacker would most likely start an attack against CLEINT with
social engineering techniques. (this is the most successful type of
attack) and given that ETERNALBLUE is easily exploited, this is the
most likely compromise of the entire system. Attacking the McAfee
Security Server would be an ideal first target; once an attacker has
attained root access to this system, they can disable all the security
controls and systems in place, allowing for much more evasive
traversal of the internal network, as well as potentially creating more
targets without the hindrance of the security systems. From here, the
ideal goals of an attacker would be data exfiltration of ePHI,
Personally Identifiable Information (PII) and PCI data - for purposes
of fraud, ransom, targeted phishing, sale, etc. - and any payment
information that may be available for similar purposes. An adversary
would attempt to access to the Domain Controllers to help facilitate
network traversal and further compromise of security controls and
monitoring systems. With Domain access, complete infrastructure
compromise is likely; with this level of access an attacker presents
numerous serious security risks to critical and confidential
information systems. Internet facing assets at CLIENT have little to
no interactivity and so pose less of a threat to intrusion through these
systems. However, the systems are vulnerable to Man-in-the-middle
(MITM) type attacks which could be utilized by an attacker to gain
access to private communications and potentially steal passwords to
gain further access into the network.

REFERENCES
 CAI Miaoqi, "Based on the Research of Linux Firewall and Log
Analysis", D. Anhui University of Science and Technology, 2013.

16
 LAI Yuefang, "Design and Implementation of Firewall Network Security
under the Environment of Linux", South China University of Technology,
2013.

 ZHOU Xi, "A Personal Firewall System Based on State Detection", D.

Hefei University of Technology, 2010.

 SUN Zhihao, "Present Situation and Prospect of Firewall

Technology", J.. Network Security Technology & Application, no. 6,
2013.

17