Course name: Securing Windows and Linux Lab Course Code: CSB-472

Experiment 3.2

Aim: Understanding the Linux Client Configuration

Tools/Software Required: Linux and Metasploit

Description:
Penetration testing (or pen testing) is a security exercise where a cyber-security expert attempts to find and
exploit vulnerabilities in a computer system. The purpose of this simulated attack is to identify any weak spots
in a system’s defences which attackers could take advantage of.

This is like a bank hiring someone to dress as a burglar and try to break into their building and gain access to
the vault. If the ‘burglar’ succeeds and gets into the bank or the vault, the bank will gain valuable information
on how they need to tighten their security measures.

Types:

Open-box pen test - In an open-box test, the hacker will be provided with some information ahead of time
regarding the target company’s security info.
Closed-box pen test - Also known as a ‘single-blind’ test, this is one where the hacker is given no background
information besides the name of the target company.

Covert pen test - Also known as a ‘double-blind’ pen test, this is a situation where almost no one in the
company is aware that the pen test is happening, including the IT and security professionals who will be
responding to the attack. For covert tests, it is especially important for the hacker to have the scope and other
details of the test in writing beforehand to avoid any problems with law enforcement.

Name: Shubham Bharti UID:19BCS2848

 Course name: Securing Windows and Linux Lab Course Code: CSB-472
External pen test - In an external test, the ethical hacker goes up against the company’s external-facing
technology, such as their website and external network servers. In some cases, the hacker may not even
be allowed to enter the company’s building. This can mean conducting the attack from a remote location
or carrying out the test from a truck or van parked nearby.

Internal pen test - In an internal test, the ethical hacker performs the test from the company’s internal network.
This kind of test is useful in determining how much damage a disgruntled employee can cause from behind
the company’s firewall.

METASPLOIT:

Metasploit is a powerful tool used by network security professionals to do penetration tests, by system
administrators to test patch installations, by product vendors to implement regression testing, and by security
engineers across industries. The purpose of Metasploit is to help users identify where they are most likely to
face attacks by hackers and proactively mend those weaknesses before exploitation by hackers.

With the wide range of applications and open-source availability that Metasploit offers, the framework is
used by professionals in development, security, and operations to hackers. The framework is popular with
hackers and easily available, making it an easy to install, reliable tool for security professionals to be familiar
with even if they don’t need to use it.

Uses and Benefits:

Metasploit provides you with varied use cases, and its benefits include:

Open Source and Actively Developed: Metasploit is preferred to other highly paid penetration testing tools
because it allows accessing its source code and adding specific custom modules.

Name: Shubham Bharti UID:19BCS2848

 Course name: Securing Windows and Linux Lab Course Code: CSB-472
Ease of Use: It is easy to use Metasploit while conducting a large network penetration test. Metasploit conducts
automated tests on all systems in order to exploit the vulnerability.

Easy Switching between Payloads: The set payload command allows easy, quick access to switch payloads.

It becomes easy to change the meterpreter or shell-based access into a specific operation.

Cleaner Exits: Metasploit allows a clean exit from the target system it has compromised.

Friendly GUI Environment: Friendly GUI and third-party interfaces facilitate the penetrate testing project.

IFCONFIG OF UBUNTU:

IFCONFIG OF METASPLOITABLE:

Name: Shubham Bharti UID:19BCS2848

 Course name: Securing Windows and Linux Lab Course Code: CSB-472

MODULES OF METASPLOITABLE:

Name: Shubham Bharti UID:19BCS2848

 Course name: Securing Windows and Linux Lab Course Code: CSB-472

*-*-*-*-*-*-*-*-*-*

Name: Shubham Bharti UID:19BCS2848