Analysis of Security Vulnerability of WidgetsInc Virtual Machine Image
VerifiedAdded on  2023/01/06
|23
|3636
|97
AI Summary
The report is prepared for analysis of the security vulnerability of the WidgetsInc virtual machine image that has been provided for evaluation. For performing the vulnerability test we have selected kali linux and different tools to identify the security issue with the image. The report provides a shot description of each of the process performed for the evaluation of vulnerability. The results that are obtained from the tests are described and the security issues are addressed that can help the company to eliminate the different vulnerability issues and develop their new web-based store.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: COMPUTERS SECURITY
Computer Security
Name of the Student
Name of the University
Author’s Note
Computer Security
Name of the Student
Name of the University
Author’s Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1
COMPUTERS SECURITY
Executive Summary
The report is prepared for analysis of the security vulnerability of the WidgetsInc virtual machine
image that has been provided for evaluation. For performing the vulnerability test we have
selected kali linux and different tools to identify the security issue with the image. The report
provides a shot description of each of the process performed for the evaluation of vulnerability.
The results that are obtained from the tests are described and the security issues are addressed
that can help the company to eliminate the different vulnerability issues and develop their new
web-based store.
COMPUTERS SECURITY
Executive Summary
The report is prepared for analysis of the security vulnerability of the WidgetsInc virtual machine
image that has been provided for evaluation. For performing the vulnerability test we have
selected kali linux and different tools to identify the security issue with the image. The report
provides a shot description of each of the process performed for the evaluation of vulnerability.
The results that are obtained from the tests are described and the security issues are addressed
that can help the company to eliminate the different vulnerability issues and develop their new
web-based store.
2
COMPUTERS SECURITY
Table of Contents
Overview..........................................................................................................................................3
Summary of Results.........................................................................................................................3
Methodology....................................................................................................................................4
Scope............................................................................................................................................4
Information Gathering.................................................................................................................5
IP and MAC Address...................................................................................................................6
Virtual Host.................................................................................................................................7
Scanning......................................................................................................................................8
Port Scan..................................................................................................................................8
Framework.............................................................................................................................12
WEB Scan..............................................................................................................................14
SQL Injection Scan................................................................................................................17
Test Logs.......................................................................................................................................17
Result and Recommendations........................................................................................................19
Bibliography..................................................................................................................................20
COMPUTERS SECURITY
Table of Contents
Overview..........................................................................................................................................3
Summary of Results.........................................................................................................................3
Methodology....................................................................................................................................4
Scope............................................................................................................................................4
Information Gathering.................................................................................................................5
IP and MAC Address...................................................................................................................6
Virtual Host.................................................................................................................................7
Scanning......................................................................................................................................8
Port Scan..................................................................................................................................8
Framework.............................................................................................................................12
WEB Scan..............................................................................................................................14
SQL Injection Scan................................................................................................................17
Test Logs.......................................................................................................................................17
Result and Recommendations........................................................................................................19
Bibliography..................................................................................................................................20
3
COMPUTERS SECURITY
Overview
Ethical hacking is used for performing the attack on the virtual machine of WidgetInc and
finding the security weakness of the computer system and handling the attacked environment.
For performing the test different types of attacks are performed on the host and the result of the
attack are observed for identification of the weak point that can compromise the victim Virtual
Machine. Flags are used for penetrating as root user, other normal users for the exploitation of
the configuration issues and finding desired vulnerability.
The report demonstrates the testing logs, results and recommendation that was used for
compromising the security of the targeted host.
Summary of Results
After performing the penetration testing the victim virtual machine is found to be
vulnerable to different types of network attacks that are related to authentication, authorization
and access controls. Authentication using non-plaintext as for example DIGEST-MD5 resulted in
increasing the possibility of unauthroised access for the web application and have a negative
impact on the user data residing in the database of the server. The services that are available for
the users are examined thoroughly with the use of payloads, encoders, exploits and encoders. A
documented security weakness is used by the module for the execution of arbitrary commands
for the targeted victim and run distCC daemon command without checking authorization.
The service named ProFTPD that is used for enhancing the FTP server and feature of
Apache configuration syntax contains the different virtual, anonymous and permission based
FTP servers that is used for the test and the favorable output is documented.
COMPUTERS SECURITY
Overview
Ethical hacking is used for performing the attack on the virtual machine of WidgetInc and
finding the security weakness of the computer system and handling the attacked environment.
For performing the test different types of attacks are performed on the host and the result of the
attack are observed for identification of the weak point that can compromise the victim Virtual
Machine. Flags are used for penetrating as root user, other normal users for the exploitation of
the configuration issues and finding desired vulnerability.
The report demonstrates the testing logs, results and recommendation that was used for
compromising the security of the targeted host.
Summary of Results
After performing the penetration testing the victim virtual machine is found to be
vulnerable to different types of network attacks that are related to authentication, authorization
and access controls. Authentication using non-plaintext as for example DIGEST-MD5 resulted in
increasing the possibility of unauthroised access for the web application and have a negative
impact on the user data residing in the database of the server. The services that are available for
the users are examined thoroughly with the use of payloads, encoders, exploits and encoders. A
documented security weakness is used by the module for the execution of arbitrary commands
for the targeted victim and run distCC daemon command without checking authorization.
The service named ProFTPD that is used for enhancing the FTP server and feature of
Apache configuration syntax contains the different virtual, anonymous and permission based
FTP servers that is used for the test and the favorable output is documented.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4
COMPUTERS SECURITY
Kali Linux offers different type of security tools for analyzing the potential problem and
vulnerabilities of a host by bypassing password security, cracking tools and recovering the
password from the stored data. The packages available in Kali Linux is a mixture of different
algorithm and cracking strategies like brute force, dictionary attack and is found to be most
productive in penetration testing.
The vulnerability of the Web server is tested for finding the problems with software and
server misconfigurations. A checking is done on the default files and programs that are outdated
and is vulnerable to different types of network attacks.
Methodology
Multiple number of steps are performed for beginning the scope of vulnerability test and
is ended with reporting the output of the test. A self-performing test is used with the modes that
can be used by the attacker for controlling the execution of different types of attack and prevent
it from harming the system (Hall and Watson 2016). The approach of vulnerability test is not
limited to automated and manual scans and finding the verification. The false positives and the
error in outputs can be eliminated with the implementation of manual scanning and verification
of the configurations.
Scope
The scope of performing the vulnerability test on the VMware image to gather
information about the security configuration and services. Since no information is provided
about the virtual image it falls under Gray box testing category multiple tools are used for
gathering information about the image file (Regalado et al. 2015). The network adapter in
COMPUTERS SECURITY
Kali Linux offers different type of security tools for analyzing the potential problem and
vulnerabilities of a host by bypassing password security, cracking tools and recovering the
password from the stored data. The packages available in Kali Linux is a mixture of different
algorithm and cracking strategies like brute force, dictionary attack and is found to be most
productive in penetration testing.
The vulnerability of the Web server is tested for finding the problems with software and
server misconfigurations. A checking is done on the default files and programs that are outdated
and is vulnerable to different types of network attacks.
Methodology
Multiple number of steps are performed for beginning the scope of vulnerability test and
is ended with reporting the output of the test. A self-performing test is used with the modes that
can be used by the attacker for controlling the execution of different types of attack and prevent
it from harming the system (Hall and Watson 2016). The approach of vulnerability test is not
limited to automated and manual scans and finding the verification. The false positives and the
error in outputs can be eliminated with the implementation of manual scanning and verification
of the configurations.
Scope
The scope of performing the vulnerability test on the VMware image to gather
information about the security configuration and services. Since no information is provided
about the virtual image it falls under Gray box testing category multiple tools are used for
gathering information about the image file (Regalado et al. 2015). The network adapter in
5
COMPUTERS SECURITY
vmware is changed from NAT to host only for identifying the IP address of the machine and Kali
linux is used for getting more visibility for the targeted host with IP address 192.168.202.129.
Information Gathering
Before accessing the targeted victim, a research is performed for gathering information
from third party sources such as identifying the IP address of the host, hack attempts made on the
machine, information about the operating system, services running on different ports, Open
ports, etc. for using it later and perform the exploitation (Conteh and Schmick 2016).
COMPUTERS SECURITY
vmware is changed from NAT to host only for identifying the IP address of the machine and Kali
linux is used for getting more visibility for the targeted host with IP address 192.168.202.129.
Information Gathering
Before accessing the targeted victim, a research is performed for gathering information
from third party sources such as identifying the IP address of the host, hack attempts made on the
machine, information about the operating system, services running on different ports, Open
ports, etc. for using it later and perform the exploitation (Conteh and Schmick 2016).
6
COMPUTERS SECURITY
IP and MAC Address
Nmap is used for getting the IP address and Mac address of the devices connected in the network
and is shown below in a tabular format.
IP Address of active host in the network Mac address of the host
192.168.202.129 00:50:56:C0:00:01
192.168.202.128 00:50:56:EE:BF:F3
192.168.202.254 00:50:56:00:10:DE
root@kali:~# nmap -sP 192.168.202.0/24
Starting Nmap 7.50 ( https://nmap.org ) at 2019-05-04 22:37 AWST
Nmap scan report for 192.168.202.1
Host is up (-0.15s latency).
MAC Address: 00:50:56:C0:00:01 (VMware)
Nmap scan report for 192.168.202.129
COMPUTERS SECURITY
IP and MAC Address
Nmap is used for getting the IP address and Mac address of the devices connected in the network
and is shown below in a tabular format.
IP Address of active host in the network Mac address of the host
192.168.202.129 00:50:56:C0:00:01
192.168.202.128 00:50:56:EE:BF:F3
192.168.202.254 00:50:56:00:10:DE
root@kali:~# nmap -sP 192.168.202.0/24
Starting Nmap 7.50 ( https://nmap.org ) at 2019-05-04 22:37 AWST
Nmap scan report for 192.168.202.1
Host is up (-0.15s latency).
MAC Address: 00:50:56:C0:00:01 (VMware)
Nmap scan report for 192.168.202.129
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
COMPUTERS SECURITY
Host is up (0.00054s latency).
MAC Address: 00:50:56:00:10:DE (VMware)
Nmap scan report for 192.168.202.254
Host is up (0.00014s latency).
MAC Address: 00:50:56:EE:BF:F3 (VMware)
Nmap scan report for 192.168.202.128
Host is up.
Nmap done: 256 IP addresses (4 hosts up) scanned in 30.90 seconds
root@kali:~#
Virtual Host
The virtual PC used the IP address same as the website address and thus if the virtual server can
be compromised it can also compromise the security of the website. The same vulnerability can
be found on the website of WidgetInc since the virtual server is used for hosting the site.
IP Address Website Content
192.168.202.129 Widget Inc
COMPUTERS SECURITY
Host is up (0.00054s latency).
MAC Address: 00:50:56:00:10:DE (VMware)
Nmap scan report for 192.168.202.254
Host is up (0.00014s latency).
MAC Address: 00:50:56:EE:BF:F3 (VMware)
Nmap scan report for 192.168.202.128
Host is up.
Nmap done: 256 IP addresses (4 hosts up) scanned in 30.90 seconds
root@kali:~#
Virtual Host
The virtual PC used the IP address same as the website address and thus if the virtual server can
be compromised it can also compromise the security of the website. The same vulnerability can
be found on the website of WidgetInc since the virtual server is used for hosting the site.
IP Address Website Content
192.168.202.129 Widget Inc
8
COMPUTERS SECURITY
Scanning
There are different types of scans that are performed for identifying the vulnerability of the
victim virtual image and they are given in the following steps.
Port Scan
Used tool: Masscan
Description: It is a port scanner that is capable of performing survey on a large scale for the
internet or the intranet network. The default rate of transmit of the tool is 100 packet per second
but it can be modified for getting a faster scan result upto 25 million packet per second and the
rate is more than enough for scanning the internet with 3 minute for finding a port (Holzer and
Lerums 2016).
COMPUTERS SECURITY
Scanning
There are different types of scans that are performed for identifying the vulnerability of the
victim virtual image and they are given in the following steps.
Port Scan
Used tool: Masscan
Description: It is a port scanner that is capable of performing survey on a large scale for the
internet or the intranet network. The default rate of transmit of the tool is 100 packet per second
but it can be modified for getting a faster scan result upto 25 million packet per second and the
rate is more than enough for scanning the internet with 3 minute for finding a port (Holzer and
Lerums 2016).
9
COMPUTERS SECURITY
Reason of Use: Since it is the faster port scanner that is available and can scan 10x faster than
the other port scanner available Masscan is selected.
Host (IP) Port Status
192.168.202.128 22 Open
192.168.202.128 8080 Open
192.168.202.128 80 Open
192.168.202.128 3306 Open
root@kali:~# masscan 192.168.202.129 --ports 1-65535 --rate=10000 --interface eth0 --router-
mac 00:50:56:00:10:DE
Starting masscan 1.0.3 (http://bit.ly/14GZzcT) at 2019-05-04 14:42:07 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 1 hosts [65535 ports/host]
COMPUTERS SECURITY
Reason of Use: Since it is the faster port scanner that is available and can scan 10x faster than
the other port scanner available Masscan is selected.
Host (IP) Port Status
192.168.202.128 22 Open
192.168.202.128 8080 Open
192.168.202.128 80 Open
192.168.202.128 3306 Open
root@kali:~# masscan 192.168.202.129 --ports 1-65535 --rate=10000 --interface eth0 --router-
mac 00:50:56:00:10:DE
Starting masscan 1.0.3 (http://bit.ly/14GZzcT) at 2019-05-04 14:42:07 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 1 hosts [65535 ports/host]
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10
COMPUTERS SECURITY
Discovered open port 22/tcp on 192.168.202.129
Discovered open port 8080/tcp on 192.168.202.129
Discovered open port 80/tcp on 192.168.202.129
Discovered open port 3306/tcp on 192.168.202.129
Tool Used: Nmap
Description: It is also termed as network mapper and is available in the internet as an open
source network monitoring tool that can help in exploring the network and security auditing.
Reason of Use: Raw IP packets are used by Nmap for determining the available host connected
in the network and the services offered by the host (Oriyano 2016). Many other details such as
the operating system details running on the targeted IP address, filters and firewall types that are
used can also be determined with other characters shown in the table below:
Host (IP) Status Version Services
192.168.202.129 22 Open ssh 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux;
protocol 2.0)
192.168.202.129 80 Open http Apache httpd 2.4.29 ((Ubuntu))
192.168.202.129 3306 Open Mysql (unauthorized)
192.168.202.129 8080 Open http Apache Tomcat
COMPUTERS SECURITY
Discovered open port 22/tcp on 192.168.202.129
Discovered open port 8080/tcp on 192.168.202.129
Discovered open port 80/tcp on 192.168.202.129
Discovered open port 3306/tcp on 192.168.202.129
Tool Used: Nmap
Description: It is also termed as network mapper and is available in the internet as an open
source network monitoring tool that can help in exploring the network and security auditing.
Reason of Use: Raw IP packets are used by Nmap for determining the available host connected
in the network and the services offered by the host (Oriyano 2016). Many other details such as
the operating system details running on the targeted IP address, filters and firewall types that are
used can also be determined with other characters shown in the table below:
Host (IP) Status Version Services
192.168.202.129 22 Open ssh 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux;
protocol 2.0)
192.168.202.129 80 Open http Apache httpd 2.4.29 ((Ubuntu))
192.168.202.129 3306 Open Mysql (unauthorized)
192.168.202.129 8080 Open http Apache Tomcat
11
COMPUTERS SECURITY
root@kali:~# nmap -sV -p22,8080,80,3306 192.168.202.129
Starting Nmap 7.50 ( https://nmap.org ) at 2019-05-04 22:44 AWST
Nmap scan report for 192.168.202.129
Host is up (-0.12s latency).
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
80/tcp open http Apache httpd 2.4.29 ((Ubuntu))
3306/tcp open mysql MySQL (unauthorized)
8080/tcp open http Apache Tomcat
MAC Address: 00:50:56:00:10:DE (VMware)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
COMPUTERS SECURITY
root@kali:~# nmap -sV -p22,8080,80,3306 192.168.202.129
Starting Nmap 7.50 ( https://nmap.org ) at 2019-05-04 22:44 AWST
Nmap scan report for 192.168.202.129
Host is up (-0.12s latency).
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
80/tcp open http Apache httpd 2.4.29 ((Ubuntu))
3306/tcp open mysql MySQL (unauthorized)
8080/tcp open http Apache Tomcat
MAC Address: 00:50:56:00:10:DE (VMware)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
12
COMPUTERS SECURITY
Nmap done: 1 IP address (1 host up) scanned in 24.76 seconds
root@kali:~#
Framework
Tool Used: Metasploit
Description: It is used for executing and developing exploit codes that can be used against the
remote targeted victim.
Reason for Use: Since metasploit provides us choice for configuring the exploit, optionally
checking the susceptibility of the targeted host and executing the exploit. There is a built in
library functionality that contains 1662 exploits, 951 auxiliaries, 9 nops, 40 encoders and 293
posts (Najera-Gutierrez and Ansari 2018).
COMPUTERS SECURITY
Nmap done: 1 IP address (1 host up) scanned in 24.76 seconds
root@kali:~#
Framework
Tool Used: Metasploit
Description: It is used for executing and developing exploit codes that can be used against the
remote targeted victim.
Reason for Use: Since metasploit provides us choice for configuring the exploit, optionally
checking the susceptibility of the targeted host and executing the exploit. There is a built in
library functionality that contains 1662 exploits, 951 auxiliaries, 9 nops, 40 encoders and 293
posts (Najera-Gutierrez and Ansari 2018).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
13
COMPUTERS SECURITY
msf > search distccd
[!] Module database cache not built yet, using slow search
Matching Modules
================
Name Disclosure Date Rank Description
---- --------------- ---- -----------
exploit/unix/misc/distcc_exec 2002-02-01 excellent DistCC Daemon Command
Execution
msf > use exploit/unix/misc/distcc_exec
msf exploit(distcc_exec) > show options
COMPUTERS SECURITY
msf > search distccd
[!] Module database cache not built yet, using slow search
Matching Modules
================
Name Disclosure Date Rank Description
---- --------------- ---- -----------
exploit/unix/misc/distcc_exec 2002-02-01 excellent DistCC Daemon Command
Execution
msf > use exploit/unix/misc/distcc_exec
msf exploit(distcc_exec) > show options
14
COMPUTERS SECURITY
Module options (exploit/unix/misc/distcc_exec):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST yes The target address
RPORT 3632 yes The target port (TCP)
Exploit target:
Id Name
-- ----
0 Automatic Target
COMPUTERS SECURITY
Module options (exploit/unix/misc/distcc_exec):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST yes The target address
RPORT 3632 yes The target port (TCP)
Exploit target:
Id Name
-- ----
0 Automatic Target
15
COMPUTERS SECURITY
msf exploit(distcc_exec) >
WEB Scan
Tool Used: Nikto
Description: Utilized for scanning the web server and finding potential problems and
vulnerabilities
Reason of use: It can scan the software and server misconfigurations, insecure and default
programs and files, for providing information about the outdate programs and servers (Patil et al.
2017). For increasing the simplicity, the item returning false positive result are eliminated from
the output.
root@kali:~# nikto -h 192.168.202.129
- Nikto v2.1.6
---------------------------------------------------------------------------
COMPUTERS SECURITY
msf exploit(distcc_exec) >
WEB Scan
Tool Used: Nikto
Description: Utilized for scanning the web server and finding potential problems and
vulnerabilities
Reason of use: It can scan the software and server misconfigurations, insecure and default
programs and files, for providing information about the outdate programs and servers (Patil et al.
2017). For increasing the simplicity, the item returning false positive result are eliminated from
the output.
root@kali:~# nikto -h 192.168.202.129
- Nikto v2.1.6
---------------------------------------------------------------------------
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
16
COMPUTERS SECURITY
+ Target IP: 192.168.202.129
+ Target Hostname: 192.168.202.129
+ Target Port: 80
+ Start Time: 2019-05-04 22:59:25 (GMT8)
---------------------------------------------------------------------------
+ Server: Apache/2.4.29 (Ubuntu)
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect
against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the
content of the site in a different fashion to the MIME type
+ All CGI directories 'found', use '-C none' to test none
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS
+ OSVDB-2754:
/guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E: MPM
Guestbook 1.2 and previous are vulnreable to XSS attacks.
+ OSVDB-3093: /cgi.cgi/rightfax/fuwww.dll/?: This might be interesting... has been seen in web
logs from an unknown scanner.
+ OSVDB-4314: /texis.exe/?-dump: Texis installation may reveal sensitive information.
COMPUTERS SECURITY
+ Target IP: 192.168.202.129
+ Target Hostname: 192.168.202.129
+ Target Port: 80
+ Start Time: 2019-05-04 22:59:25 (GMT8)
---------------------------------------------------------------------------
+ Server: Apache/2.4.29 (Ubuntu)
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect
against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the
content of the site in a different fashion to the MIME type
+ All CGI directories 'found', use '-C none' to test none
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS
+ OSVDB-2754:
/guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E: MPM
Guestbook 1.2 and previous are vulnreable to XSS attacks.
+ OSVDB-3093: /cgi.cgi/rightfax/fuwww.dll/?: This might be interesting... has been seen in web
logs from an unknown scanner.
+ OSVDB-4314: /texis.exe/?-dump: Texis installation may reveal sensitive information.
17
COMPUTERS SECURITY
+ OSVDB-4314: /texis.exe/?-version: Texis installation may reveal sensitive information.
+ /login.html: Admin login page/section found.
+ /adfs/ls/?wa=wsignout1.0: Active Directory Federation Services sign out page found.
+ 26188 requests: 0 error(s) and 32 item(s) reported on remote host
+ End Time: 2019-05-04 23:00:53 (GMT8) (88 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
*********************************************************************
SQL Injection Scan
This type of scan is performed on the targeted virtual machine for checking that a string can be
inserted for making the website vulnerable for exploitation (Gregg 2017). Attempt was made for
the modification of the database for adding new credential in the user table such that root access
can be gained for the targeted system.
root@kali:~# ssh mysql@192.168.202.129
COMPUTERS SECURITY
+ OSVDB-4314: /texis.exe/?-version: Texis installation may reveal sensitive information.
+ /login.html: Admin login page/section found.
+ /adfs/ls/?wa=wsignout1.0: Active Directory Federation Services sign out page found.
+ 26188 requests: 0 error(s) and 32 item(s) reported on remote host
+ End Time: 2019-05-04 23:00:53 (GMT8) (88 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
*********************************************************************
SQL Injection Scan
This type of scan is performed on the targeted virtual machine for checking that a string can be
inserted for making the website vulnerable for exploitation (Gregg 2017). Attempt was made for
the modification of the database for adding new credential in the user table such that root access
can be gained for the targeted system.
root@kali:~# ssh mysql@192.168.202.129
18
COMPUTERS SECURITY
The authenticity of host '192.168.202.129 (192.168.202.129)' can't be established.
ECDSA key fingerprint is SHA256:I8cisln/7ubpySyy5CSCoDAeDksg2aIPUIJ8+caLVeg.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.202.129' (ECDSA) to the list of known hosts.
mysql@192.168.202.129's password:
Test Logs
The following tables are used for demonstrating the description of the command used for testing.
Command Options Description
nmap- used for finding the
active hosts in a network
with their IP address and
MAC address.
-s scan
-P Ping
Command Options Description
masscan- used to scan the
targeted host for open ports
--ports It is used for add
specification for scanning
the particular port
--rate The rate of transmitting
packets is specified
Command Options Description
nmap- used for finding the
services running on the
ports of the target system
-sV Probe open ports to
determine service/version
information
-p Only scan specified ports
command Options Description
msfconsole For starting the
Metasploitable framework
COMPUTERS SECURITY
The authenticity of host '192.168.202.129 (192.168.202.129)' can't be established.
ECDSA key fingerprint is SHA256:I8cisln/7ubpySyy5CSCoDAeDksg2aIPUIJ8+caLVeg.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.202.129' (ECDSA) to the list of known hosts.
mysql@192.168.202.129's password:
Test Logs
The following tables are used for demonstrating the description of the command used for testing.
Command Options Description
nmap- used for finding the
active hosts in a network
with their IP address and
MAC address.
-s scan
-P Ping
Command Options Description
masscan- used to scan the
targeted host for open ports
--ports It is used for add
specification for scanning
the particular port
--rate The rate of transmitting
packets is specified
Command Options Description
nmap- used for finding the
services running on the
ports of the target system
-sV Probe open ports to
determine service/version
information
-p Only scan specified ports
command Options Description
msfconsole For starting the
Metasploitable framework
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
19
COMPUTERS SECURITY
Console
command Options Description
search distccd searching exploits, Auxiliaries, etc.
related to distccd
use to utilize the given exploit
show options showing value of options parameter
set rhost changing run time parameter
exploit beginning the exploit
Result and Recommendations
The nmap port scanner is used for gathering information about the network and the
targeted host. It can find the IP address, ports, running services on the ports with the version
details. The OS information can be searched and it supports aggressive scans for getting detailed
information about the web service, OS, internal files, directories disallowed, metadata, etc
(Banda et al. 2019). It is recommended that the ports that are not used should be closed and
filters is needed to be applied such that the direct access of the ports are restricted for the users.
The details of the steps performed for gaining the access of the virtual machine and performing
the exploitation is given in the report.
The identification of the vulnerability in the WidgetInc virtual machine helps in prepare a
countermeasure plan that can be applied for eliminating the risk of unauthroised access of files
and information. The system can be secured by turning on UFW such that only the allowed ports
can be used. It should be make sure that mysql can allow only the local host connections and the
risk of remote modification of database can be resolved. The installation of ssh brute force
blocker can eliminate the risk of brute force or dictionary attacks. The ssh login attempts made
on the server is needed to be key based and for management of physical access of the data the
COMPUTERS SECURITY
Console
command Options Description
search distccd searching exploits, Auxiliaries, etc.
related to distccd
use to utilize the given exploit
show options showing value of options parameter
set rhost changing run time parameter
exploit beginning the exploit
Result and Recommendations
The nmap port scanner is used for gathering information about the network and the
targeted host. It can find the IP address, ports, running services on the ports with the version
details. The OS information can be searched and it supports aggressive scans for getting detailed
information about the web service, OS, internal files, directories disallowed, metadata, etc
(Banda et al. 2019). It is recommended that the ports that are not used should be closed and
filters is needed to be applied such that the direct access of the ports are restricted for the users.
The details of the steps performed for gaining the access of the virtual machine and performing
the exploitation is given in the report.
The identification of the vulnerability in the WidgetInc virtual machine helps in prepare a
countermeasure plan that can be applied for eliminating the risk of unauthroised access of files
and information. The system can be secured by turning on UFW such that only the allowed ports
can be used. It should be make sure that mysql can allow only the local host connections and the
risk of remote modification of database can be resolved. The installation of ssh brute force
blocker can eliminate the risk of brute force or dictionary attacks. The ssh login attempts made
on the server is needed to be key based and for management of physical access of the data the
20
COMPUTERS SECURITY
hard drive of the server can be encrypted. The outdates system software service is needed to be
identified and patched such that they do not opens loop holes and enables the attacker to get the
access of files and information using the vulnerability and make exploitation.
COMPUTERS SECURITY
hard drive of the server can be encrypted. The outdates system software service is needed to be
identified and patched such that they do not opens loop holes and enables the attacker to get the
access of files and information using the vulnerability and make exploitation.
21
COMPUTERS SECURITY
Bibliography
Adejo, O. and Connolly, T., 2017. Learning Analytics in a Shared-Network Educational
Environment: Ethical Issues and Countermeasures. Learning, 8(4).
Banda, R., Phiri, J., Nyirenda, M. and Kabemba, M.M., 2019. Technological Paradox of Hackers
Begetting Hackers: A Case of Ethical and Unethical Hackers and their Subtle Tools. Zambia ICT
Journal, 3(1), pp.40-51.
Chakraborty, R., Chattopadhyay, A.K., Kairi, A. and Chakraborty, M., 2019. Brain–Computer
Interface-Based Fear Detection: A Self-defense Mechanism. In Proceedings of International
Ethical Hacking Conference 2018 (pp. 165-176). Springer, Singapore.
Conteh, N.Y. and Schmick, P.J., 2016. Cybersecurity: risks, vulnerabilities and countermeasures
to prevent social engineering attacks. International Journal of Advanced Computer
Research, 6(23), p.31.
Francia III, G.A., Randall, G. and Snellen, J., 2017. Pedagogical Resources for Industrial Control
Systems Security: Design, Implementation, Conveyance, and Evaluation. Journal of
Cybersecurity Education, Research and Practice, 2017(1), p.2.
Gregg, M., 2017. Certified Ethical Hacker (CEH) Version 9 Cert Guide. Pearson IT
Certification.
Hall, G. and Watson, E., 2016. Hacking: Computer Hacking, Security Testing, Penetration
Testing, and Basic Secur. CreateSpace Independent Publishing Platform.
Hatfield, J.M., 2019. Virtuous human hacking: The ethics of social engineering in penetration-
testing. Computers & Security, 83, pp.354-366.
COMPUTERS SECURITY
Bibliography
Adejo, O. and Connolly, T., 2017. Learning Analytics in a Shared-Network Educational
Environment: Ethical Issues and Countermeasures. Learning, 8(4).
Banda, R., Phiri, J., Nyirenda, M. and Kabemba, M.M., 2019. Technological Paradox of Hackers
Begetting Hackers: A Case of Ethical and Unethical Hackers and their Subtle Tools. Zambia ICT
Journal, 3(1), pp.40-51.
Chakraborty, R., Chattopadhyay, A.K., Kairi, A. and Chakraborty, M., 2019. Brain–Computer
Interface-Based Fear Detection: A Self-defense Mechanism. In Proceedings of International
Ethical Hacking Conference 2018 (pp. 165-176). Springer, Singapore.
Conteh, N.Y. and Schmick, P.J., 2016. Cybersecurity: risks, vulnerabilities and countermeasures
to prevent social engineering attacks. International Journal of Advanced Computer
Research, 6(23), p.31.
Francia III, G.A., Randall, G. and Snellen, J., 2017. Pedagogical Resources for Industrial Control
Systems Security: Design, Implementation, Conveyance, and Evaluation. Journal of
Cybersecurity Education, Research and Practice, 2017(1), p.2.
Gregg, M., 2017. Certified Ethical Hacker (CEH) Version 9 Cert Guide. Pearson IT
Certification.
Hall, G. and Watson, E., 2016. Hacking: Computer Hacking, Security Testing, Penetration
Testing, and Basic Secur. CreateSpace Independent Publishing Platform.
Hatfield, J.M., 2019. Virtuous human hacking: The ethics of social engineering in penetration-
testing. Computers & Security, 83, pp.354-366.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
22
COMPUTERS SECURITY
Holzer, C.T. and Lerums, J.E., 2016, May. The ethics of hacking back. In 2016 IEEE
Symposium on Technologies for Homeland Security (HST) (pp. 1-6). IEEE.
Maurushat, A., 2019. Ethical Hacking. University of Ottawa Press.
Mendia, G.O., Juan, L.U.S., Bascaran, X.P., Calvo, A.B., Cordero, A.H., Ugarte, I.Z., Rosas,
A.M., Vilches, D.M., Carbajo, U.A., Kirschgens, L.A. and Vilches, V.M., 2018. Robotics CTF
(RCTF), a playground for robot hacking. arXiv preprint arXiv:1810.02690.
Najera-Gutierrez, G. and Ansari, J.A., 2018. Web Penetration Testing with Kali Linux: Explore
the methods and tools of ethical hacking with Kali Linux. Packt Publishing Ltd.
Oriyano, 2016. CEH v9: Certified Ethical Hacker Version 9 Study Guide (Vol. 9). John Wiley &
Sons.
Patil, S., Jangra, A., Bhale, M., Raina, A. and Kulkarni, P., 2017, September. Ethical hacking:
The need for cyber security. In 2017 IEEE International Conference on Power, Control, Signals
and Instrumentation Engineering (ICPCSI)(pp. 1602-1606). IEEE.
Regalado, D., Harris, S., Harper, A., Eagle, C., Ness, J., Spasojevic, B., Linn, R. and Sims, S.,
2015. Gray Hat Hacking The Ethical Hacker's Handbook. McGraw-Hill Education Group.
Sbai, H., Goldsmith, M., Meftali, S. and Happa, J., 2018, October. A Survey of Keylogger and
Screenlogger Attacks in the Banking Sector and Countermeasures to Them. In International
Symposium on Cyberspace Safety and Security(pp. 18-32). Springer, Cham.
Wang, Q.H., Zhang, L.T. and Qiao, M.K., 2017. Online hacker forum censorship: would banning
the bad guys attract good guys?. AIS.
COMPUTERS SECURITY
Holzer, C.T. and Lerums, J.E., 2016, May. The ethics of hacking back. In 2016 IEEE
Symposium on Technologies for Homeland Security (HST) (pp. 1-6). IEEE.
Maurushat, A., 2019. Ethical Hacking. University of Ottawa Press.
Mendia, G.O., Juan, L.U.S., Bascaran, X.P., Calvo, A.B., Cordero, A.H., Ugarte, I.Z., Rosas,
A.M., Vilches, D.M., Carbajo, U.A., Kirschgens, L.A. and Vilches, V.M., 2018. Robotics CTF
(RCTF), a playground for robot hacking. arXiv preprint arXiv:1810.02690.
Najera-Gutierrez, G. and Ansari, J.A., 2018. Web Penetration Testing with Kali Linux: Explore
the methods and tools of ethical hacking with Kali Linux. Packt Publishing Ltd.
Oriyano, 2016. CEH v9: Certified Ethical Hacker Version 9 Study Guide (Vol. 9). John Wiley &
Sons.
Patil, S., Jangra, A., Bhale, M., Raina, A. and Kulkarni, P., 2017, September. Ethical hacking:
The need for cyber security. In 2017 IEEE International Conference on Power, Control, Signals
and Instrumentation Engineering (ICPCSI)(pp. 1602-1606). IEEE.
Regalado, D., Harris, S., Harper, A., Eagle, C., Ness, J., Spasojevic, B., Linn, R. and Sims, S.,
2015. Gray Hat Hacking The Ethical Hacker's Handbook. McGraw-Hill Education Group.
Sbai, H., Goldsmith, M., Meftali, S. and Happa, J., 2018, October. A Survey of Keylogger and
Screenlogger Attacks in the Banking Sector and Countermeasures to Them. In International
Symposium on Cyberspace Safety and Security(pp. 18-32). Springer, Cham.
Wang, Q.H., Zhang, L.T. and Qiao, M.K., 2017. Online hacker forum censorship: would banning
the bad guys attract good guys?. AIS.
1 out of 23
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.