logo

Analysis of Security Vulnerability of WidgetsInc Virtual Machine Image

23 Pages3636 Words97 Views
   

Added on  2023-01-06

About This Document

The report is prepared for analysis of the security vulnerability of the WidgetsInc virtual machine image that has been provided for evaluation. For performing the vulnerability test we have selected kali linux and different tools to identify the security issue with the image. The report provides a shot description of each of the process performed for the evaluation of vulnerability. The results that are obtained from the tests are described and the security issues are addressed that can help the company to eliminate the different vulnerability issues and develop their new web-based store.

Analysis of Security Vulnerability of WidgetsInc Virtual Machine Image

   Added on 2023-01-06

ShareRelated Documents
Running head: COMPUTERS SECURITY
Computer Security
Name of the Student
Name of the University
Author’s Note
Analysis of Security Vulnerability of WidgetsInc Virtual Machine Image_1
1
COMPUTERS SECURITY
Executive Summary
The report is prepared for analysis of the security vulnerability of the WidgetsInc virtual machine
image that has been provided for evaluation. For performing the vulnerability test we have
selected kali linux and different tools to identify the security issue with the image. The report
provides a shot description of each of the process performed for the evaluation of vulnerability.
The results that are obtained from the tests are described and the security issues are addressed
that can help the company to eliminate the different vulnerability issues and develop their new
web-based store.
Analysis of Security Vulnerability of WidgetsInc Virtual Machine Image_2
2
COMPUTERS SECURITY
Table of Contents
Overview..........................................................................................................................................3
Summary of Results.........................................................................................................................3
Methodology....................................................................................................................................4
Scope............................................................................................................................................4
Information Gathering.................................................................................................................5
IP and MAC Address...................................................................................................................6
Virtual Host.................................................................................................................................7
Scanning......................................................................................................................................8
Port Scan..................................................................................................................................8
Framework.............................................................................................................................12
WEB Scan..............................................................................................................................14
SQL Injection Scan................................................................................................................17
Test Logs.......................................................................................................................................17
Result and Recommendations........................................................................................................19
Bibliography..................................................................................................................................20
Analysis of Security Vulnerability of WidgetsInc Virtual Machine Image_3
3
COMPUTERS SECURITY
Overview
Ethical hacking is used for performing the attack on the virtual machine of WidgetInc and
finding the security weakness of the computer system and handling the attacked environment.
For performing the test different types of attacks are performed on the host and the result of the
attack are observed for identification of the weak point that can compromise the victim Virtual
Machine. Flags are used for penetrating as root user, other normal users for the exploitation of
the configuration issues and finding desired vulnerability.
The report demonstrates the testing logs, results and recommendation that was used for
compromising the security of the targeted host.
Summary of Results
After performing the penetration testing the victim virtual machine is found to be
vulnerable to different types of network attacks that are related to authentication, authorization
and access controls. Authentication using non-plaintext as for example DIGEST-MD5 resulted in
increasing the possibility of unauthroised access for the web application and have a negative
impact on the user data residing in the database of the server. The services that are available for
the users are examined thoroughly with the use of payloads, encoders, exploits and encoders. A
documented security weakness is used by the module for the execution of arbitrary commands
for the targeted victim and run distCC daemon command without checking authorization.
The service named ProFTPD that is used for enhancing the FTP server and feature of
Apache configuration syntax contains the different virtual, anonymous and permission based
FTP servers that is used for the test and the favorable output is documented.
Analysis of Security Vulnerability of WidgetsInc Virtual Machine Image_4
4
COMPUTERS SECURITY
Kali Linux offers different type of security tools for analyzing the potential problem and
vulnerabilities of a host by bypassing password security, cracking tools and recovering the
password from the stored data. The packages available in Kali Linux is a mixture of different
algorithm and cracking strategies like brute force, dictionary attack and is found to be most
productive in penetration testing.
The vulnerability of the Web server is tested for finding the problems with software and
server misconfigurations. A checking is done on the default files and programs that are outdated
and is vulnerable to different types of network attacks.
Methodology
Multiple number of steps are performed for beginning the scope of vulnerability test and
is ended with reporting the output of the test. A self-performing test is used with the modes that
can be used by the attacker for controlling the execution of different types of attack and prevent
it from harming the system (Hall and Watson 2016). The approach of vulnerability test is not
limited to automated and manual scans and finding the verification. The false positives and the
error in outputs can be eliminated with the implementation of manual scanning and verification
of the configurations.
Scope
The scope of performing the vulnerability test on the VMware image to gather
information about the security configuration and services. Since no information is provided
about the virtual image it falls under Gray box testing category multiple tools are used for
gathering information about the image file (Regalado et al. 2015). The network adapter in
Analysis of Security Vulnerability of WidgetsInc Virtual Machine Image_5
5
COMPUTERS SECURITY
vmware is changed from NAT to host only for identifying the IP address of the machine and Kali
linux is used for getting more visibility for the targeted host with IP address 192.168.202.129.
Information Gathering
Before accessing the targeted victim, a research is performed for gathering information
from third party sources such as identifying the IP address of the host, hack attempts made on the
machine, information about the operating system, services running on different ports, Open
ports, etc. for using it later and perform the exploitation (Conteh and Schmick 2016).
Analysis of Security Vulnerability of WidgetsInc Virtual Machine Image_6

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Computer Security
|19
|2531
|97

Computer Security
|18
|3268
|86

INFORMATION SYSTEM THREATS, ATTACKS AND DEFENSES.
|29
|1680
|33

Conducting Vulnerability on Windows XP-SP2 System using Nessus and Metasploit
|42
|2354
|77

Implementation and Evaluation of Penetration Testing Tools
|7
|969
|40

Ethical Hacking & Countermeasures Report 2022
|25
|3747
|46