Ethical Hacking: Introduction, Pen Testing Approach, Results and Findings
Added on 2022-12-29
7 Pages1139 Words93 Views
|
|
|
Ethical Hacking 1
DEAKIN UNIVERSITY
ETHICAL HACKING
On Track Submission
Task 8.1P Pentest report- Group Task
submitted By”
Ameer Hussain Mohamed Shibly
Tutor:
Rahul Ramdas
Group Members
Bomori Brian Boaz Omori
Sfrehman Syed Faiq Ur Rehman
Ahmohame Ameer Hussain Mohamed Shibly
DEAKIN UNIVERSITY
ETHICAL HACKING
On Track Submission
Task 8.1P Pentest report- Group Task
submitted By”
Ameer Hussain Mohamed Shibly
Tutor:
Rahul Ramdas
Group Members
Bomori Brian Boaz Omori
Sfrehman Syed Faiq Ur Rehman
Ahmohame Ameer Hussain Mohamed Shibly
Ethical Hacking 2
Ethical Hacking
Introduction
Ethical hacking, also called penetration testing, intrusion or red teaming is a security
control practice that seeks to penetrate into a computer systems without malicious intentions.
Different from what hackers do- aiming at stealing, manipulating, taking control and denying
services to legitimate systems users, ethical hacking is conducted with a sole aim of identifying
and correcting any system’s loopholes. It is a legal activity since it is used by organizations to
strengthen their security posture at the advent of increased sophistication and magnitude of
security incidences. The purpose of this paper is to describe ethical hacking with by
demonstrating practical skills used to conduct penetration testing in digital infrastructures of
Digital Assets. It seeks to find system vulnerabilities that could be successfully exploited by
system hackers and providing mitigation strategies for the same.
Pen Testing Approach
Ethical Hacking
Introduction
Ethical hacking, also called penetration testing, intrusion or red teaming is a security
control practice that seeks to penetrate into a computer systems without malicious intentions.
Different from what hackers do- aiming at stealing, manipulating, taking control and denying
services to legitimate systems users, ethical hacking is conducted with a sole aim of identifying
and correcting any system’s loopholes. It is a legal activity since it is used by organizations to
strengthen their security posture at the advent of increased sophistication and magnitude of
security incidences. The purpose of this paper is to describe ethical hacking with by
demonstrating practical skills used to conduct penetration testing in digital infrastructures of
Digital Assets. It seeks to find system vulnerabilities that could be successfully exploited by
system hackers and providing mitigation strategies for the same.
Pen Testing Approach
Ethical Hacking 3
To access Digital Assets’ digital infrastructure a login was made on the VMLab and pod
booked in the SIT 379 Pentest Project. The testing environment as shown in the diagram above
comprised of a firewall application that demarcate the organization’s intranet with the public
internet. The intranet had an external machine learning on Kali Linux VM machine, while the
internal system comprised of a DVL, Win12r2, Ubuntu, Win16 and Secondo-running machines.
A black box system was conducted on the system. Black box pen-testing is a type of
external penetration test that is done with zero knowledge about the network system. The testers
in this case are required to acquire or learn about the network by applying penetration testing
tools or using the social engineering techniques. As an external penetration test, it is used to
unmask vulnerabilities seen over the internet, that is, threats and vulnerabilities originating from
external networks. Apart from knowing the network addresses 192.168.1.0/24 and 10.1.1.0/28,
no other information we had through prior to the test. Conducting a black box pen-testing implies
that the only access we had was to the hacker’s box (external Kali VM) to remotely exploit
vulnerabilities in the Digital Assets’ digital infrastructure.
To discover and exploit the network’s vulnerabilities, the command search vsftpd was
run on hacker’s VM machine. This command helped in the location of the exploitations. The
show options from the terminal search were used to locate these vulnerabilities to their
directories. After this, a point of victim machine was setup using the command set RHOST. This
was in a bid to further exploit the vulnerabilities and discover whether all security conditions
were met. Finally, the exploits were run to gain access to the victim machine and points prone to
attacks were identified and accessed through the open ports. The below diagrams visually
represent this procedure.
To access Digital Assets’ digital infrastructure a login was made on the VMLab and pod
booked in the SIT 379 Pentest Project. The testing environment as shown in the diagram above
comprised of a firewall application that demarcate the organization’s intranet with the public
internet. The intranet had an external machine learning on Kali Linux VM machine, while the
internal system comprised of a DVL, Win12r2, Ubuntu, Win16 and Secondo-running machines.
A black box system was conducted on the system. Black box pen-testing is a type of
external penetration test that is done with zero knowledge about the network system. The testers
in this case are required to acquire or learn about the network by applying penetration testing
tools or using the social engineering techniques. As an external penetration test, it is used to
unmask vulnerabilities seen over the internet, that is, threats and vulnerabilities originating from
external networks. Apart from knowing the network addresses 192.168.1.0/24 and 10.1.1.0/28,
no other information we had through prior to the test. Conducting a black box pen-testing implies
that the only access we had was to the hacker’s box (external Kali VM) to remotely exploit
vulnerabilities in the Digital Assets’ digital infrastructure.
To discover and exploit the network’s vulnerabilities, the command search vsftpd was
run on hacker’s VM machine. This command helped in the location of the exploitations. The
show options from the terminal search were used to locate these vulnerabilities to their
directories. After this, a point of victim machine was setup using the command set RHOST. This
was in a bid to further exploit the vulnerabilities and discover whether all security conditions
were met. Finally, the exploits were run to gain access to the victim machine and points prone to
attacks were identified and accessed through the open ports. The below diagrams visually
represent this procedure.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Ethical Hacking: Learning Summarylg...
|8
|1902
|1
Computer Science and Security | Task Reportlg...
|43
|3989
|16
Ethical Hacking: Methodology, Tools and Penetration Testinglg...
|17
|1703
|348
Assessment :Firewall Setup & Configurationlg...
|14
|1431
|14
Ethical Issues in Technology and Hackinglg...
|4
|1264
|132
ICT Ethical Hacking Exploitslg...
|11
|2470
|1