Individual Report: Demonstration of Penetration Testing Tools - MN623
VerifiedAdded on 2022/09/17
|13
|1284
|26
Report
AI Summary
This report details a penetration testing exercise conducted on a Metasploitable 2 virtual machine, utilizing the OSCP methodology. The report covers information gathering using Nmap to identify open ports and vulnerable services, with a focus on vsftpd 2.3.4. Exploitation is performed using M...
Read More
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Contents
Contents................................................................................................................................................1
Introduction...........................................................................................................................................2
Scope of the work..............................................................................................................................2
Methodology.........................................................................................................................................2
Information gathering...................................................................................................................2
Exploitation....................................................................................................................................4
Password breaking.............................................................................................................................7
Rainbow crack password breaking......................................................................................................10
Counter measures...............................................................................................................................12
References...........................................................................................................................................13
Contents................................................................................................................................................1
Introduction...........................................................................................................................................2
Scope of the work..............................................................................................................................2
Methodology.........................................................................................................................................2
Information gathering...................................................................................................................2
Exploitation....................................................................................................................................4
Password breaking.............................................................................................................................7
Rainbow crack password breaking......................................................................................................10
Counter measures...............................................................................................................................12
References...........................................................................................................................................13
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Introduction
A password is a collection of characters used for authenticating a valid user to provide access or
approval to gain access to a resource. [1]
Ecommerce is web sites store details of bank information on a user, which is accessible to specific
users. This report is going to discuss password breaking tools, which are used in web applications.
For performing password breaking the top most used tools are considered as a part of this project.
The two tools used in this project are john the ripper and rainbow crack.
Scope of the work
We are going to perform penetration testing using OSCP methodology.
We have all the rights of the client to perform this testing.
The password breaking activity is performed on Metasploitable 2 Virtual machine.
All the rites and permissions are allowed by the developer for testing purposes to any user.
Tools used for task finishing are: Vmware15 pro, windows 10, parrot, metasploitable 2, John
the ripper, rainbow crack
Methodology
Information gathering
We are going to use Nmap for gathering information on the webserver. We initially pinged the
server it responded back. It was active and this test could proceed further.
We used the Nmap tool for gathering information about open ports and the services present on the
webserver.
Scanning for the open ports
We have used Nmap can be entered following command “Nmap -sT 192.168.204.129” for
performing TCP scan on the webserver. We have identified the 23 open ports on the webserver. We
can observe that in figure 1.
A password is a collection of characters used for authenticating a valid user to provide access or
approval to gain access to a resource. [1]
Ecommerce is web sites store details of bank information on a user, which is accessible to specific
users. This report is going to discuss password breaking tools, which are used in web applications.
For performing password breaking the top most used tools are considered as a part of this project.
The two tools used in this project are john the ripper and rainbow crack.
Scope of the work
We are going to perform penetration testing using OSCP methodology.
We have all the rights of the client to perform this testing.
The password breaking activity is performed on Metasploitable 2 Virtual machine.
All the rites and permissions are allowed by the developer for testing purposes to any user.
Tools used for task finishing are: Vmware15 pro, windows 10, parrot, metasploitable 2, John
the ripper, rainbow crack
Methodology
Information gathering
We are going to use Nmap for gathering information on the webserver. We initially pinged the
server it responded back. It was active and this test could proceed further.
We used the Nmap tool for gathering information about open ports and the services present on the
webserver.
Scanning for the open ports
We have used Nmap can be entered following command “Nmap -sT 192.168.204.129” for
performing TCP scan on the webserver. We have identified the 23 open ports on the webserver. We
can observe that in figure 1.
Figure 1
Identifying the version of services open
We have used the following command Nmap -sV 192.168.204.129 for checking all the versions of the
ports opened on the webserver. The service vsftpd 2.3.4 seems to be the most vulnerability service
hosted by this web server. The other services Postfix Smtp, ISC BIND 9.4.2 is also vulnerable. But
here vsfrpd 2.3.4 seems to be extremely vulnerable. So, we are going to target that service for
exploitation.
Figure 2
Exploitation
For exploitation purposes, we are going to use Metasploit in this task. First, we try to search for all
the vulnerabilities present on the service vsftp. As you can see in Figure 3. We are searching for
Identifying the version of services open
We have used the following command Nmap -sV 192.168.204.129 for checking all the versions of the
ports opened on the webserver. The service vsftpd 2.3.4 seems to be the most vulnerability service
hosted by this web server. The other services Postfix Smtp, ISC BIND 9.4.2 is also vulnerable. But
here vsfrpd 2.3.4 seems to be extremely vulnerable. So, we are going to target that service for
exploitation.
Figure 2
Exploitation
For exploitation purposes, we are going to use Metasploit in this task. First, we try to search for all
the vulnerabilities present on the service vsftp. As you can see in Figure 3. We are searching for
exploits on this service. Then we are going to look into the options on how to use this exploit. We
can observe that we have to set the Rhost for exploiting this vulnerability. We set the Rhost to the
target Ip address.
Figure 3
We are going to set Rhost to the target machine's IP address, then click enter.
You can observe the shell connection to that remote machine in the below figure 4. We are trying to
check the privileges that we have gained. Using the command “id” and “uname -a”. then we use “cat
/etc/shadow” to gain the password hashes available on the machine. We can also notice that all the
hashes getting dumped on the screen in Figure 5. We are going to use hash checker for extracting
the information about type of hash. we are going to use hash id tool for identifying the type of hash
as shown in Figure 6 we run the hash id and give input of hash which we extracted. It resulted in
MD5 in this case. There can any type of hash depending on the operating system.
can observe that we have to set the Rhost for exploiting this vulnerability. We set the Rhost to the
target Ip address.
Figure 3
We are going to set Rhost to the target machine's IP address, then click enter.
You can observe the shell connection to that remote machine in the below figure 4. We are trying to
check the privileges that we have gained. Using the command “id” and “uname -a”. then we use “cat
/etc/shadow” to gain the password hashes available on the machine. We can also notice that all the
hashes getting dumped on the screen in Figure 5. We are going to use hash checker for extracting
the information about type of hash. we are going to use hash id tool for identifying the type of hash
as shown in Figure 6 we run the hash id and give input of hash which we extracted. It resulted in
MD5 in this case. There can any type of hash depending on the operating system.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Figure 4
Figure 5
Figure 6
Password breaking
As we have extracted the hash of the file, now we have to decode the hash value for identifying the
password. For this purpose, we have decided to use john the ripper for breaking this hash. for
opening john the ripper, we have to go to applications, parrot, password breaking and then click on
johnny. It can observe in Figure 7. Then we are going to copy the complete hash from the terminal
and past it in a .text file extension. Once the johnny is opened we can observe the options like open
password file, open session, passwords, options and etc.
We need to click on “open password file” and open the text file where password and hash have been
stored. Then we load that text file and it can be seen in Figure 9. Then we click on attack this results
in attacking and gives back the actual password of the msfadmin. This can be observed in Figure 10.
The user name: msfadmin
The password: Linux
Password breaking
As we have extracted the hash of the file, now we have to decode the hash value for identifying the
password. For this purpose, we have decided to use john the ripper for breaking this hash. for
opening john the ripper, we have to go to applications, parrot, password breaking and then click on
johnny. It can observe in Figure 7. Then we are going to copy the complete hash from the terminal
and past it in a .text file extension. Once the johnny is opened we can observe the options like open
password file, open session, passwords, options and etc.
We need to click on “open password file” and open the text file where password and hash have been
stored. Then we load that text file and it can be seen in Figure 9. Then we click on attack this results
in attacking and gives back the actual password of the msfadmin. This can be observed in Figure 10.
The user name: msfadmin
The password: Linux
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Figure 7
Figure 8
Figure 8
Figure 9
Figure 10
Figure 10
Rainbow crack password breaking
We are going to use rainbow password cracking for breaking the hash which has been extracted
from the webserver.
We are going to generate the hash for breaking this hash using rtgen.exe in windows.
We are going to use the rainbow crack tool in both the windows and Linux for checking how they
work.
We are generating the hash using rtgen.exe by using the following command rtgen md5 loweralpha
1 7 0 1000 1000 0. That generated MD 5 hashes of 1000 as shown in figure 11.
Figure 11
You can see the result of the number of plain text tools and also the type of hash algorithm used. In
the above figure.
Figure 12
We are going to use rainbow password cracking for breaking the hash which has been extracted
from the webserver.
We are going to generate the hash for breaking this hash using rtgen.exe in windows.
We are going to use the rainbow crack tool in both the windows and Linux for checking how they
work.
We are generating the hash using rtgen.exe by using the following command rtgen md5 loweralpha
1 7 0 1000 1000 0. That generated MD 5 hashes of 1000 as shown in figure 11.
Figure 11
You can see the result of the number of plain text tools and also the type of hash algorithm used. In
the above figure.
Figure 12
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
We are going to copy the same hash file into the linux machine and then try running
command .rcrack ./md5loweralpha#1-7_0_1000x1000_0.rt -h hash then enter.
The result shown as the hash is not found.
We can only break the password if the hash of the file is found in the hash value is not present in the
provided hashes then it becomes extremely hard for the tool to break the password.
The time taken to break the password depends on the hashes provided.
command .rcrack ./md5loweralpha#1-7_0_1000x1000_0.rt -h hash then enter.
The result shown as the hash is not found.
We can only break the password if the hash of the file is found in the hash value is not present in the
provided hashes then it becomes extremely hard for the tool to break the password.
The time taken to break the password depends on the hashes provided.
Countermeasures / recommendations
The web server seems to be extremely vulnerable and it can take control easily.
The web serve should have a Web application firewall in this case.
An open-source or paid web application firewall seems to be the best choice initially.
All the services need to upgrade to the latest versions.
Especially services like Login should be disabled.
It is highly recommended to filter the ports.
The web server seems to be extremely vulnerable and it can take control easily.
The web serve should have a Web application firewall in this case.
An open-source or paid web application firewall seems to be the best choice initially.
All the services need to upgrade to the latest versions.
Especially services like Login should be disabled.
It is highly recommended to filter the ports.
References
[1] “Vulnerability Details : CVE-2011-0762 (1 public exploit).” [Online]. Available:
https://www.cvedetails.com/cve/CVE-2011-0762/.
[2] “RainbowCrack Package Description.” [Online]. Available: https://tools.kali.org/password-
attacks/rainbowcrack.
[3] “John the Ripper.” [Online]. Available: https://whatis.techtarget.com/definition/John-the-
Ripper.
[4] “VSFTPD v2.3.4 Backdoor Command Execution.” [Online]. Available:
https://www.rapid7.com/db/modules/exploit/unix/ftp/vsftpd_234_backdoor.
[5] “Cracking Linux password with john the ripper – tutorial.” [Online]. Available:
https://www.binarytides.com/cracking-linux-password-with-john-the-ripper-tutorial/.
[6] “john Package Description.” [Online]. Available: https://tools.kali.org/password-attacks/john.
[7] “Vulnerability analysis of VSFTPD 2.3.4 backdoor.” [Online]. Available:
https://subscription.packtpub.com/book/networking_and_servers/9781786463166/1/
ch01lvl1sec18/vulnerability-analysis-of-vsftpd-2-3-4-backdoor.
[1] “Vulnerability Details : CVE-2011-0762 (1 public exploit).” [Online]. Available:
https://www.cvedetails.com/cve/CVE-2011-0762/.
[2] “RainbowCrack Package Description.” [Online]. Available: https://tools.kali.org/password-
attacks/rainbowcrack.
[3] “John the Ripper.” [Online]. Available: https://whatis.techtarget.com/definition/John-the-
Ripper.
[4] “VSFTPD v2.3.4 Backdoor Command Execution.” [Online]. Available:
https://www.rapid7.com/db/modules/exploit/unix/ftp/vsftpd_234_backdoor.
[5] “Cracking Linux password with john the ripper – tutorial.” [Online]. Available:
https://www.binarytides.com/cracking-linux-password-with-john-the-ripper-tutorial/.
[6] “john Package Description.” [Online]. Available: https://tools.kali.org/password-attacks/john.
[7] “Vulnerability analysis of VSFTPD 2.3.4 backdoor.” [Online]. Available:
https://subscription.packtpub.com/book/networking_and_servers/9781786463166/1/
ch01lvl1sec18/vulnerability-analysis-of-vsftpd-2-3-4-backdoor.
1 out of 13
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.