Professional Documents
Culture Documents
Sample
Sample
A Research
Presented to the
Computer Engineering Department
College of Engineering and Architecture
Pangasinan State University
Urdaneta City
In Partial Fulfilment
of the Requirements for the Degree
Bachelor of Science in Computer Engineering
Major in System and Network Administration
ELLYSA BALANZA
JAE ANNE V. EBORA
CLARK JR. P. NONES
JUNE 2022
APPROVAL SHEET
ii
ACKNOWLEDGMENT
First and above all, from the bottom of our hearts, we would like to thank
God Almighty for the courage, strength, guidance, knowledge, opportunity, and
This project thesis would not have been possible without the help of some
support and assistance of the following people who assisted and supported us in
adviser, Dr. Kenneth Oliver S. Lopez, for the never-ending support, patience,
motivation, and guidance in finishing this research study. His utmost knowledge
Canuel, Engr. Jay-Ar Pentecostes, and Engr. Khayzelle C. Cayabyab for giving
their insights on improving this study, understanding us (the researchers) and our
research study, and for the patience in giving us time to share our knowledge and
We would also like to express our gratitude to the rest of the Computer
through this phase. Engr. Rex B. Basuel, the Dean of the College of Engineering
iii
ACKNOWLEDGEMENT
and Architecture, thank you for the knowledge he lends us and for his favorable
To our families and friends, we express our sincerest gratitude and heartfelt
"Thank You" for giving us motivation, patience, financial needs, and extra push
Technology (DOST) to all their staff for the financial support throughout our
college life. We would not be able to get to where we are right now without their
help. We will never forget that we are the 'Scholars for the Nation.'
Lastly, gratitude and appreciation should also go to us, the researchers, for
giving the best in this study. We hope you appreciated the outcome of our hard
work, hopes, dreams, sleepless nights, blood, sweat, and tears. Thank you for not
giving up.
iv
TABLE OF CONTENTS
DEDICATION
This study is wholeheartedly dedicated to our Almighty Father, for the courage,
To our beloved family and friends, who have been our source of inspiration
And to the faculty of the Computer Engineering Department for giving their time,
Ellysa Balanza
v
TABLE OF CONTENTS
TABLE OF CONTENTS
Page
ACKNOWLEDGMENT ……………………………………………………......iii
DEDICATION ………………………………….…….……….………………v
CHAPTER 1: INTRODUCTION
Related Literature
vi
TABLE OF CONTENTS
Reconnaissance Tools …………………………………………… 16
Related Studies
Ethical Hacking.…………………………………………………… 32
CHAPTER 3: METHODOLOGY
Data Collection
Observation …………………………………………………….. 43
Testing ……………………………………………………………. 45
Recon-ng .……………………………………………………… 52
vii
TABLE OF CONTENTS
theHarvester ...………………………………………………… 55
Nmap ……………………………………………………...…….. 57
Nikto ……………………………………………………………… 64
Wireshark .……………………………………………………. 68
TCPDump ..…………………………………………………….. 71
ExploitDB ..…………………………………………………….. 73
Metasploit .………………………………………………..……. 75
Brutespray ..…………………………………………………….. 78
THC-Hydra ..…………………………………………………….. 83
John-the-Ripper ..……………………………………………. 86
Burpsuite .………………………………………………...… 89
Sqlmap .…………………………………………………… 95
viii
TABLE OF CONTENTS
Problems Encountered During the Implementation of the ………. 147
Nineteen Penetration Testing Tools
APPENDICES
ix
TABLE OF CONTENTS
Appendix O – VLAN Management Configuration on Switch ……… 191
x
LIST OF TABLES
LIST OF TABLES
TABLES PAGE
xi
LIST OF TABLES
TABLES PAGE
xii
LIST OF FIGURES
LIST OF FIGURES
FIGURE # PAGE
xiii
LIST OF FIGURES
FIGURE # PAGE
xiv
LIST OF FIGURES
FIGURE # PAGE
36.1 Cloned Google Login Page and the Captured Credentials 115
36.2 Cloned Google Login Page and the Captured Credentials 115
xv
ABSTRACT
ABSTRACT
and safe for penetration testing. Furthermore, nineteen (19) penetration testing
tools were tested and evaluated and were utilized in the laboratory. The
effectiveness of these tools was assessed in terms of speed and coverage. The
laboratory was divided into two (2) different sides, attacker and target. Some of the
device(s) acted as the attacker, and the other equipment operated as the targets.
The researchers simulated nineteen (19) penetration testing tools installed in the
attacker.
xvi
ABSTRACT
The developed penetration testing laboratory was tested on the thirty (30)
the reliability of the said developed laboratory in terms of the following dimensions:
Usefulness; Ease of Use; Ease of Learning; and Satisfaction. Moreover, the only
restraint in the penetration testing laboratory was three (3) of the tools did not work
successfully due to hardware constraints. On the other hand, the sixteen (16)
penetration testing tools presented could be replaced with other tools. Also, the
attacker machine could be replaced with laptops or desktops that could be installed
with different tools. In addition, some attacks performed were limited due to the
targets deployed. Thus, it is also recommended to add or change targets that were
performed to challenge things, whereas two teams could be created, Red Team
xvii
CHAPTER 1
INTRODUCTION
revolutionized every facet of our society at all levels, thus becoming more
dependent on these services irrespective of size and volume or use and purpose.
The numerous advantages of these evolutions come with the rapid increase of
users and their data. According to Statista, as of April 2022, five (5) billion people,
or sixty-three (63) percent of the world's population, use the Internet (Johnson,
2022). With that, the predicted number of datasphere of the International Data
Corporation (IDC) that will be on the Internet by 2025 is one hundred seventy-five
headlines from various media platforms, from personal to corporate security, and
data breaches, phishing scams, malicious software, identity theft, voyeurism, and
are all vulnerable in the face of cyber-related crimes (Interpol, 2020). That being
1
CHAPTER I: INTRODUCTION
Despite the infallible laws and policies implemented, there has always been
from a set of tools to mitigate and identify these threats using security software
provided by a variety of vendors to limit the chance of mishaps and data loss. In
Philippines, Secuna (2022), to diminish these risks, one must venture into how
these black hat hackers think, plan and operate. These organizations would be
better positioned to discover and identify security issues, patch their systems, and
devise strategies and solutions to avoid illegal digital intrusion if they did so (MB
Technews, 2022).
Philippines are insecure and vulnerable, which makes them susceptible to hacking.
has been a rampage of incidents wherein groups of gray hat hackers in the
of the Philippines (PUP), Far Eastern University (FEU), Fatima School Bacood,
and many more. Unlike the black hat hackers, gray hat hackers have the intention
2
CHAPTER I: INTRODUCTION
However, even if the motivation is good, unauthorized infiltration into an
Compared to black hat and gray hat hackers, white hat hackers have the
and immediately fix them. In addition, they can also be called pentester, a shorter
term for penetration testers. However, ethical hacking is not a skill that can be
learned and mastered in just months; it takes time and effort. Thus, creating a
personal lab would be very useful to simulate the penetration testing tools that are
readily available online. You do not want to test the devices on your network,
especially when you do not have permission from the owners. On the other hand,
this setup will not be ideal since the guest hosts would take other computer
resources, especially when the host has a low-level or even mid-level system. But,
with a laboratory, penetration testers could legally customize and control the
environment that will suit their needs, without defacing websites or illegally
as a Basis for Network Security” was conducted to establish a laboratory that could
Urdaneta City Campus (PSU – UCC). Furthermore, the researchers used different
effectiveness was taken on the premise of response or speed, which refers to the
3
CHAPTER I: INTRODUCTION
amount of time needed to complete a specific task. On the other hand, coverage
was defined as the ability of these particular tools to pass through the first three
Urdaneta Campus (PSU – UCC) and determine the effectiveness of the different
A. Information Gathering
a) Recon-ng; and
b) theHarvester
B. Scanning Vulnerabilities
a) Nmap;
b) Nikto;
c) Wireshark;
4
CHAPTER I: INTRODUCTION
d) TCPDump; and
e) ExploitDB
C. Gaining Access
a) Metasploit;
b) Brutespray;
c) THC-Hydra;
d) John-the-Ripper;
e) BurpSuite;
f) Sqlmap;
g) Cisco-Global-Exploiter;
h) Yersinia;
i) Aircrack-ng;
j) Fern-WiF-Cracker;
k) Karmetasploit; and
3. What is the reliability and acceptability (to the students) of the developed
5
CHAPTER I: INTRODUCTION
SIGNIFICANCE OF THE STUDY
laboratory manual that could be used by the Computer Engineering students in the
penetration testing tools and methods were used to simulate the actual laboratory.
where this research would educate students that would be interested in the
cybersecurity field; equipping them with the right tools, let them hone their skills in
penetration testing tools, their effectiveness, and how to utilize them to their
advantage.
hackers, they are always bound to exploit these vulnerabilities, stealing data and
even money. It would be great to have a trained penetration tester to prevent such
unfortunate cases.
hackers, especially hacktivists; there have been many cases and records about
defacing websites and data leakage from different organizations. The penetration
6
CHAPTER I: INTRODUCTION
The Researchers – With this study, it will be beneficial for the researchers
tools to practice and apply what they have learned. They can use this
as a future reference for more studies or to further improve this study as the
technologies for both hardware and software are constantly being developed.
Campus for the 2nd Semester of the Academic Year 2021 – 2022 and then testing
Random-Access Memory (RAM) with 32GB microSD storage, which was installed
with Kali Linux as its operating system, and it functioned as the attacker. The
researchers' used Raspberry Pi 4 Model B; others could use various devices such
as Desktop computers, laptops, and many more. It would particularly simulate the
basic features and functions of nineteen (19) different penetration testing tools
7
CHAPTER I: INTRODUCTION
Social Engineering Toolkit. The testing method was under gray box testing,
wherein the tester has partial knowledge of the internal infrastructure of the
laboratory setup. Also, the tools, Recon-ng, and theHarvester, were connected to
RAM with 16GB microSD storage was used as the target desktop and a web
access point for the wireless network. Other components that the researchers
included were one (1) Cisco Catalyst 3750 switch and two (2) Cisco Catalyst 2811
routers. They were used to simulate a different network, one of which was used as
Furthermore, this laboratory was designed for internal testing only. This
means that all the penetration testing tools performed were on the researchers'
network and infrastructure alone, and they were not simulated on any device or
reconnaissance was performed to not directly to engage in the target system. The
access point's Broadcast Service Set Identifier (SSID) was "TP-Link Pentesters".
Moreover, for the Social Engineering Toolkit, only one feature was used since most
8
CHAPTER I: INTRODUCTION
Lastly, there were thirty (30) respondents from Bachelor of Science in
Pangasinan State University – Urdaneta Campus (PSU-UCC) that tested and used
the penetration testing laboratory and the laboratory manual for guidance.
Furthermore, a survey questionnaire was used for data gathering regarding the
identify and verify a user or an application. API Keys are available on various
Black Hat Hacker – unlike the white hat hackers, they do not have
or mixes a variety of usernames and passwords until the precise and right login
9
CHAPTER I: INTRODUCTION
Coverage – the ability of these particular tools to pass through the first three
Cybercrime – crimes about the use of a computer and the Internet (e.g.,
Dictionary)
guess the password using a list of words. Those words and phrases can potentially
penetration tester has limited information regarding its target. (Imperva, 2021)
Gray Hat Hacker – individuals who use hacking for offensive and defensive
Internal testing – the penetration testing tools are limited to the researcher's
network and infrastructure. They will not simulate them on any device or network
for which the researchers have no permission. No one will test on other networks,
10
CHAPTER I: INTRODUCTION
Intrusion Detection Systems (IDS) - analyzes and monitors network traffic
without engaging them directly. It is not directly interacting with the target system
by not sending any request to the target. Therefore, the target has no means of
establishes a connection with the target machine and then acquires access, which
it can exploit to steal data or carry out other malicious operations. (Kaspersky,
2022)
11
CHAPTER I: INTRODUCTION
Session Cookie – a file containing identifiers, either a string of letters or
numbers, wherein the website server sends it to a browser, which then helps web
Speed – the time it takes a penetration testing tool to finish a given task.
White Hat Hackers – also known as Ethical Hackers, have the authorization
to exploit a system or network legally. The information they gathered will be used
12
CHAPTER 2
research. These give researchers an idea and particular insights into the
Ethical Hacking
human in many different aspects of daily life. However, the Internet has its dark
sides where criminals linger. Therefore, knowing how the users can protect the
network is vital. According to Neeraj Rathore (2015), the practice of ethical hacking
is breaking inside a computer's system without any malicious intent. Its goal is to
identify security risks and report them to the users or the people who are at risk of
cyber-attacks. Ethical hackers are the security experts who hack for defensive and
13
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
expertise. In 2017, the Philippines spent only 0.04 percent of its GDP on
cybersecurity, whereas other ASEAN countries spent 0.07 percent. Because of the
China and Russia, the government established the Department of Information and
the field of ICT. Secretary Gregorio Honasan Jr., the head of DICT, has three areas
to prioritize: a) provide access for every Filipino; b) adopt more vital ICT
Kali Linux
some of the frequent uses of Kali Linux. It offers more than three-hundred (300)
spoofing, password cracking, maintaining access, reporting tools, and many more.
are known tools in this distribution. Kali Linux is a product of Offensive Security.
(Ben, 2021)
14
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
Penetration Testing
the penetration testing process has five (5) stages, namely: reconnaissance,
scanning, gaining access, maintaining access, and analysis and web application
systems that will investigate, the testing methods utilized in this situation, and
gathering information about the target (e.g., domain names, mail servers.) The
scanning stage is knowing how some intrusions will be handled by the target.
Gaining access uses attacks (web attacks) to identify the target's weaknesses or
vulnerabilities. The ethical hackers will then try to exploit these vulnerabilities found
either by stealing data, intercepting the traffic and many more, to understand the
sensitive data. The final phase is analysis, which involves compiling the test
results. Then, the pentesters will report to the security personnel, which will create
solutions to protect the network and even data against possible attacks. (Imperva,
2021)
15
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
Reconnaissance Tools
information, (b) deciding the network’s range, (c) recognizing all active machines,
(d) obtaining an operating system in use, (e) identify operational framework, (f)
show services used on each port, and (g) understanding network map.
Recon-ng is among the numerous tools available for the first penetration
installed in Kali Linux, operated on a command-line interface (CLI) with the same
the Metasploit Frameworks that can exploit a particular machine or system, recon-
with command completion and contextual assistance. Overall, Recon-ng has one
marketplace inside the Recon-ng. They also categorized them according to their
16
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
Another tool for the first phase of penetration testing is the theHarvester.
This package contains tools for gathering information. It gathers information like e-
mail addresses, virtual hosts, subdomain names, open ports or banners, and
employee names from different public sources like search engines (Kumar, 2022).
TheHarvester has almost the same features as the Recon-ng, which was also
where the theHarvester has only thirty-eight (38) modules to choose from, and
fourteen (14) require API keys. Furthermore, the modules do not require
installation since they are already available in the theHarvester. (Kumar, 2022)
Scanning tools are software tools that examine a network for existing
(Pedamkar, 2020). According to Pedamkar (2020), seven (7) popular tools are
displays operating systems (OS), and displays the firewalls used and available on
17
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
different OS. It is considered one of the most popular tools for pentesters and
system and network administrators, and because of it, it garnered many awards
relating to security. Like the other tools, it is open-source and controlled using the
Another tool is the Nikto, a pluggable web server and common gateway
reports are in plain text or HTML, and there are also HTTP versions available,
cookies support, and many more. Nikto is a web server as well as a web application
analysis tool, both free and open source. Moreover, it is a straightforward and
programs, insecure and outdated servers, and/or programs. Nikto quickly tests a
web server, and the results can be found visibly in the log files or an Intrusion
It focuses on network protocols going in and out of the network. Similar to Nmap,
(GUI) feature to capture packets and network protocols from a network. Each
packet contains sensitive data and information that, later on, will be used for the
next phase of penetration testing. Wireshark can even decode data payloads
18
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
depending on its protocols (e.g., HTTP). Each captured packet using Wireshark
contained the following details: the time taken to capture the packet, the source
and destination IP address, the protocol used, the length, and some packet
passwords if the protocol used in any webpage or web application is not encrypted
network activities, for it can be able to examine packets such as Internet Protocol
(DVMRP), Andrew File System (AFS), Server Message Block (SMB), Open
Shortest Path First (OSPF), Network File System (NFS), and many more. (Gerardi,
2020)
repository of exploits for public security and explains inside that specific database.
Its goal is to give a complete and extensive collection of exploits in a free and easy-
19
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
to-use database through mailing lists, direct submissions, and other public
weaknesses in a specific network and stays up to date on current attacks that are
applications that can be searchable and downloadable, then used for exploitation.
repository of publicly accessible exploits and the susceptible software they relate
to. Its goal is to compile the complete collection of exploits, shellcode, and papers
available, acquired via direct contributions, mailing groups, and other publicly
a command-line search and query tool for ExploitDB that allows searching for any
However, some tools still need other tools (from the earlier phases of ethical
Among the plethora of tools that can be used in gaining access, one of which is
the Metasploit. This is a free and open-source penetrating framework tool. There
20
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
are numerous modules in Metasploit that allow configuring an exploit module. After
configuring, just pair it with a payload, then target a victim, and finally attack against
the target machine. According to Said (2020), one of the most popular penetration
testing tools under Kali Linux is Metasploit. It is commonly known for attacking
systems to test security exploits. There are five (5) modules which are the payload,
appropriate exploit or/and payload for the exploitation of the machine. After that,
the chosen payload is executed at the target, and the ethical hacker is given a shell
to be able to connect with the payload once the exploit is successful. It provides
Ottawa (2022) highlighted two (2) steps in this phase, gaining access, in
username or email address). THC-Hydra and John-the-Ripper are two of the most
21
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
widely used password attack tools in Kali Linux, according to Carson (2020), a
penetration testing that performs port scanning. From the name itself, once it is
network using Nmap, one of the tools under the reconnaissance phase, to check
the open ports and other services. After the scan, the data and information
scanned were saved in a GNMAP/XML format. The output file is used by the pen-
testers to perform brute force attacks against the open port services of the target
THC-Hydra is one of the most popular brute force password cracking tools.
Similar to the Brutespray, THC-Hydra performs and uses both dictionary and brute-
force attacks, which can be both operated on a GUI feature of the Graphical User
Interface, and the command-line interface or CLI. It also allows various operating
systems like all Unix platforms such as Linux, Solaris, etc., or MacOS and
Telnet, and many more. Hydra is capable of working online and needs to use the
initially designed for Unix-based computers but now works on various platforms.
The three (3) main password-cracking techniques used by John-the-Ripper are (a)
22
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
single crack mode, which is the quickest and best option if the entire password file
to crack is provided; (b) wordlist mode, which compares the hash to a database of
potential password matches; and (c) incremental mode, which is the most potent
because it employs brute force to try every possible combination until it produces
One of the online application testing methods used during the obtaining
access phase is called Sqlmap, which looks for and exploits vulnerabilities in web
applications' use of structured query language (SQL) injection. On the target host,
it allegedly finds one or more SQL injections. There are now a variety of choices
management system. In addition, it retrieves the session user and database for
hashes, privileges, and databases. SQL dumps the entire or user-specific DBMS
particular files on the file system, among other things. Also, Sqlmap is utilized on
the command-line interface (CLI) and is open-source and free. MySQL, Oracle,
fully supported. It also supports a variety of SQL injection techniques that are both
interface, often known as Burp Suite (GUI). The most common users of Burp are
the expert web app security researchers and bug bounty hunters. A free
23
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
Community Edition, a Professional Edition, and an Enterprise Edition are the three
editions of the tool that are offered. There are far fewer features in the Community
Edition. To offer a complete security solution for online applications is its objective,
a web application mapping spider used to map target websites and a repeater that
useful for searching for data chunks in headers, parameter values, etc. In addition,
a comparer function analyzes the two (2) pieces of data to spot visual differences,
into the tools to expand their functionality. The tool's more intricate capabilities
tokens created by the web server are indeed random. On the other hand, proxy
server and intruder are essential tools one can practice, which was used in this
Network Infrastructure Tests, on the other hand, are defined as, "Testing
or more layers that define an Ethernet/IP network" Payerle (2016). One of which
is the Yersinia, a framework for performing layer two attacks. It takes advantage
(ISL), VLAN Trunking Protocol (VTP), and many more. (Bisson, M. n.d.)
24
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
On the other hand, Cisco Global Exploiter or CGE is an advanced and fast
yet straightforward security testing tool that can exploit the most dangerous
simple parameters (e.g., target and the vulnerability to exploit), CGE has an
intuitive and straightforward user interface executable from the command line. To
be more specific, the fourteen (14) vulnerabilities in Cisco switches and routers are
namely: (1) Cisco 677/678 Telnet Buffer Overflow Vulnerability, (2) Cisco IOS
Router Denial of Service Vulnerability, (3) Cisco IOS HTTP Auth Vulnerability, (4)
Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability, (6) Cisco
675 Web Administration Denial of Service Vulnerability, (7) Cisco Catalyst 3500
Request Denial of Service Vulnerability, (9) Cisco 514 UDP Flood Denial of Service
Vulnerability, (11) Cisco Catalyst Memory Leak Vulnerability, (12) Cisco CatOS
Bypass Vulnerability (UTF), and (14) Cisco IOS HTTP Denial of Service
The main goal of the wireless network test is to identify Wi-Fi networks (e.g.,
fingerprinting, information leakage, and signal leakage), and then determines the
25
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
the users' credentials in accessing their networks. One of the tools in this phase is
monitoring, capturing of packets, and the exporting of data to text files for in-depth
processing by third-party tools. Furthermore, this can test or check Wi-Fi cards and
testing tool under the gaining access phase with the same goal as other wireless
can also recover those keys. Fern Wi-Fi Cracker is operated in a graphical user
interface feature. Furthermore, some of the features of Fern Wi-Fi Cracker include
passwords, collect information, and perform web browser attacks (by faking these)
pentester. The only requirement is the user should connect to the created fake
From Domain Name Server (DNS), Post Office Protocol 3 (POP3), Internet
26
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
servers, there is already a broad net cast to gather several types of information.
Last is the social engineering test, Allen (2021) defined social engineering
Furthermore, the social engineering test aims to point out a person's weaknesses
and even a group of people. As RS Security (2018) said, "The most easily
is a penetration testing tool for social engineering, free and open-source, created
attacks such as phishing, cloning websites, sending SMS, and many more.
(Borges, 2020)
In the book of Wylie, P., & Crawley, K. (2021) entitled "In the Pentester
They called the first approach a Minimalist. The minimalist approach was the
easiest to set up for it only consists of one laptop running a hypervisor, making it
portable and capable of being run almost everywhere. However, one of the
disadvantages of this setup is the need for dongles or an adapter. Tools like
Machine network adapters do not have that kind of feature. The following approach
27
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
is the Dedicated Lab, which uses actual computers instead of Virtual Machines.
Also, they added that, if possible, the internet is needed so that remote access will
be possible. Lastly is the Advanced Lab, this approach follows the previous
laboratory, but network devices are now present. These network devices include
A virtual and real environment both have merits and drawbacks. The key
the other hand, virtual machines may not always perfectly replicate the functionality
of physical computers; therefore, approaches that work on a real machine may not
penetration testing laboratory and provides realistic situations. The book highlights
that there is a general approach to setting up this kind of laboratory. Those steps
will help you build a functional and essential penetration testing laboratory. The
first step is determining the objectives, which is vital for building a lab. The second
step is to design your lab's architecture or another way around. The design should
accurately represent your objective. The author highlighted that to test wireless
attacks, you should include these: wireless access points, a wireless and wired
28
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
client machine, and an attack machine as an element of the lab. After building
those essential elements is the time when you would decide what operating system
you will be using and the brands and models of the equipment. Also, one crucial
reminder must keep in mind is to isolate your lab from any network, for it can cause
problems for other networks. It is also essential to list the reports and findings after
the testing.
There are also five types of penetration testing mentioned in this book, first
is the virtual penetration test lab, the second is the internal penetration test lab, the
third is the external penetration test lab, the fourth is the project-specific
penetration test lab, and the fifth is the ad hoc lab. The virtual penetration lab is
the simplest with only having one virtual software system with multiple operating
systems. The internal penetration lab consists of two systems (one system is the
target, and another is the tester's machine) connected to a router where it provides
services like DNS and DHCP. The objective of this laboratory is to see the existing
objective, on the other hand, helps to ensure if there is a way to gain access to the
network or system, given the fact that defense tools or software are present.
creates a replica of the target system or network. There is a need for the same
equipment used in real life. However, they are rarely built because the equipment
is expensive. The last one is the ad hoc lab which is only used to test a server,
29
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
The third step is to build the lab where physical work is already associated.
Choosing the right hardware equipment concerning your budget is very vital.
Moreover, the last approach is to run the lab. This step is not just for installing the
software, operating system, and other tools to be used and testing. This step also
involves documenting the process of building the lab and writing the results
(Faircloth, 2017).
hardware and software components, according to Lunetta (1998) and Hofstein &
of the goals includes developing practical skills for the students wherein students
may learn to use the tools or develop any skills regarding the equipment used
correctly and safely. Students can make observations also, take measurements,
and carry out well-defined procedures. Thus, students played a vital role in
assessing the subjective usability of the laboratory. This assessment will examine
the four (4) dimensions of usability which are usefulness, ease of use, ease of
consumer items. This USE questionnaire[1] is designed where users are asked to
grade agreement with the assertions, ranging from "strongly disagree" to "strongly
agree." Lund (2001) created a brief questionnaire that could assess the usability
[1]
See Appendix T for the USE questionnaire
30
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
would have some faith in the goods' appearance. It would be feasible to envision
the design elements that might affect how things are rated. Although usability
the USE has been reported in a little amount of published research. One study
seeks to address the problem by examining the psychometric features of the USE,
and 151 Mechanical Turk (MTurk) users rated Amazon.com and Microsoft Word
using the USE and the System Usability Scale (SUS, Brooke, 1996). The study's
conclusion states that the USE is a valid and trustworthy instrument that still
requires improvement. Various studies also concluded that the USE questionnaire
proved to be the right choice for their study. USE questionnaire provides
information by the data gathered about which aspects of the system or the product
could improve. Furthermore, the analysis's conclusion revealed that the USE
Questionnaire was a legitimate and trustworthy tool for evaluating the system or
31
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
RELATED STUDIES
Ethical Hacking
which is the same as what Logan and Clarkson (2005) found out. According to
them, teaching ethical hacking should take the form of hands-on experience rather
than a textbook and lecture format. The study also stressed the necessity of soft
skills in ethical hacking. Soft skills pertain to how a person works. The skills
included were primarily social. In Trabelsi and McCoey's (2016) study, they listed
soft skills, specifically social engineering, as one of the skills needed by students.
The others were understanding of security and understanding how hackers work
32
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
using Linux Tools: Attacks and Defense Strategies," they used Kali Linux to
conduct their penetration testing. The study's objective was to investigate a range
of tools that will suit their needs. They also demonstrated basic penetration testing
and explained how to defend against such attacks. There are four steps in their
2016)
Kali is one of the most popular operating systems for hackers. It offers many
tools that are already pre-installed in it. In a recent study, He-Jun Lu and Yang Yu
(2021) used Kali Linux and the available tools for penetration testing of a wireless
network. They followed four steps in conducting their penetration testing. First is
the preparation, next is information collection, then the simulation attack, and lastly
is the reporting. Some other methods were used also like scanning, monitoring,
demonstrated that Kali Linux had a positive impact on enhancing wireless network
Another study on using Kali Linux was conducted by Denis et al. (2016).
They mainly used tools already packaged in Kali Linux for penetration testing. The
33
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
remote personal computers or PCs as well as the phone’s bluetooth. (Denis et al.,
2016)
give the default settings of SOHO routers to their customers, this study uses a Kali
authentication, dictionary and brute-forcing attacks, and many more are the kinds
of attacks used to discover risks that could damage the network. (Blancaflor et al.,
2016)
34
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
attacker to find weaknesses in a system that could be used for malicious ends.
The research study also provides an outline of penetration testing and specifies
the factors considered in selecting the most appropriate tools for the task.
According to the role each tool serves, their study divided them into three
Datagram Protocol (UDP) ports, the first category of operations is port scanning.
harm the network. The last category is vulnerability exploitation. Nmap was one of
the tools mentioned in this story, alongside the other tools like Dmitry, Hping3, and
Unicornscan. Their evaluation criteria include how many ports each tool scanned,
the number of open ports found, the types of ports scanned, the scan time or the
time taken by the tool to perform the whole scanning, and Operating System (OS)
Zealand conducted a research study entitled "A Study of Penetration Testing Tools
the different penetration testing tools in terms of response time and coverage. The
35
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
vulnerabilities that the tools detect. The collected data is combined and compared
to determine which is more effective. Furthermore, the use of attack tree model is
used in this study. This attack tree helped the researchers to determine which
attacks on the target machines are the most effective. In addition, the attack tree
penetration testing tools in a Kali Linux system to determine the most efficient one.
Different types of penetration testing are mentioned, these are network penetration
physical security tests, client-side penetration tests, wireless penetration tests, and
social engineering tests. Furthermore, the attack tree model for penetration testing
is highlighted in this study, which serves as the visual aid for weighing multiple
attacks on a system. The penetration testing process is also included in this study,
tracks, analysis, and reporting, respectively, are the phases of penetration testing
mentioned in this study. The penetration testing tools were divided depending on
the attack category. The network scanning tools used are Nmap, OpenVas, Dmitry,
36
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
ManageEngine OpUtils. The tools used for the password cracking attack were
John-the-Ripper, IMP 2.0, L0pht Crack, Crack 5, and Cain and Abel. The tools for
The researcher further discusses each tool mentioned in her research paper
Another study about penetration testing by Bacudio, Xiaohong, Bei & Jones
strategies, and methodology for penetration testing. They said that penetration
testing has three phases. First is the test preparation phase, which follows specific
steps: the information gathering, the vulnerability analysis, and the vulnerability
exploit. They conducted a penetration testing process during the test phase, and
various penetration tools were used, described, and analyzed. The Nmap and
Metasploit frameworks are the two of them. There is a particular part of their study
wherein they listed three strategies for penetration testing namely the black box,
white box, and gray box. The testers in the black box do not know the target. They
need to figure out the system's flaws, for they have no prior knowledge of the target
victim. Contrary to the white box wherein the pentesters know the target and are
given all relevant info on the target. On the other hand, they defined the gray box
37
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
testing strategy they mentioned is external and internal testing. The term "external
testing" refers to an attack on the test target using techniques from outside the
ascertain whether an outside attacker can gain access and how far he may
advance once he does. Internal testing, on the other hand, comes from the
company that controls the test target. Internal testing is concerned with figuring out
what would occur if a legitimate user with standard access privileges managed to
exploitation, and report generation. They employed Nmap, a network mapper, and
Metasploit's auxiliary/ scanner for their scanning phase to determine the type of
services running on the webserver, their versions, the port on which they are
running, and the services that are running on the operating system. One of the
tools they used for the exploitation phase is John-the-Ripper, alongside the
38
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
RESEARCH PARADIGM
Action Research
Design Science
This research paradigm shown in figure 1 was adapted from Dr. Napoleon
former Dean of PSU – Graduate Studies. Dr. Kenneth Oliver S. Lopez then revised
this paradigm to fit the needs of the Bachelor of Science in Computer Engineering's
research paradigm. Together with their adviser, the researchers think of a problem
that could address through this research. One problem they have thought about is
that having a penetration testing laboratory in a hypervisor could limit the students,
especially when their devices have low CPU processing speed and slow RAM.
laboratory. Design Science, the developed penetration testing laboratory will aid
Campus (PSU-UC) in learning ethical hacking. Action Research, the data collected
were speed and coverage for the penetration testing tools and reliability of the
39
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
low CPU speed and slow RAM. Systems Development, the developed laboratory
consists of one (1) Raspberry Pi 4 Model B as attacker machine; two (2) Raspberry
3 Model B+ as target server and target desktop; two (2) Cisco 2811 routers wherein
one (1) was the target router; two (2) Cisco Catalyst 3750 switch; and a TP-Link
CONCEPTUAL FRAMEWORK
Figure 2 shows the conceptual framework of the study. The study has three
phases: input, process, and output. The input phase will be composed of all the
penetration testing tool software and hardware equipment used in the study. The
process phase will be the integration. Hence, the researcher will develop a
penetration testing tools and the future consumption of the Computer Engineering
students of PSU-UCC.
40
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES
Penetration
Testing
Integration Penetration
Software Tools
Testing Laboratory
& Hardware
Equipment
41
CHAPTER 3
METHODOLOGY
study, including the detail of the tools used for analysis and the method of research
RESEARCH DESIGN
Construction
Design Testing
Requirements Deployment
Feedback
Figure 3 shows the agile process model used throughout the study (Isaac
phase includes the design. These hardware components were arranged according
to how these devices functioned later. The laboratory was divided into two (2)
terminals; some of the devices served as the attacker, and the others were
operated as the targets. The third phase, construction, was where the researchers
42
CHAPTER III: METHODOLOGY
hostnames, usernames, and passwords. During the testing, nineteen (19) different
penetration testing tools were simulated in the laboratory through the attacker. The
manual. After testing, the laboratory equipment, and manual were deployed to the
UCC) for evaluation of the reliability and acceptability of the developed laboratory.
Lastly, the researchers received feedback about the developed penetration testing
DATA COLLECTION
Observation
For this part, the main focus was on the penetration testing tools. Speed
and coverage of the tools were observed. Most of the penetration testing tools do
not display the time it took to generate a result, therefore the researchers used a
device to measure or monitor the speed of the penetration testing tools. The
researchers relied on the time (in seconds or minutes) it takes the tool to finish a
43
CHAPTER III: METHODOLOGY
task. While the coverage is taken on the premise of the tools' ability to pass through
gaining access.
Data Gathering
The first data to be collected in the study was the speed of the penetration
testing tools to process a task and to determine if some variables affect the results
generation. In addition, the researchers also collected data on whether these tools
can operate in their designated penetration testing phase and whether these tools
using the Likert Scale was used to gather data for the reliability of the penetration
testing laboratory. There were thirty (30) respondents, whereas all of them were
UCC).
As already discussed in the preceding chapter, there are five (5) stages of
ethical hacking (Imperva, 2021). In this study, the researchers will only apply the
first three (3) phases of penetration testing: information gathering, scanning, and
gaining access. Each phase corresponds to specific penetration testing tools used
44
CHAPTER III: METHODOLOGY
in the study. For reconnaissance, the tools Recon-ng and theHarvester were used.
However, these tools could be unnecessary since both tools' purpose was to
search for domains and emails available on the target. The researchers included
these tools so the readers would have specific knowledge on using these tools.
For the scanning phase, the tools used are NMap, Nikto, Wireshark, TCPDump,
and ExploitDB.
access, the tool used was Metasploit which was used for automated exploitation.
password cracking. BurpSuite and Sqlmap were used for Web Application Testing.
Social Engineering Toolkit (SEToolkit) was used for Social Engineering Testing.
Testing
In the testing phase, penetration testing tools were used in the developed
penetration testing laboratory. For the reconnaissance phase, the laboratory was
connected to the Internet and using passive reconnaissance; thus, the researchers
did not directly engage in the target system, Google (google.com). Next, in the
scanning phase, the target could be any device within the target-side portion of the
45
CHAPTER III: METHODOLOGY
laboratory structure. The goal for this phase was to find vulnerabilities, such as
open ports, outdated software, and other existing vulnerabilities that could be
available. The third phase is gaining access. In this phase, scanned vulnerabilities
from the previous phase were used to gain access to each possible device.
Statistical Treatment
The third specific statement of the problem was to determine the reliability
and acceptability of the penetration testing laboratory to the students. The average
X= ∑𝑿/𝑵
Scale was composed of a series of three (3) or more Likert-type items represented
in similar questions combined into a single variable. Their answers were given a
46
CHAPTER III: METHODOLOGY
47