PentestingPros Penetration test

Student Name
Student ID
 Table of contents

Introduction................................................................................................................................3
Attack Narrative.........................................................................................................................3
Vulnerability details and mitigation...........................................................................................7
Backdoor.............................................................................................................................7
Countermeasures.................................................................................................................8
SSH vulnerability................................................................................................................8
Countermeasures.................................................................................................................8
Open Port 80........................................................................................................................9
Mitigation measures............................................................................................................9
Conclusion..................................................................................................................................9
References................................................................................................................................10
Introduction
The vulnerabilities present in the system need to be determined with the help of a penetration
testing procedure to protect the system from attackers. The purpose of this report is to
conduct a grey box penetration test on the given system so that any vulnerabilities which can
be exploited by the attackers can be determined in advance. It is to be noted that a separate
penetration test of the same system has been done already and the corrective measures are
also performed. PentestingPros has the responsibility to conduct this meditation text and
provide deeper insights about the system vulnerabilities as well as the medications for these
vulnerabilities. It will be helpful in protecting the system from future attacks and closing any
loopholes present in the system so that I can not able to take advantage of that.

Attack Narrative
The initial scanning of the server in the given scenario is performed using the NMAP tool.
This is the first step of the procedure in which the NMAP tool is utilised for the purpose of
determining underlying vulnerabilities present on the server(Khera et al., 2019). NMAP tool
is very helpful in providing crucial information related to the system like connected devices,
services, open boobs and any vulnerabilities of the system. After running the NMAP scan, it
is observed that there are three prominent vulnerabilities present on the server. This
vulnerability is are given as an open port 80, SSH vulnerability, and backdoor on port 5544.
Now, each of these three vulnerabilities needs to be tested for exploitation to obtain any
possible damage to the system in case of an attack.
Now, first of all, the vulnerability of the back door present on port 5544 was tested. The entry
into the system was attempted with the help of the Netcat command and it was successful.
this backdoor actually acted as a Malware in which the normal authentication of the system
was bypassed by using the Netcat command. It is helpful in gaining remote access to the
system and databases and file servers of the system get compromised. After this procedure,
the information regarding the user names of all the users of the system was captured and
stored so that it can be utilised letter for gaining access to the sensitive information of the
server(Abu-Dabaseh & Alshammari, 2018).
The usernames presented in the system have been already acquired and stored in the previous
step. It was now time to explore the system more by exploiting the SSH vulnerability and
looking for credentials present on the system. In order to launch a brute force attack for
obtaining necessary credentials, the hydra tool was utilised. Hydra is very powerful to launch
a brute force attack on an already vulnerable port or service so that sensitive information can
be gathered(Khera et al., 2019). The process succeeded and the Hydra tool provided login
credentials of all the user names which were collected in the previous step.

Now that we have the available usernames and passwords of the system, further penetration
test can be carried out for achieving direct access to the database and files present on the
server. Therefore, first of all, “msfconsole” was utilised to obtain the information that
phpMyAdmin is running on my SQL server(Vats et al., 2020).
With the help of already collected usernames and passwords, entry into the success to was
successful and all of the information and data present on the server in the form of a database
which can be accessed at that point. This means that the data presented the server can be
modified, deleted or copied by the attacker in case of a successful attack on the server by
exploiting the vulnerabilities listed above.
Vulnerability details and mitigation
The vulnerabilities detected in the system are provided below with the measures to mitigate
them:-

Backdoor
A backdoor is defined as a way of entering into the system after bypassing the security
protocols and authentication procedures designed for that system. It is not usually e in a bad
context and developers left one or two back doors open on the system or service for
maintenance and development purposes in the future(Hossain et al., 2020). It is observed that
there is a backdoor present on the the port 5544 of the given system and the attack was
carried out from this back door to obtain the usernames present on the system.

Countermeasures
It is evident that the back door can be intentionally left on the system by the developers for
future development purposes. However, there may be back doors present on several ports that
can be exercised by the attackers. They can also be installed with the help of programs and
applications present on the system that is utilised for other useful purposes. The primary step
to protect the system against backdoor is to deploy a powerful antivirus software. Antivirus is
very helpful in detecting the malware which is capable of implanting a backdoor in the
system. Some healthy internet habits can also help to protect the system against possible
backdoor vulnerabilities like scanning downloaded items before use, only using trusted
websites to download content from the internet and others(Vats et al., 2020).

SSH vulnerability
It is basically a vulnerability present in the security protocol responsible for communication
between network devices in an encrypted manner. SSH is widely used as a tool for remote
login of the system present on the server. SSH vulnerabilities are very dangerous because the
credentials of the users are transmitted with the help of this protocol. Therefore, any possible
risk to this protocol means that the entire system can be compromised by the
attacker(Thompson, 2020). In the given scenario, the hydra tool was utilised for the purpose
of launching a brute force attack on the SSH vulnerability of the system to gain login
credentials for the system.

Countermeasures
There are several possible ways of decreasing the effect of an attack in case of exploitation of
any SSH related vulnerability. The most common method of securing the system is to disable
the root login. This will close all the doors for attackers were looking to gain important
information from the system. There is also a feature of empty passwords in some operating
systems which needs to be disabled so that no scope of human error is there which can be
exploited by the attackers. One more method of improving the security of the system is to
implement key-based SSH login rather than a password. This is helpful in increasing the
efficiency of the system as well as neutralising the threat of password cracking by the
attackers(Vats et al., 2020).

Open Port 80
The presence of open ports on any system cannot be avoided because they are utilised for
communication purposes. It is also true that the vulnerability is not present on the open port
but it may be detected on the service running on the port which can be compromised. If the
attacker is successful in gaining significant insights about the services running on an open
port, it will be easy to exploit that vulnerable service. The attacker will be able to gain
sensitive information from the system if the database of the system can be accessed by
exploiting this vulnerability.

Mitigation measures
The fundamental method of protection of the system against these vulnerabilities is to close
any opened port present on the server. If there is a necessity that the port can not be closed
then a custom port should be set up. Another method is to deploy firewalls to reject any
incoming communication toward open ports present on the server(Hossain et al., 2020).

Conclusion
The attackers are always on the Lookout to exploit any vulnerability for the purpose of
obtaining sensitive information. However, if an attacker gains access to the system, it might
turn out to be a complete failure of the system as the attacker can modify the system data or
steal crucial information without anyone knowing about it. Therefore, the client needs to
follow the necessary mitigation measures to protect the system.
References
Khera, Y., Kumar, D., & Garg, N. (2019, February). Analysis and Impact of Vulnerability
Assessment and Penetration Testing. In 2019 International Conference on Machine Learning,
Big Data, Cloud and Parallel Computing (COMITCon) (pp. 525-530). IEEE.
https://ieeexplore.ieee.org/abstract/document/8862224/
Abu-Dabaseh, F., & Alshammari, E. (2018, April). Automated penetration testing: An
overview. In The 4th International Conference on Natural Language Computing,
Copenhagen, Denmark (pp. 121-129).
https://airccj.org/CSCP/vol8/csit88610.pdf
Vats, P., Mandot, M., & Gosain, A. (2020, June). A comprehensive literature review of
penetration testing & its applications. In 2020 8th International Conference on Reliability,
Infocom Technologies and Optimization (Trends and Future Directions)(ICRITO) (pp. 674-
680). IEEE. https://ieeexplore.ieee.org/abstract/document/9197961/
Hossain, M. D., Ochiai, H., Doudou, F., & Kadobayashi, Y. (2020, May). SSH and FTP
brute-force attacks detection in computer networks: LSTM and machine learning approaches.
In 2020 5th International Conference on Computer and Communication Systems (ICCCS)
(pp. 491-497). IEEE. https://ieeexplore.ieee.org/abstract/document/9118459/
Thompson, E. C. (2020). Vulnerability Management. In Designing a HIPAA-Compliant
Security Operations Center (pp. 65-93). Apress, Berkeley, CA.
https://link.springer.com/chapter/10.1007/978-1-4842-5608-4_4