Use Case

In the previous three chapters, you got acquainted with the essential tools NMAP, OpenVAS, and Metasploit. You learned about each of the tools in detail as well as how they can be integrated with each other for better efficiency.

  • PDF / 665,515 Bytes
  • 11 Pages / 439.37 x 666.142 pts Page_size
  • 24 Downloads / 170 Views

DOWNLOAD

REPORT

Use Case In the previous three chapters, you got acquainted with the essential tools NMAP, OpenVAS, and Metasploit. You learned about each of the tools in detail as well as how they can be integrated with each other for better efficiency. Now it’s time to put all that knowledge together and apply it in a practical scenario. In this chapter, you’ll apply the various techniques you’ve learned so far to exploit a vulnerable system and get access to it.

Creating a Virtual Lab It may not always be possible to try your newly learned skills on live production systems. Hence, you can try your skills in your own virtual lab in a restricted manner. Vulnhub (https://www.vulnhub.com) is a site that provides systems for download that are deliberately made vulnerable. You simply need to download a system image and boot it in VirtualBox or VMware. For the purposes of this case study, go to https://www.vulnhub.com/ entry/basic-pentesting-1,216/ and download the system. Once you’ve downloaded it, boot it using either VirtualBox or VMware. The initial boot screen for the system looks like Figure 4-1.

© Sagar Rahalkar 2019 S. Rahalkar, Quick Start Guide to Penetration Testing, https://doi.org/10.1007/978-1-4842-4270-4_4

123

Chapter 4

Use Case

Figure 4-1.  Initial boot screen of target system You do not have any credentials to log in to the system, so you will have to use your pen testing skills to get inside.

Carrying Out Reconnaissance In Kali Linux, launch ZENMAP to perform a port scan and service enumeration on this target, as shown in Figure 4-2.

124

Chapter 4

Use Case

Figure 4-2.  Output of NMAP intense scan done on the target system In the ZENMAP output, you can see that the following ports are open: •

Port 21 running ProFTPD 1.3.3c



Port 22 running OpenSSH 7.2p2



Port 80 running Apache httpd 2.4.18

125

Chapter 4

Use Case

Based on this output, you have three possible ways to compromise the system. •

Search and execute any exploit for ProFTPD 1.3.3c in Metasploit



Brute-force user credentials against SSH running on port 22



Explore whether any application is hosted on port 80

Exploiting the System When you try to access the system on port 80 using a browser, you will get the default web server page shown in Figure 4-3.

Figure 4-3.  The default landing web page on a target system (port 80) You will now go back to NMAP again, and this time instead of a port scan, you’ll use the NMAP script http-enum, as shown in Figure 4-4.

126

Chapter 4

Use Case

Figure 4-4.  Output of the http-enum NMAP script executed on a target system The output of the script tells you that there’s a folder on the web server named secret, which might have something interesting for you. Having received inputs about the secret folder on the server, try accessing it, as shown in Figure 4-5.

127

Chapter 4

Use Case

Figure 4-5.  Browsing the secret directory hosted on the target web server You can see a screen that implies it is some kind of blog based on WordPress. However, the web page appears to be broken and i

Data Loading...

Recommend Documents
Robotics Use Case Scenarios

144 52 8MB

Transfer Dataset in Image Segmentation Use Case

165 23 68MB

Space Use-Case: Onboard Satellite Image Classification

139 38 8MB

Integrated Modelling of Ecosystem Services and Land-Use Change Case

217 19 8MB

AdamOptimizer for the Optimisation of Use Case Points Estimation

165 72 108MB

A SemProM Use Case: Maintenance of Factory and Automotive Components

162 75 849KB

A SemProM Use Case: Health Care and Compliance

135 58 14MB

Applications in Financial Industry: Use-Case for Fraud Management

176 104 9MB

Test Scenario Prioritization Using UML Use Case and Activity Diagram

182 109 382KB

Automating system test case classification and prioritization for use case-driven testing in product lines

174 80 4MB

The Use of Tunnel Muck as Industrial Raw Material: Two Case-Studies

153 14 566KB

A SemProM Use Case: Tracking & Tracing for Green Logistics and Integrity Control

146 33 14MB