Professional Documents
Culture Documents
1.
2.
3.
4.
5.
Contents
Introduction
Ethical Hacking and Penetration Testing
Aims and Objectives
Motivation
Methodology
Tools and Technologies
Scope of Project
Background
Literature Review
Related works
Introduction: Ethical
Hacking &
Penetration Testing
Ethical hacking is testing the resources for a
good cause and for the betterment of
technology.
Objectives
Performing the Penetration Test to detect the problem using
various tools
Analysis of detected problems
Proposal of the solution for detected problems
Motivation
The network is always vulnerable to different threats, unless security
has been ensured [15].
Penetration testing involves self hacking to test the security of the
network[14].
TheSony Pictures Entertainment cyber hackwas a release of
confidential
data
belonging
toSony Pictures Entertainment on
November 24, 2014. The data included personal information about
Sony Pictures employees and their families, e-mails between
employees, information about executive salaries at the company,
copies of unreleased Sony films, and other information. The hackers
called themselves the "Guardians of Peace" or "GOP" and demanded
the cancellation of the planned release of the film.
Methodology
Reconnaissa
nce
Information
Gathering using
various tools
Scanning
Vulnerability
Analysis
Reporting
Summarization
of Results
Proposal
Solution
s to
Issues
Tools and
Technologies
Kali Linux
Tools for Reconnaissance (Information Gathering)
dnsdict6
theharvester
dnsenum
Maltego
Nmap, zenmap
Cisco global exploiter
OpenVAS (Open Vulnerability Assessment System)
10
11
12
Background: Literature
Review
This process of systematically and actively testing a
deployed network to determine potential vulnerabilities is
called Penetration Testing, and is also known as Ethical
Hacking [3, 4].
Penetration testing helps exposing common network
misconfigurations and their security implications to the
whole network and its users [5,13].
Network security threats have been a problem since the
birth of small networks with only a few hosts
communicating over it [6].
Network threats and penetration testing is further explored
in [7, 8, 9, 10].
13
Related Works
In [7], Project of 08CS was published. It was different in sense
that they used Backtrack, another version of Linux for
penetration testing.
In [8,12], it provides system and network administrators with
descriptions of various tools that can be used to proactively
identify vulnerabilities before an adversary can.
In [9,11], The Information Technology Laboratory at the
National Institute of Standards and Technology (NIST)has
recently released a draft document that can help risk
managers appropriately scope their vulnerability assessment
and penetration testing activities while serving as a benchmark
for comparing the testing services offered by various
consultants
14
Reconnaissance
Results
Dnsdict6
Starting DNS enumeration work at muet.edu.pk. ...
Gathering NS and MX information...
root@kali:~#
dnsdict6 -d4=>-x172.16.100.3
muet.edu.pk
NS of muet.edu.pk. Is muet-02.muet.edu.pk.
NS of muet.edu.pk. Is muet-01.muet.edu.pk. => 172.16.100.220
No IPv6 address for NS entries found in DNS for domain muet.edu.pk.
MX of muet.edu.pk. Is mail.muet.edu.pk. => 121.52.157.230
MX of muet.edu.pk. Is muet-06.muet.edu.pk. => 172.16.100.11
Subdomains of muet.edu.pk
Hostname
Host IP Address
Hostname
Host IP
Address
www.muet.edu.pk
174.142.51.88
muet-01.muet.edu.pk
172.16.100.220
muet-02.muet.edu.pk 172.16.100.3
mail.muet.edu.pk
121.52.157.230
admissions.muet.edu.pk 174.142.39.199
acs.muet.edu.pk
172.16.100.201
publications.muet.edu.pk172.16.21.167
172.16.10.14
imtic.muet.edu.pk
174.142.39.199
cs.muet.edu.pk
tl.muet.edu.pk
174.142.39.199
cisco.muet.edu.pk
dp.muet.edu.pk
172.16.9.150
15
Theharvester
root@kali:~# theharvester -d muet.edu.pk -l 500 -b google
Emails found: -----------------jawaid.daudpoto@faculty.muet.edu.pk saad.kalwar@faculty.muet.edu.pk
Noman.khan@faculty.muet.edu.pk liquat.thebo@faculty.muet.edu.pk
naveed.jaffrey@faculty.muet.edu.pk vc@muet.edu.pk
Kashif.dars@admin.muet.edu.pk samejo@faculty.muet.edu.pk
naveed.jaffari@faculty.muet.edu.pk swo@muet.edu.pk
feroze.shah@faculty.muet.edu.pk suhail.soomro@faculty.muet.edu.pk
registrar@muet.edu.pk info@muet.edu.pk
Hosts found in search engines: -----------------------------------174.142.51.88: 174.142.39.199: 174.142.39.199:
admissions.muet.edu.pk
www.muet.edu.pk
publications.muet.edu.pk
174.142.39.199:
tl.muet.edu.pk
16
Dnsenum
root@kali:~# dnsenum --enum muet.edu.pk
dnsenum.pl VERSION:1.2.3
Warning: can't load Net::Whois::IP module, whois queries disabled.
----- muet.edu.pk ----- Host's addresses: __________________
muet.edu.pk. 5 IN A 172.16.100.3 muet.edu.pk. 5 IN A 172.16.100.220
muet-02.muet.edu.pk. 5 IN A 172.16.100.3
Name Servers: _
muet-01.muet.edu.pk. 5 IN A 172.16.100.220
Trying Zone Transfers and getting Bind Versions:
Trying Zone Transfer for muet.edu.pk on muet-02.muet.edu.pk ... AXFR record query failed:
Response code from server: REFUSED Trying Zone Transfer for muet.edu.pk on muet01.muet.edu.pk ... AXFR record query failed: Response code from server: REFUSED Scraping
muet.edu.pk subdomains from Google: \
---- Google search page: 1 ---Publications eesd MT Moodle
---- Google search page: 2 ---ieeep wsn4dc patco Scholars
17
Maltego
18
Scan Results
Nmap
19
20
Cisco-Global-Explioter
root@kali:~# cge.pl 172.16.100.220 2
No http server detected on 172.16.100.220 ...
root@kali:~# cge.pl 172.16.100.220 9
Input packets size : 10
Packets sent ... Please enter a server's open port : 23
Now checking server status ...
Vulnerability successful exploited. Target server is down ...
21
OpenVas
Host
172.16.100.3
muet02.muet.edu.p
k
total1
Most
Severe
result(s)
Severity:
High
Mediu
m
Low
Log
False
Positives
10
75
10
75
Hig
h
Service (Port)
Threat Level
cpq-wbem
(2301/tcp)
High
Medium
domain (53/tcp)
Low
22
Medium http
(80/tcp)
Medium
(CVSS: 5.0)
NVT: Microsoft IIS Tilde Character Information Disclosure
Vulnerability
Product detection result
cpe:/a:microsoft:iis:6.0 Detected by Microsoft IIS Webserver Version Detection (OID:
1.3.6.1.4.1.25623.1.,!0.900710)
Summary:
This host is running Microsoft IIS Webserver and is prone to information disclosure
vulnerability.
Vulnerability Insight:
Microsoft IIS fails to validate a specially crafted GET request containing a '~' tilde
character, which allows to disclose all short-names of folders and files having 4
letters extensions.
Impact:
Successful exploitation will allow remote attackers to obtain
sensitive information that could aid in further attacks.
Impact Level: Application
Affected Software/OS:
Microsoft Internet Information Services versions 7.5 and prior
Solution:
General solution options are to upgrade to a newer release, disable respective
features, remove the product or replace the product by another one.
24
25
Conclusion
In accordance with our results, we can conclude that the
subject network i.e. MUET academic Intranet, is having certain
issues and problems. We have seen flaws and shortcomings in
overall security. A lot of ports with different level of
vulnerabilities are open. We can see that using very simple
tools, we can gather a lot of information from the network,
which could be used for negative purposes i.e. hacking attacks
or Denial of Services attack.
26
Future work
For the future work, we can carry out penetration tests on
wireless networks to increase our learning. Often
checking of security of switches and bridges.
Additionally, Penetration tests on the network for other
services, like checking the security of the Routers can be
done. Also working on the security protocols and CIA triad
of security: confidentiality, integrity and availability.
27
References
Books
[1] James Broad Andrew Bindner, Hacking With Kali ,2013, Syngress Publications, pp-123
[2] Thomas Wilhelm, Professional Penetration Testing , 2 nd Edition, 2013, Syngress
Publications,pp 186
[3]
Hamisi, N.Y., Mvungi, N.H., Mfinanga, D.A. and Mwinyiwiwa, B.M.M., Intrusion
detection by penetration test in an organization network, ICAST 2009.
[4] Bishop, M., About Penetration Testing, IEEE Security and Privacy (2007), Volume: 5,
Issue: 6.
[5] A. Bechtsoudis and N. Sklavos, Aiming at Higher Network Security Through Extensive
Penetration Tests, IEEE LATIN AMERICA TRANSACTIONS, VOL. 10, NO. 3, APRIL 2012, PP1752-1757
[6] S. Hansman and R. Hunt, A taxonomy of network and computer attacks, Computers
Security (2005), Volume: 24, Issue: 1, Publisher: Elsevier, Pages: 31-43.
[7] Dr-K, A Complete Hackers Handbook Carlton Books, 2000, pp. 49.
[8] Joel Lanz Tech Consortium Formed to Improve Software Reliability, Computerworld,
May 20, 2002,pp-12-28
[9] McClure, Scambray and Kurtz, Hacking Exposed, 2001, pp. 702.
28
Website
[10] Official Kali Linux site @ https://www.kali.org/official-documentation/
accessed 12 January,2015
last
29
30