Penetration Testing


Overview

This project entails performing an actual penetration testing to establish the robustness of a network or system. Penetration testing is a process which is also referred to as ethical hacking, it is a process which employed by security specialists to the purposefully seek for the vulnerabilities within the IT networks. The purpose of the methodology is to gather information about the insecurity of the system and suggest the changes to make the situation more secure. The testing processes contain some phases, which are reconnaissance, scanning, exploitation, and reporting phases. Thus, the main actions and findings are marked in each step by screenshots.

Steps

  • The command `netdiscover` is executed in a Kali Linux terminal to perform passive network discovery. This tool scans for live hosts in the local network by analyzing ARP requests, helping to identify active devices and their IP addresses.
  • The `netdiscover` tool has identified four active hosts in the network, displaying their IP addresses, MAC addresses, and associated MAC This information is useful for mapping the network and identifying connected devices.
  • The command nmap -sV 192.168.1.22 performs a service version detection scan on the IP address 192.168.1.22. The output shows open ports (22, 80, and 8080), the services running on those ports (SSH, HTTP, and Apache Tomcat), and their versions.
  • The screenshot shows the default Apache2 Ubuntu server page accessed via the IP address 192.168.1.22. This page indicates that the Apache HTTP server is installed and functioning correctly.
  • The screenshot shows the Apache Tomcat 9.0.53 welcome page accessed via the IP address 192.168.1.22:8080. This page confirms the successful installation of Apache Tomcat and provides links to documentation, configuration guides, and management interfaces for further setup and administration of the Tomcat server.
  • The `dirsearch.py` tool is being used to perform a directory brute-force attack on the URL `http://192.168.1.22:8080/`. This tool searches for hidden directories and files on the web server using a wordlist. The output shows discovered files and directories, such as `/a25sc.aspx` and `/backup.zip`, with their corresponding HTTP status codes and file sizes.
  • The command `fcrackzip -D -p rockyou.txt backup.zip` is used to crack the password of the `backup.zip` file found during the directory brute-force attack. The `rockyou.txt` wordlist is used for this purpose. The output indicates a possible password found: `

@administrator_hi5`.

  • The file manager (Thunar) displays the contents of the Downloads directory, showing the `backup.zip` file, the `rockyou.txt` wordlist used for password cracking, and the `hydra.restore` file, likely related to a previous or ongoing password recovery attempt with Hydra.
  • context menu is open for the backup.zip file, offering options such as opening with the Engrampa Archive Manager, extracting the contents, and other file operations like cut, copy, and properties.
  • The password prompt for `backup.zip` appears in the file manager (Thunar), requesting the user to enter the password to access the contents of the encrypted ZIP file. The password previously cracked, `@administrator_hi5`, is likely being used here to unlock the archive.
  • The Downloads directory in the file manager (Thunar) now includes an extracted folder named `backup`, indicating that the contents of the `backup.zip` file have been successfully extracted. The `rockyou.txt` wordlist and `hydra.restore` file are also visible in the directory.
  • The contents of the extracted backup folder are displayed, showing various configuration files related to the Apache Tomcat server, including catalina.policy, server.xml, web.xml, and others.
  • The tomcat-users.xml file is open, displaying user credentials and roles for the Apache Tomcat server. It includes usernames and passwords for administrative roles such as admin and manager, with specific roles assigned like manager-gui and admin-gui.
  • The Ubuntu login screen displays user accounts available for login, including `jaye`, `randy`, and `tomcat`. This screen is the initial interface for users to access their accounts on the Ubuntu system, and the presence of the `tomcat` user suggests a dedicated account for managing the Apache Tomcat server.
  • The screenshot shows an SSH connection being established to the host at `192.168.1.22` using the username `jaye`. The authenticity of the host is confirmed, and the user accepts the host key fingerprint. After entering the password, the user gains access to the Ubuntu 20.04.3 LTS system, with a message indicating that there are 528 updates available, including 427 security updates.
  • The SSH session continues on the Ubuntu system at `192.168.1.22`. The user lists the contents of the home directory, showing standard folders like Desktop, Documents, Downloads, etc. The user attempts to navigate into various directories (`Desktop`, `Downloads`, `File`, `Files`) and access a file named `look`, but encounters permission issues, indicating restricted access to certain directories or files. The session ends with the user exiting the SSH connection.
  • The Ubuntu login screen shows an attempt to log in as the user `jaye` using the password `melehfokivail`, which appears to be the cracked password from the previous steps. This indicates an attempt to gain access to the system through the graphical user interface using the obtained credentials.
  • The Ubuntu desktop environment is displayed after a successful login as the user `jaye`. This indicates full access to the user account and its resources.

Leave a Reply

Your email address will not be published. Required fields are marked *