Penetration Test
This project involved conducting a comprehensive penetration test on a Linux-based target system to identify and exploit vulnerabilities, simulating real-world cyber-attack scenarios. The penetration testing followed the PTES methodology, encompassing phases such as scanning and enumeration, vulnerability identification and analysis, and exploitation. Tools like Nmap, OpenVAS, and Metasploit were used to uncover and exploit vulnerabilities in services like SSH, HTTP, and MySQL, as well as kernel-level weaknesses. Key exploits included directory browsing on the web server, SSH brute-force attacks, privilege escalation through kernel vulnerabilities, and denial-of-service (DoS) attacks on the Apache server. Successful attacks included gaining unauthorized access by brute-forcing user credentials, upgrading privileges to root, and halting server operations with a Slowloris DoS attack. Each vulnerability was documented alongside mitigation strategies, such as disabling directory listing, enforcing strong password policies, and upgrading the Linux kernel. The project highlighted the importance of securing critical services and maintaining robust configurations to prevent unauthorized access and minimize risks. The experience also reinforced the significance of systematic planning and reporting in penetration testing, offering insights into both attack methods and effective defenses.
Cybersecurity
3 weeks
Penetration Testing of a Linux-Based Target System
Overview
This project involved conducting a structured penetration test on a Linux-based target system to simulate real-world cyber-attacks. The primary objective was to identify and exploit vulnerabilities, evaluate the system’s defenses, and propose mitigations for securing the system against unauthorized access and potential attacks. The testing adhered to the PTES (Penetration Testing Execution Standard) methodology, ensuring a comprehensive and ethical approach to vulnerability assessment and exploitation.
Objectives
To simulate a cyber-attack on a Linux-based target system.
To identify high-risk vulnerabilities using manual techniques and automated tools like OpenVAS.
To exploit vulnerabilities and document the methods used for gaining unauthorized access.
To propose mitigation strategies to strengthen the system’s security posture.
To improve practical understanding of penetration testing tools, techniques, and methodologies.
Methodology
The penetration test was conducted in the following phases
Information Gathering:
Basic details about the target system, including its IP address and operating system, were used to simulate an attacker’s perspective with minimal prior knowledge.
Tools like
whois,traceroute, andnslookupwere used to gather information about the system.
Scanning and Enumeration:
Nmap was used to scan open ports and running services such as SSH, HTTP, and MySQL.
OpenVAS was employed to perform a vulnerability scan and confirm the presence of exploitable weaknesses.
Vulnerability Identification and Analysis:
Manual and automated scans revealed vulnerabilities such as directory browsing, weak SSH credentials, kernel privilege escalation issues, and Apache vulnerabilities.
Detailed analysis was conducted to assess the potential impact of each vulnerability.
Exploitation:
Exploits were carried out using tools like Metasploit, focusing on:
Directory browsing on the webserver to gather sensitive information.
Brute-force attacks on SSH credentials to gain user access.
Privilege escalation using kernel vulnerabilities to obtain root access.
DoS attacks on the Apache server to disrupt operations.
Mitigation Recommendations:
Mitigation strategies were documented for each vulnerability, such as disabling directory listing, enforcing strong password policies, upgrading the Linux kernel, and securing Apache configurations.
Key Findings
Directory Browsing on Web Server:
The web server was configured to allow directory browsing, exposing sensitive information.
Mitigation: Disable directory browsing via Apache configurations or by adding an empty index file.
Weak SSH Credentials:
A brute-force attack successfully uncovered weak passwords, granting unauthorized access.
Mitigation: Enforce strong passwords, disable root login over SSH, and use public-key authentication.
Kernel Privilege Escalation:
An outdated kernel allowed privilege escalation to root access.
Mitigation: Update the kernel and implement privileged session monitoring.
Apache DoS Vulnerability:
A Slowloris attack caused a denial of service, disrupting the server’s operations.
Mitigation: Limit HTTP requests per client and ensure network spoofing protection.
Tools and Techniques
Tools Used: Nmap, OpenVAS, Metasploit, DIRB, SSH brute-force tools, Slowloris.
Techniques: Vulnerability scanning, brute-force attacks, privilege escalation, denial of service, directory traversal.
Outcomes
Successfully exploited five high-risk vulnerabilities on the Linux system.
Gained unauthorized access through a brute-force attack and escalated privileges to root.
Conducted a DoS attack that halted server operations.
Proposed detailed mitigation strategies to address each vulnerability.
Conclusion
The project demonstrated how unpatched vulnerabilities and misconfigurations could be exploited to compromise system security. By identifying and addressing these weaknesses, organizations can strengthen their defenses against cyber-attacks. The structured approach and use of industry-standard tools showcased practical skills in penetration testing and cybersecurity, emphasizing the importance of proactive vulnerability management.
