9 Pages
2132 Words
Introduction Of Penetration Testing Assignment Sample
Get free written samples by our Top-Notch subject experts and Assignment Helper team.
Penetration testing is the process of testing a networking system or web applications that enables the high security of the network. The major vulnerabilities of the network are detected by the penetration testing method. The penetration testing includes different network services as well as applications. The penetration testing is done using the code: 8807. The login ID and the password are provided to access the penetration test in the selected IP address that is 192.168.1.187 which is given in the report.
Concept of pen testing & ethical considerations
The penetration testing is used to protect the cyber-attack against the network system. The penetration testing checks the different vulnerabilities that exploits the overall cyber-attack. The web application system totally depends on the testing of the penetration in the network system. The penetration testing involves the reach number of application systems. Besides, the frontend and the backend servers are susceptible for the code injection attacks. There are different methods that are involved in the penetration testing process. According to Khalsa et al. (2021, p.336), they are external testing, internal testing, blind testing, double-blind testing, targeted testing. The penetration testing has some vulnerabilities such as user awareness, unsupported legacy software, insecure in house developed applications. The penetration testing has many issues regarding the software related problems that are occurred in the connection of the networks.
Figure 1: Stages of penetration testing
(Source: Self-created)
Ethical Considerations
The penetration testing is authorized within legal limits. The penetration testing provides the security that enables the confirmation of the user to secure their network related problems. The penetration testing is very useful in order to ensure the information of the systems by performing the hacking operations. As commented by Khumaidi (2021, p.225). The penetration testing offers the optimization of the network system that enables the encryption of the sensitive data and protect along with the corruption of the crucial data. The penetration testing enables the provision of the theories which are used to classify the arguments by providing appropriate action.
Concept of HTTP, SSH and VNC
HTTP
The HTTP server is a software that represents the web addresses as well as the different server protocols (Hawedi et al., p.112). The HHTP server is can be accessed from the domain of the websites and it transfers the hosted websites to the end user’s device.
Figure 2: Flowchart of HTTP
(Source: Self-created)
The above diagram shows the working stages of the HTTP server. The execution of the testing is achieved by the flowchart diagram.
SSH
The SSH is a protocol that is used to exchange the data within the two computers. The SSH server protects the privacy and the integrity of the transferred identities of the data and files. The SSH server runs in every computer as well as in every server.
Figure 3: Flowchart of SSH
(Source: Self-created)
The above figure shows the stages of penetration testing using the SSH server (Garre et al., 2021, p.390). The flowchart describes that the connection of the SSH server is important in order to establish the link between the user 1 and user 2.
VNC
Virtual Network Computing is the desktop sharing system that is used to control another computer system. The virtual network computing uses the Remote Frame Buffer Protocol to control the computer system remotely.
Figure 4: Flowchart of VNC
(Source: Self-created)
The above diagram describes the working principle of the Virtual network computing process. The connection of the virtual LAN is developed in the very first stage of the VNC process. Then the IP configuration is done to create the virtual network with default IP address.
Grey Box Testing
Grey box testing is one of the software testing technique that enables the test of a software product. Besides, the web application and the internal structure of application is developed by the grey box testing process. The grey box testing is identifying the detection of the improper structure of code as well as misuse of applications. As commented by Reti et al. (2021, p.882), the Grey box testing is used to provide the benefits of the black box and white box testing. The grey box testing is basically the combination of two testing process improves the design of the source code as well as the implementation of the network system. The grey box testing reduces the long process of the functional testing and the presence of non-functional types. The grey box testing provides more time to free up the time that the developer is required to fix the problems regarding the penetration of the network. The main advantage of grey box testing is that the completion of the testing in the user end is very much faster than the designer point of view. Therefore, the grey box testing uses suitable GUI platforms that enables the functional testing and the security measurements of the network system.
This Grey box testing has been executed to the target Ip address 192.168.1.187. This grey box testing has been executed in order to reflect the Ip address and the details of the target machine. This complete process has been executed upon the Kali linux machine. As stated by Xu et al.(2021, p.0120115)The complete process has been executed by the researcher through the help of the exploits. The Grey box penetration testing is therefore considered as the translucent box as the box only reveals the information like the Ip address of the machine and the machine details. This Grey box is considered as the combinational box of black box and white box.
Figure 5: Depicts the codes of Grey box testing codes in Linux
(Source: Self-created)
This above represented figure depicts the codes that have been used by the researcher in order to execute the Grey box testing upon the assigned IP address.
This Grey box testing has been represented through the help of the smb delivery type of exploit and the smb library type of exploits.
Attack narrative
This part of the report describes the vulnerabilities and the risk that are involved with the penetration testing. The researcher has also reflected the ways to encounter the vulnerabilities and the ways to encounter the vulnerabilities.
Vulnerabilities and mitigation ways to encounter the vulnerabilities
The penetration testing process has also some vulnerabilities that affect the configuration of the server by data hacking and data corruption. While the execution of the penetration testing is done the server will exhibit the sudden changes that have occurred in the configuration process of the server as well as the machine. As commented by Nikolic et al. (2021, p.225), the penetration testing involves the international data hacking that is effective in the security purpose of the network. The internal process of the can be affected by the availability of the data that might be shared by the user. The grey box testing procedure is done using the exploits like smb delivery type and the smb relay type. The whole execution process is done by the Red Dot VPN connection. Therefore, the Ethernet network has been changed to execute the existing VPN which is assigned in the network.
Figure 6: Depicts the VPN configuration status
(Source: Self-created)
This above represented figure depicts the Vpn configuration status that the researcher has developed in order to reflect the communication between the target Ip and the Ip address of the virtual machine.
Through the help of the exploits like smb relay and the smb delivery the target IPaddress has been penetrated. The exploits has been identified through the help of the certain IP address
Figure 7: Depicts the exploit smb relay
Source: (Self-created)
This above represented figure depicts the server mailbox relay type of exploits that has been identified by the researcher in order to execute the Grey box testing.
Figure 8: Depicts the exploit smb delivery
Source: (Self-created)
This above- mentioned figure depicts the smb delivery that has been identified by the researcher as an exploit. The VPN connection is an essential part to develop the configuration of the server that is working inside the network. Data corruption is one of the major issues that occurs in the penetration testing. The data is corrupted in case of any kind of misuse of the VPN network by the developer. Therefore, the data corruption represents the point that is effective in the system which is modified by the developer (Dong et al., 2021, March, p.012112). The penetration testing involves the awareness that is the major problem in order to secure the network parameters. Besides, the different software related problems are associated in the penetration testing process as it uses many computer systems to transfer the data from user end to developer end.
The vulnerabilities can be minimized by performing different actions in the designed connection. The main step is to stop the involvement of various penetration testing in the system.
Ways to encounter the Vulnerabilities of Pen testing
The steps for minimizing the vulnerabilities of penetration testing are mentioned below
- The alternate storage device is designed to develop the storing the data for targeting the machine. Therefore, the data will be secure for the whole execution process of the network.
- The strong password should be generated in such a way that the anonymous user cannot access the data. The encryption of the data is used to define the integrity of the system that will surely help for restricting the allowance of malicious objects.
- The security firewalls should be upgraded to the latest version so that the regular time taken by the server to complete the penetration of the malicious objects.
Conclusion
Conclusively, the report describes the concept of penetration testing and its working principle. The penetration testing is the process which is associated with the hacking process. The penetration testing basically serves network related security that enable the encryption of data that is transferred by the network. The working principle of the HHTP, SSH, and VNC server is described in this report. The grey box testing is done to understand the concept of grey box testing that is implemented in the penetration testing of the network. The penetration testing can be performed either external or internal source to simulate different kind of attacking vectors in the proposed network. The main purpose of penetration testing is to determine the weakness of the security in network, machine and software.
References
Dong, K., Zhang, H., Liu, Y., Li, Y. and Peng, Y., 2021, March. Research on Technologies of Vulnerability Mining and Penetration Testing for Satellite Communication Network. In IOP Conference Series: Earth and Environmental Science (Vol. 693, No. 1, p. 012112). IOP Publishing.
Garre, J.T.M., Pérez, M.G. and Ruiz-Martínez, A., 2021. A novel Machine Learning-based approach for the detection of SSH botnet infection. Future Generation Computer Systems, 115, pp.387-396.
Hawedi, H.S., Bentaher, O.A. and Abodhir,2021. K.E., REMOTE ACCESS TO A ROUTER SECURELY USING SSH.
Khalsa, S., Castaneda, G., Rivera, R. and Crichigno, J.,2021. A Network Management Software Based on Secure Shell (SSH) Channels and Java Universal Network Graph (JUNG).
Khumaidi, A., 2021. IMPLEMENTATION OF DEVOPS METHOD FOR AUTOMATION OF SERVER MANAGEMENT USING ANSIBLE. Jurnal Transformatika, 18(2), pp.199-209.
NICULA, S. and ZOTA, R.D., 2021. Technical and Economical Evaluation of IOT Attacks and their Corresponding Vulnerabilities. Informatica Economica, 25(1).
Nikolic, I., Mantu, R., Shen, S. and Saxena, P., 2021. Refined Grey-Box Fuzzing with SIVO. arXiv preprint arXiv:2102.02394.
Reti, D., Klaaßen, D., Anton, S.D. and Schotten, H.D., 2021. Secure (S) Hell: Introducing an SSH Deception Proxy Framework. arXiv preprint arXiv:2104.03666.
Rustamov, F., Kim, J., Yu, J., Kim, H. and Yun, J., 2021. BugMiner: Mining the Hard-to-Reach Software Vulnerabilities through the Target-Oriented Hybrid Fuzzer. Electronics, 10(1), p.62.
Xu, Y., Zhong, X., Yepes, A.J. and Lau, J.H., 2021. Grey-box Adversarial Attack And Defence For Sentiment Classification. arXiv preprint arXiv:2103.11576.