Ethical Hacking

Introduction

The Ethical Hacking module provided a valuable hands-on experience in penetration testing using a deliberately vulnerable virtual machine called Metasploitable 2. This module helped hone my skills in identifying vulnerabilities, exploiting them, and understanding the ethical implications of penetration testing.

Key Concepts Covered:

• Ethical Hacking Essentials EC Council: We covered the foundational principles and practices of ethical hacking, focusing on how to conduct authorized testing to identify security weaknesses in systems.
• Social Engineering: We explored how attackers manipulate people into divulging confidential information, either over the phone or online.
• Pentesting Hardware/Software: The module included practical sessions where we tested vulnerabilities in both hardware and software.
• Reconnaissance, Access: We learned the methods used by ethical hackers to gather intelligence on a target system and then gain access.
• Attack Vectors: The module covered various methods through which attackers can gain unauthorized access to a system.

Penetration Testing Setup:

For this module, I used Kali Linux, a Linux distribution tailored for penetration testing and security assessments. Kali is equipped with numerous pre-installed tools like the Metasploit Framework, which I used extensively for exploitation tasks. To enhance Kali's capabilities, I installed essential tools using a bash script called "Pimp My Kali," making it easier to set up the testing environment.

Reconnaissance Phase:

The first step in the penetration testing process was network reconnaissance. Using Nmap, I scanned the Metasploitable 2 machine to identify open ports, running services, and their version numbers. This information was critical for pinpointing potential vulnerabilities.

While I could have set up the vulnerable machine on a Type-2 hypervisor like Oracle VM VirtualBox, I chose to simulate a more realistic network environment by deploying the Metasploitable 2 VM on a Type-1 hypervisor (Proxmox). This setup better reflected real-world attack scenarios.

Exploitation Phase:

Once I identified the services and versions running on the target machine, I turned to Searchsploit. This tool is a searchable database that lists known exploits for specific software vulnerabilities. Using Searchsploit, I found several potential exploits that could be used against the Metasploitable machine.

I then moved on to the penetration testing phase, where I used msfconsole (Metasploit Framework console) to launch various attacks:

• Common Password List Enumeration: I tested the strength of the passwords used on the system by attempting to brute-force access using a list of common passwords.
• FTP Server Reverse Shell Backdoor: By exploiting a vulnerability in the FTP server, I was able to establish a reverse shell connection, gaining unauthorized access to the system.
• Injection of Arbitrary Arguments in API Requests: I targeted vulnerabilities in how the system processed user inputs within API requests, potentially allowing attackers to inject malicious arguments.
• SQL Injection on Insecure Web Application: I exploited a vulnerability in the web application to inject SQL code, gaining unauthorized access to the database.
• Domain Ownership Identification: I attempted to identify the owner of the domain associated with the target system.
• Distributed Denial of Service (DDoS): I simulated a DDoS attack to assess how the system handled large volumes of traffic.

Reporting Phase:

After completing the penetration tests, I compiled a detailed report that included:

• Identified vulnerabilities: A description of the security weaknesses found during testing.
• Exploitation techniques: The specific methods used to exploit each vulnerability.
• Impact assessment: An evaluation of the potential impact each vulnerability could have if left unaddressed.
• Mitigation strategies: Recommendations for fixing the vulnerabilities, such as patching software, strengthening password policies, and implementing network monitoring.

A critical part of the report was the executive summary. This section aimed to communicate the risks and vulnerabilities to a non-technical audience, such as CEOs, CTOs, and CFOs. It helped me practice translating complex technical issues into actionable business terms.

Key Tools Used:

• OpenVas: An open-source vulnerability scanner used to identify weaknesses in systems and applications.
• Kali Linux: A Linux distribution pre-loaded with tools for penetration testing and security auditing.
• Metasploitable 2: A purposely vulnerable virtual machine used for testing and honing penetration testing skills.
• Proxmox Home Server: A Type-1 hypervisor that allowed me to run multiple VMs, including the Metasploitable 2 machine.
• msfconsole: The command-line interface for the Metasploit Framework, a powerful tool used for launching exploits and managing payloads.
• Searchsploit: A database of exploits that helped me identify and launch known attacks against vulnerable software.
• Nmap: A network scanning tool used to identify services, ports, and vulnerabilities in a target system.
• hping3: A command-line tool used for sending custom packets to test network security and troubleshoot issues.
• Wireshark: A network protocol analyzer that captured and analyzed network traffic, helping me detect suspicious activity.

Conclusion:

The Ethical Hacking module provided invaluable hands-on experience in penetration testing. By using tools like Kali Linux, Metasploit, and Nmap, I was able to identify and exploit vulnerabilities in a vulnerable machine, simulate a variety of attacks, and compile a comprehensive report with mitigation strategies.

This module not only improved my technical skills but also sharpened my ability to communicate complex technical issues to non-technical stakeholders. Overall, it solidified my understanding of ethical hacking practices and equipped me with the knowledge to conduct penetration tests in real-world scenarios.