Abstract
Every organization has implemented cybersecurity for network security. Both web applications and organizations’ network security should be free from complex vulnerabilities. It refers to the security flaws in the network or weakness in the web applications. By using the exploits available, the hacker could attack our target system to steal confidential data. So, to secure the security of networks the most common and major technique used is ethical hacking. It comprises complex levels of vulnerability assessment and performing penetration testing by using the identified exploits. In this research paper, I have demonstrated and analyzed the methodologies through which the pen tester accesses the target system, identifying exploits, attacking the target system using the identified exploit privilege escalation, and capturing the root flag to access the data. Finally, before exiting he should clear the system as before. Finally, the pen tester generates a report containing the guidelines to eliminate the security flaws and improve network security.
Access provided by Autonomous University of Puebla. Download conference paper PDF
Similar content being viewed by others
Keywords
1 Introduction
Ethical hacking refers to the combination of vulnerability assessment and penetration testing techniques. In this technique, Kali Linux is used as a host system since it comprises all automated tools available. Security can be guaranteed by some protection mechanisms: prevention, detection, and response [1]. Using these automated tools and methodologies, the pen tester will attack the target system. Pen testing is performed using the identified vulnerabilities and exploits. Finally, the pen tester will generate a report, which contains the solutions or methods through which the organization can eliminate the security loopholes in the target system successfully. In this way, the security of networks is ensured. Using this technique, attacks from cybercriminals can be eliminated. In this proposed work, network security is retained with the help of ethical hacking using penetration testing and vulnerability assessment. Every technology which we are handling has a great advantage and unnoticeable disadvantage too. That is mainly used as loop holes by hackers and this leads to many crimes now a days [2].
2 Penetration Testing
Penetration testing is performed by a group of penetration testers. They are also known as pen testers. In this technique in the initial phase, planning about the target system is done and all available information about the target system is collected. In the next phase, the pen testers will identify the available complex vulnerabilities in the target system through the automated tools and methodologies available. Since Kali Linux is used as the host system, it contains all the automated tools available. In the third phase, they will exploit the vulnerabilities and attack the target system as a normal user. Then through the privilege escalation method, they will act as root users and capture the root flag to access the information. Before exiting, they will clear the system as it was before the attack. Finally, they will generate a pen testing report, which contains the identified vulnerability list and the guidelines or methods to eliminate the security flaws in the network of the organization. This is an efficient method to eliminate the attack from hackers or cybercriminals. Some of the designed security methods are proof of correctness, layered design, and software engineering environments and finally penetration testing [3].
3 Algorithm
-
Step 1: Start
-
Step 2: Setting up the target system
-
Step 3: Footprinting
-
Step 4: Identifying the vulnerabilities
-
Step 5: Exploitation
-
Step 6: Target system login
-
Step 7: Root user login
-
Step 8: Report analysis
-
Step 9: Clearing and exit
-
Step 10: Stop.
4 Proposed System
Web applications vulnerabilities allow attackers to perform malicious actions that range from gaining unauthorized account access to obtaining sensitive data [4]. Penetration testing involves a virtual pen testing laboratory that uses a VMware workstation as the platform to perform testing. For demonstration purposes, we have selected a target system from one of the pen testing and learning platforms. VulnHub is one of such learning platforms, which contains a set of target systems for owasp students for learning purposes. So, to perform pen testing we require one host system, a target system, and the VMware workstation. Here, we have used Kali Linux as the host system since it contains all automated tools available for pen testing. Nullbyte1 is the target system used here which is provided by VulnHub platform. Initially, we have to download and import the target system nullbyte1 and host system Kali Linux to VMware environment, and start running. Vulnerabilities are an open door which leads to threat and exploit the data occurring unexpected events [5].
First let us start with the scanning and enumeration to find the IP of our target machine (nullbyte1) and then will try to gain as much knowledge about our box, respectively.
-
Step 1: To find the IP address of the target machine.
-
Use different commands to achieve this like arp-scan, nmap, or netdiscover (Fig. 1).
-
$ sudo arp-scan-l
-
Now, the IP of the target machine is obtained, i.e., 192.168.0.124, initialized to enumerate the target.
-
Step 2: Let us scan our target to see which ports are opened and what services they are running (Fig. 2).
-
$nmap-sV-sC 192.168.0.124-p--oN allports_scriptscan
-
We found out that port 777 (SSH), 39,594 (RPC), 80 (http), and 111 (rpcbind) are open on the target machine and can see the version of the services running.
-
Step 3: Let us visit the webserver running on this machine on port 80 (Fig. 3).
-
The site had an image. After checking the source code, we could not find anything except the gif. After downloading the git with wget, we can check the meta data of the image with exiftool (Fig. 4).
-
$ exiftool main.gif
-
We can see a comment in there. First, I thought that could be the password for something. Then, I decided to do a directory bruteforcing.
-
Step 4: Let us try to do directory bruteforcing with gobuster to find any interesting directories or files (Fig. 5).
-
$ gutbuster dir–URL http://ip/-w/usr/share/wordlists/dirb/big.txt
-
As we can see, there is phpMyAdmin running on the webserver. Maybe that comment is the password for root.
-
Step 5: Let us check the phpMyAdmin login form (Fig. 6).
-
Default password did not work. Same with the comment we got from meta data of the gif. After that, I decided to try that comment as a directory on the webpage (Fig. 7).
-
And it worked. It is asking some kind of key as input. We can check the source code to see whether we can find anything.
-
Source code shows a comment saying that password is not that difficult (Fig. 8).
-
Step 6: Let us try to bruteforce the key using hydra (Fig. 9).
-
$hydra-l “-P/usr/share/wordlists/rockyou.txt ip”
-
http-post-form'/kzMb5nVYJw/index.php:key=^PASS^:F=invalid key’
-
And got the correct key. Let us try it (Fig. 10).
-
After entering the key, we get next page with username as input. After testing different inputs, I noticed that when given an empty username it shows/fetches all users may be from database (Fig. 11).
-
Step 7: Let us try sql injection on that usrtosearch input field using sqlmap (Fig. 12).
-
$sqlmap—url: http://192.168.0.124/kzMb5nVYJw/420search.php?usrtosearch=--dbs
-
And it worked. We can see available databases.
-
Step 8: Let us dump tables of different databases.
-
$ sqlmap—url: http://192.168.0.124/kzMb5nVYJw/420search.php?usrtosearch=-Dseth--dump
-
After dumping tables inside seth database, we can see a hashed password for ramses user (Fig. 13).
-
Step 9: Let us try to decode that hash by first finding out the type (Fig. 14).
-
It says that hash is base64 encoded. After decoding with base64, it gave another hash (Fig. 15).
-
After identifying this hash, it gave us MD5 (Fig. 16).
-
Decoding that with crackstation gave us password for ramses as omega.
-
Step 10: Let us login with those credentials into ssh which is on port 777 (Fig. 17).
-
$ ssh ramses@192.168.0.124-p777
-
After this, we can check for commands and we can run on behalf of other users.
-
$ sudo-l.
-
Ramses cannot run any command as sudo (Fig. 18).
-
Step 11: Let us try to see what binaries we can run with suid bit (Fig. 19).
-
$ find/-perm-u=s-type f 2>/dev/null
-
A binary named procwatch with suid binary is visible.
-
Step 12: Let us run the binary and see what it gives us.
-
We can see that it is giving out very similar output as ps command (Fig. 20).
-
Step 13: Assuming that this binary is calling ps binary, and without specifying absolute path, we can try manipulating the PATH variable to get a root shell (Fig. 21).
-
And we got root shell and flag.
Finally, we captured the root flag and now having all admin privileges to access the confidential information from the target system. After accessing the data, the pen tester will clear the target system as before the testing and exit from the system. Next phase consists of report generation in which the pen tester will be creating a report documenting all these activities, which gives the list of available vulnerabilities in the target system. By utilizing the report, the owners of the organization could eliminate the security flaws in the system so that they could eliminate the threat from hackers or cybercriminals. In this way, the technique of ethical hacking ensures security of the network in the organization. Penetration testing is not merely the serial execution of automated tools and generation of technical reports as it is frequently viewed. It should provide a clear and concise direction on how to secure an organization’s information and information systems from real world attacks [6].
6 Future Work
Future work comprises of larger target systems with more complex vulnerabilities. Nowadays, daiju, the automated tools and methodologies, are increasing heavily due to high-end cyberattacks. In this paper, we have analyzed the methodologies and tools to perform attack in a Linux machine and in the future will be showing the target as Windows system.
7 Conclusion
In this proposed system, we have demonstrated the latest methodologies and tools through which a pen tester will access a target system. By utilizing the generated report from pen tester, the owners of the organization will overcome the threats from hackers. In this way, ethical hacking became an essential tool in ensuring network security. So, from this scenario we could stood the relevant criteria of network security in the development of an organization. We knew that day to day the vulnerabilities are increasing as more and more complex vulnerabilities are invented by cybercriminals to improvise their attack. So, a pen tester should be having equally or greater knowledge in vulnerability analysis and pen testing.
References
Bertoglio DD, Zorzo AF. Overview and open issues on penetration test. J Braz Comput Soc
Pradeep I, Sakthivel G. Ethical hacking and penetration testing for securing us form Hackers. IOP
Upadhyaya J, Panda N, Acharya AA. Penetration testing: an art of securing the system (using Kali Linux). Int J Adv Res Comput Sci Softw Eng. Research Paper Mundalik SS
ĐURIĆ Z (2014) WAPTT—Web application penetration testing tool. Adv Electr Comput Eng 14(1). ISSN: 1582-7445
Hasana A, Divyakant. Mevab web application safety by penetration testing. Int J Adv Stud Sci Res (IJASSR). ISSN: 2460-4010. Indexed in Elsevier-SSRN
Bacudio AG, Yuan X, Chu B-TB, Jones M. An overview of penetration testing. Int J Netw Secur Appl (IJNSA) 3(6)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Mohan, A., Aravind Swaminathan, G., Shafana, J. (2023). Systematic Approach for Network Security Using Ethical Hacking Technique. In: Rajakumar, G., Du, KL., Vuppalapati, C., Beligiannis, G.N. (eds) Intelligent Communication Technologies and Virtual Mobile Networks. Lecture Notes on Data Engineering and Communications Technologies, vol 131. Springer, Singapore. https://doi.org/10.1007/978-981-19-1844-5_4
Download citation
DOI: https://doi.org/10.1007/978-981-19-1844-5_4
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-1843-8
Online ISBN: 978-981-19-1844-5
eBook Packages: EngineeringEngineering (R0)