Systematic Approach for Network Security Using Ethical Hacking Technique

Abstract

Every organization has implemented cybersecurity for network security. Both web applications and organizations’ network security should be free from complex vulnerabilities. It refers to the security flaws in the network or weakness in the web applications. By using the exploits available, the hacker could attack our target system to steal confidential data. So, to secure the security of networks the most common and major technique used is ethical hacking. It comprises complex levels of vulnerability assessment and performing penetration testing by using the identified exploits. In this research paper, I have demonstrated and analyzed the methodologies through which the pen tester accesses the target system, identifying exploits, attacking the target system using the identified exploit privilege escalation, and capturing the root flag to access the data. Finally, before exiting he should clear the system as before. Finally, the pen tester generates a report containing the guidelines to eliminate the security flaws and improve network security.

1 Introduction

Ethical hacking refers to the combination of vulnerability assessment and penetration testing techniques. In this technique, Kali Linux is used as a host system since it comprises all automated tools available. Security can be guaranteed by some protection mechanisms: prevention, detection, and response [1]. Using these automated tools and methodologies, the pen tester will attack the target system. Pen testing is performed using the identified vulnerabilities and exploits. Finally, the pen tester will generate a report, which contains the solutions or methods through which the organization can eliminate the security loopholes in the target system successfully. In this way, the security of networks is ensured. Using this technique, attacks from cybercriminals can be eliminated. In this proposed work, network security is retained with the help of ethical hacking using penetration testing and vulnerability assessment. Every technology which we are handling has a great advantage and unnoticeable disadvantage too. That is mainly used as loop holes by hackers and this leads to many crimes now a days [2].

2 Penetration Testing

Penetration testing is performed by a group of penetration testers. They are also known as pen testers. In this technique in the initial phase, planning about the target system is done and all available information about the target system is collected. In the next phase, the pen testers will identify the available complex vulnerabilities in the target system through the automated tools and methodologies available. Since Kali Linux is used as the host system, it contains all the automated tools available. In the third phase, they will exploit the vulnerabilities and attack the target system as a normal user. Then through the privilege escalation method, they will act as root users and capture the root flag to access the information. Before exiting, they will clear the system as it was before the attack. Finally, they will generate a pen testing report, which contains the identified vulnerability list and the guidelines or methods to eliminate the security flaws in the network of the organization. This is an efficient method to eliminate the attack from hackers or cybercriminals. Some of the designed security methods are proof of correctness, layered design, and software engineering environments and finally penetration testing [3].

3 Algorithm

• Step 1: Start

• Step 2: Setting up the target system

• Step 3: Footprinting

• Step 4: Identifying the vulnerabilities

• Step 5: Exploitation

• Step 6: Target system login

• Step 7: Root user login

• Step 8: Report analysis

• Step 9: Clearing and exit

• Step 10: Stop.

4 Proposed System

Web applications vulnerabilities allow attackers to perform malicious actions that range from gaining unauthorized account access to obtaining sensitive data [4]. Penetration testing involves a virtual pen testing laboratory that uses a VMware workstation as the platform to perform testing. For demonstration purposes, we have selected a target system from one of the pen testing and learning platforms. VulnHub is one of such learning platforms, which contains a set of target systems for owasp students for learning purposes. So, to perform pen testing we require one host system, a target system, and the VMware workstation. Here, we have used Kali Linux as the host system since it contains all automated tools available for pen testing. Nullbyte1 is the target system used here which is provided by VulnHub platform. Initially, we have to download and import the target system nullbyte1 and host system Kali Linux to VMware environment, and start running. Vulnerabilities are an open door which leads to threat and exploit the data occurring unexpected events [5].

First let us start with the scanning and enumeration to find the IP of our target machine (nullbyte1) and then will try to gain as much knowledge about our box, respectively.

• Step 1: To find the IP address of the target machine.

• Use different commands to achieve this like arp-scan, nmap, or netdiscover (Fig. 1).

  Fig. 1

  

  IP scan

• $ sudo arp-scan-l

• Now, the IP of the target machine is obtained, i.e., 192.168.0.124, initialized to enumerate the target.

• Step 2: Let us scan our target to see which ports are opened and what services they are running (Fig. 2).

  Fig. 2

  

  Target port scan

• $nmap-sV-sC 192.168.0.124-p--oN allports_scriptscan

• We found out that port 777 (SSH), 39,594 (RPC), 80 (http), and 111 (rpcbind) are open on the target machine and can see the version of the services running.

• Step 3: Let us visit the webserver running on this machine on port 80 (Fig. 3).

  Fig. 3

  

  Webserver in port 80

• The site had an image. After checking the source code, we could not find anything except the gif. After downloading the git with wget, we can check the meta data of the image with exiftool (Fig. 4).

  Fig. 4

  

  Exiftool execution

• $ exiftool main.gif

• We can see a comment in there. First, I thought that could be the password for something. Then, I decided to do a directory bruteforcing.

• Step 4: Let us try to do directory bruteforcing with gobuster to find any interesting directories or files (Fig. 5).

  Fig. 5

  

  Directory bruteforcing

• $ gutbuster dir–URL http://ip/-w/usr/share/wordlists/dirb/big.txt

• As we can see, there is phpMyAdmin running on the webserver. Maybe that comment is the password for root.

• Step 5: Let us check the phpMyAdmin login form (Fig. 6).

  Fig. 6

  

  PhpMyAdmin login form

• Default password did not work. Same with the comment we got from meta data of the gif. After that, I decided to try that comment as a directory on the webpage (Fig. 7).

  Fig. 7

  

  Running comment as webpage to get password

• And it worked. It is asking some kind of key as input. We can check the source code to see whether we can find anything.

• Source code shows a comment saying that password is not that difficult (Fig. 8).

  Fig. 8

  

  Source code of webpage

• Step 6: Let us try to bruteforce the key using hydra (Fig. 9).

  Fig. 9

  

  Bruteforce key using hydra

• $hydra-l “-P/usr/share/wordlists/rockyou.txt ip”

• http-post-form'/kzMb5nVYJw/index.php:key=^PASS^:F=invalid key’

• And got the correct key. Let us try it (Fig. 10).

  Fig. 10

  

  Execution with correct key

• After entering the key, we get next page with username as input. After testing different inputs, I noticed that when given an empty username it shows/fetches all users may be from database (Fig. 11).

  Fig. 11

  

  Empty username

• Step 7: Let us try sql injection on that usrtosearch input field using sqlmap (Fig. 12).

  Fig. 12

  

  Sql injection using sqlmap

• $sqlmap—url: http://192.168.0.124/kzMb5nVYJw/420search.php?usrtosearch=--dbs

• And it worked. We can see available databases.

• Step 8: Let us dump tables of different databases.

• $ sqlmap—url: http://192.168.0.124/kzMb5nVYJw/420search.php?usrtosearch=-Dseth--dump

• After dumping tables inside seth database, we can see a hashed password for ramses user (Fig. 13).

  Fig. 13

  

  Dumping tables of different databases

• Step 9: Let us try to decode that hash by first finding out the type (Fig. 14).

  Fig. 14

  

  Decoding hash

• It says that hash is base64 encoded. After decoding with base64, it gave another hash (Fig. 15).

  Fig. 15

  

  Decoding with base64

• After identifying this hash, it gave us MD5 (Fig. 16).

  Fig. 16

  

  MD5

• Decoding that with crackstation gave us password for ramses as omega.

• Step 10: Let us login with those credentials into ssh which is on port 777 (Fig. 17).

  Fig. 17

  

  Login with credentials

• $ ssh ramses@192.168.0.124-p777

• After this, we can check for commands and we can run on behalf of other users.

• $ sudo-l.

• Ramses cannot run any command as sudo (Fig. 18).

  Fig. 18

  

  Check for commands

• Step 11: Let us try to see what binaries we can run with suid bit (Fig. 19).

  Fig. 19

  

  Check for suidbit

• $ find/-perm-u=s-type f 2>/dev/null

• A binary named procwatch with suid binary is visible.

• Step 12: Let us run the binary and see what it gives us.

• We can see that it is giving out very similar output as ps command (Fig. 20).

  Fig. 20

  

  Executing binary

• Step 13: Assuming that this binary is calling ps binary, and without specifying absolute path, we can try manipulating the PATH variable to get a root shell (Fig. 21).

  Fig. 21

  

  Executing path variable

• And we got root shell and flag.

Finally, we captured the root flag and now having all admin privileges to access the confidential information from the target system. After accessing the data, the pen tester will clear the target system as before the testing and exit from the system. Next phase consists of report generation in which the pen tester will be creating a report documenting all these activities, which gives the list of available vulnerabilities in the target system. By utilizing the report, the owners of the organization could eliminate the security flaws in the system so that they could eliminate the threat from hackers or cybercriminals. In this way, the technique of ethical hacking ensures security of the network in the organization. Penetration testing is not merely the serial execution of automated tools and generation of technical reports as it is frequently viewed. It should provide a clear and concise direction on how to secure an organization’s information and information systems from real world attacks [6].

5 Result

See Figs. 22, 23 and 24.

Fig. 22

Vulnerability result

Fig. 23

Severity graph

Fig. 24

Severity class

6 Future Work

Future work comprises of larger target systems with more complex vulnerabilities. Nowadays, daiju, the automated tools and methodologies, are increasing heavily due to high-end cyberattacks. In this paper, we have analyzed the methodologies and tools to perform attack in a Linux machine and in the future will be showing the target as Windows system.

7 Conclusion

In this proposed system, we have demonstrated the latest methodologies and tools through which a pen tester will access a target system. By utilizing the generated report from pen tester, the owners of the organization will overcome the threats from hackers. In this way, ethical hacking became an essential tool in ensuring network security. So, from this scenario we could stood the relevant criteria of network security in the development of an organization. We knew that day to day the vulnerabilities are increasing as more and more complex vulnerabilities are invented by cybercriminals to improvise their attack. So, a pen tester should be having equally or greater knowledge in vulnerability analysis and pen testing.