Linux Platform Security Development

Shiv Patel
Masters in Information System Security Management
Concordia University of Edmonton
spatel3@student.concordia.ab.ca

Abstract—Data storage is exceptionally critical today as The performance of a penetration check is dependent on
more and more classified information is being processed the analysis obtained and acquiring as much knowledge as
securely on electronic devices, such as medical records, and such possible regarding the program and the applied infrastructure.
devices linked to computer networks or internet service. In this lab, I deployed a "Metasploitable" web application
Software security and web-security play a crucial position development model and concentrated on crossing points
across the different aspects of cybersecurity. This includes whereby client requests are approved, and complex data is
evaluating the reliability of systems and software apps that are expressed. First, I checked these exposed areas for flaws such
open to the outside world and thus possible targets of even more as authorization, verification of inputs, session management
attacks such as boundary violations, cross-site scripting,
and leak of data. Depending on feedback created, I build
command injections, and SQL-injections. The purpose of doing
penetration testing is to ensure that there is no protection
payloads in the form of errors and reply to any request to dump
vulnerability in system and network that gives unauthorized the content of the database using SQL Injection, obtain a
access to system and network. Penetration testing is one feasible reverse shell by injecting commands and stolen cookies using
and effective method of avoiding system or network attacks. Cross-Site Scripting.
This report summarizes some fundamentals of penetration
testing, review of existing exploits and resources on II. METHODOLOGY-I
Metapoitable VM. A. Getting Ready for the workplace
Keywords— Penetration testing, vulnerabilities, security, As to complete lab 3 need to make sure of some pre-
exploit. requirement as follows:

I. INTRODUCTION Install the VMWare Workstation on the system for

windows.
A variety of websites are created, public agencies,
Download kali iso file and Metasploitable VM file.
educational organizations, and global companies have moved
from the centralized development/management approach built
separately for the website. With specific goals to develop and I will set up two virtual machines running Kali Linux and
operate a majority of sites via a single SaaS engine (Software Metasploitable2 to do a vulnerability assessment and
as a Service) or Application Leasing (ASP) process. The cloud penetration test.
service environment includes several data vulnerability Metasploitable VM setting it up: The virtual machine
delivery sites, a network operating system that utilizes a single Metasploitable is a deliberately insecure variant of Ubuntu
cow. Furthermore, there are also security problems and
Linux intended to check protection software and illustrate
accidents as the website runs.
specific vulnerabilities. First, we need to access the
Recently web innovation has overgrown in other areas of Metasploitable 2 virtual machine that includes the insecure
life and work and has influenced people. Many day-to-day host system on which we will be training in the lab. Ensure I
tasks that involved face-to-face contact can now be carried out have adequate space on your host network to mount the VM
on the Internet. Web services are essential elements of our and operate it. When you run Kali in a VM on the same
lives. These include such important things, such as financial
server, you need to provide at least 10 gigabytes of system
transactions, e-commerce, e-business, e-government, e-
procurement, e-education, and much more. According to a resources and optimal RAM for your host device, the
positive technology(ptsecurity.com), nearly 82 percent of Metasploitable system, and Kali Linux. The Metasploitable 2
bugs are in the application code. And cyber threats target download can be found at Sourceforge. Once after loading
application vulnerability. VM on VMware workstation, run it. Log in to the virtual
machine by using the credentials (Username: msfadmin,
Penetration testing is a crucial strategy for evaluating the
Password: msfadmin). Using the ifconfig command to test if
robust, efficient, interconnected and trustworthy computing
base composed of software, hardware, and individuals. DHCP was able to automatically accept an IP address from
my system. My Metasploitable VM's An IP address is
Following diagram shows the basic process of penetration 192.168.1.130.
testing:

information Vulnerabilities Vulnerability

Gathering analysis exploitation

Report Post
Generation exploitation

Fig 1. Basic Pen Testing Process. Fig 2.Shows The Ip Address Of Metasploitable VM
 Kali Linux setup: Kali Linux is a powerful and the chance to test them. It not only allows of in-depth manual
versatile operating system designed and built by Offensive assessment, it also blends automated techniques to
security, Kali Linux is primarily developed to simply to summarise and evaluate tools for web applications.
satisfy the necessary criteria of fully qualified penetration
testing and security auditing. This provides pre-installed Brute Force attack through Burpsuite: First of all, I
vulnerability detection and penetration testing tools for run all my VM's and I put 192.168.1.131 in the browser of
network traffic sniffing, efficiency threats, security analysis, the kali where I could see Metasploitable's homepage for
and many more. I downloaded Kali Linux from bypass authentication. I clicked DVWA, which led me to the
https:/www.kali.org/downloads/, the official platform for DVWA website and modified the Low to High security level.
offensive security, and I built a few unique payloads to attack DVWA's default login credentials are admin and password,
earlier. I'm going to use Kali VM, but I'm going to migrate because it's already a' vulnerable' web device, but I want to
from a Bridged Network framework to a NAT network. After bypass authentication with a brute force attack. I built a Burp
downloading Kali Linux, I issued it 40 GB of space and 8 GB Suite project, and switched on the proxy tool intercept mode.
of RAM for a latency-free ride permanently. I started up my I've used a localhost proxy in my browser config. I can view
Kali VM and used the ifconfig command to search its IP all http queries and replies by doing so, because each request
address. The allocated IP address was 192.168.1.131. passes through my localhost and Burp intercepts and records
it.

Fig 4.Proxy Of A Browser.

Fig 3.Shows The Ip Address Of Kali VM After which, whenever I insert some context in the
username and password sector, Burp might decrypt the
B. DVWA penetration testing using BurpSuite request and I see the passwords in a non-encrypted plain text
in the fields of usernames and passwords. I picked the http
DVWA: DVWA is a PHP / MYSQL coded DAMM
request and I went to the intruding tool where I stacked two
VULNERABLE WEB Application. It is far too fragile. user-name and password fields in the form of a wordlist.
Ethical hackers test their expertise in this protection app and
use these resources in a secure setting. This also lets coders After the attack has been pushed, I noticed 36 requests
grasp application security processes and teachers/students to were redirected to the DVWA login page at the beginning of
teach/learn to secure web applications in a safer the attack(Username 6x Password 6=36), 35 of those 36
requests had brute forces failed in duration 488 and only 1 had
environment.DVWA's goal is to learn some of the most
the right attempt 4951.
prevalent weaknesses in the network, with specific degrees of
complexity. Older DVWA had four tiers of protection,
including Easy, Moderate, Hard and Impossible, but now
they're three rates, low, medium and high. I've carried out
numerous attacks at all stages of defence.

Burp Suite:Burp Suite is an advanced web application

security platform which is simple to use. Burp provides many
resources that are combined effortlessly, enabling you to
check any feature and element of modern web applications.
If you have to test the robustness of your authentication
system, the sameness of your session tokens, or the check
points for input validation found in your application,The Fig 5.Sucess Of Brute Force Attack.
scanner tool tests for website configuration and bugs. The
proxy function involves updating, tracking and reissuing Post Attack Brute Force with THC-Hydra:THC-Hydra is a
queries. It operates in a proxy mode and can intercept both Kali Linux tool that can brutely break a remote authentication
HTTP requests and user replies. The attacker device assists service.To determine the system's admin name and user
in executing custom attacks for automatic defence checking. password and we will use the hydra method to do so. A
Burpsuite's pro edition has a lot of features but I never had username and password list is generated first for that. Hydra
is a simple and scalable password cracking tool that is used
in kali Linux, supporting numerous protocols. Now launch pwd that shows present direcory. I navigate to the following
the kali Linux terminal and set user.txt for username and website http:/192.168.1.131/dvwa/vulnerabilities/exec/.
password.txt for password, then I execute : hydra -L users.txt
-P passwords.txt ssh://192.168.1.131 -t 4

Fig 6. Shows Command Exection On DVWA.

Fig 5.Shows Hydra Code Execution. I've used a tool named Netcraft to execute remote-code
execution that I am going to listen to 192.168.1.131 in Kali
SQL injection Attack: SQL Injection (SQLi) is a form Linux on port number 1234. 127.0.0.1 | nc 192.168.1.131
of injection attack where malicious SQL statements may be 1234-e /bin/sh I used the input field on DVWA. This
performed. Such claims guide a web application supported by command connects our metasploitable system to port 1234.
a SQL database. Attackers can use vulnerabilities in SQL As I returned to my kali screen, I found that I could see the
Injection to override security measures in the app. Query files and directories in the current working directory by using
validation and parametrized questions with optimized the ls button.
statements are the only secure way to avoid SQL Injection
attack. If SQL Injection is efficient, secret confidential data
such as database tables may be recovered, the database logic
modified, or even a backdoor accessed. While I was doing
SQL injection on the UserID location, I did so by making sure
that my SQL query performance is always TRUE. I utilized
"1 ' or 1=1 # "which results in 1, meaning Valid. I obtained
the user table information from the site. I used “ 1'OR 1 1=1
UNION SELECT NULL, TABLE NAME FROM
INFORMATION SCHEMA.TABLES # ” to learn the
database structure and database metadata. This order would Fig 7. Show Remote Command Exaction On Kali Linux.
display all entries in the database, supplying us with the
database info. Upon accessing the network, a brute force attack must be
carried out to obtain the user's credentials. As we said, we need
Cross Site Scripting attack: Cross-Site (XSS), usually to learn how a user named msfadmin, what is the user's
seen in Web apps, is one form of computer security password so that they can sign in to the system. We used
vulnerability. XSS attacks allow hackers to implant client- Hydra and not DVWA in this situation to demonstrate brute
side scripts on the other client’s sites. There exist three kinds force. "Hydra-L users.txt-P passwords.txt ssh:/192.168.1.131-
of cross-site script attacks. Stored, Reflected and DOM- t4" where -L is the logon names list, -p the passwords list and-
based. I enhanced the security to medium to conduct an XXS t which sets parallel to the function to be done, ssh:/
192.168.1.131 which is the target and protocol. After a while,
attack. After this, I was able to type anything in the name
the amount of active logins is completed and shown to us."
field. To perform XXS, I used the script <button onClick=” Ssh msfadmin@192.168.1.131" is used when it requests a
alert(‘this XSS’)”>Click</button>, which will pop up a password for msfadmin. As we know, the password that we
message box with this is XSS. Now every time someone got at we will now use the Brutes Force attack with this ssh
accesses this page, they will see the popup as it is stored on order, and the metasploitable will be signed.
the server.

Remote Commnad exection: Command injection is an

attack to perform unauthorized commands on the host
operating system from a compromised application.
Command intrusion attacks are required when vulnerable
client data (forms, metadata, HTTP headers, etc.) is
forwarded from the device container through a programme.
Remote code execution is an intrusion in which the attacker
gets shell use of a system in which the web-based program is
hosting and can run code on the mobile client on the host
machine. In DVWA, I kept the degree of protection mild. To Fig 8.shows Metasploitable terminal through SSH
execute remote code, I used 192.168.1.131 on this link and
C. Penetration Testing On Mutillidae
SQLi-Extract Data: In this we will access to the
application Muttilidae. The admin account authentication
command “ ' 1 or1=1— ” has been issued. Anything that goes
beyond — in the command is a statement and 1=1 is often
used as the Real. We have all the data of the database which
inclues username,password and signature.

Fig 9.Show the SQL injection on Mutillidae.

XSS (cross-Site Scripting attack): The final attack

executed was XSS, when somebody tries to change the
background colour; the user's screen prompted an alert. In the
background colour section, where the appropriate
background colour is written in a text box, we write the
HTML script like <script>ALERT("hello xss
world")</script >. When the user executes it, he / she will
provide an warning box and it will show hello XSS world in
it.

Fig 10.Show The XSS attack On Mutillidae

III. CONCLUION