CPT Project Report Adithya
CPT Project Report Adithya
SUBMITTED BY
ADITHYA R
30/10/2022
11:30 to 1:30 BATCH
1
ABSTRACT
2
Acknowledgement
I want to thank Mr. Sajith, our project mentor, who guided us to do this project and helped
us with the technical aspects.
I had help from our friends and other team members who made valuable suggestions for this
project. So they made an indirect contribution to this project.
I would also like to extend our deepest gratitude to all those who have directly and indirectly
guided me in doing this project.
I learnt many things while doing this project. I also learnt how to work in team and co-ordinate in
a team along with the technical skills involved in this project. It motivated us to learn more in the
field of Information Security and pursuing career in this field.
3
INTRODUCTION
Security is one of the major issues of information systems. The growing connectivity of
computers through the internet, the increasing extensibility of systems, and the unbridled growth
of the size and complexity of systems have made software security a bigger problem now than in
the past. Furthermore, it is a business imperative to adequately protect an organization’s
information assets by following a comprehensive, and structured approach to provide protection
from the risks an organization might face. In an attempt to solve the security problem and comply
with the mandated security regulations, security experts have developed various security assurance
methods including proof of correctness, layered design, software engineering environments and
penetration testing.
Penetration testing is a comprehensive method to test the complete, integrated, operational, and
trusted computing base that consists of hardware, software and people. The process involves an
active analysis of the system for any potential vulnerabilities, including poor or improper system
configuration, hardware and software flaws, and operational weaknesses in the process or technical
countermeasures. Penetration testing is different from security functional testing. The latter
demonstrates the correct behavior of the system’s security controls while penetration testing
determines the difficulty for someone to penetrate an organization’s security controls against
unauthorized access to its information and information systems. It is done by simulating an
unauthorized user attacking the system using either automated tools or manual method or a
combination of both. This paper provides an overview of penetration testing. It discusses the
benefits of penetration testing, penetration testing strategies and types, as well as the methodology
for penetration testing.
4
WHY PENETRATION TESTING
Penetration testing is not merely the serial execution of automated tools and generation of
technical reports as it is frequently viewed. It should provide a clear and concise direction on how
to secure an organization’s information and information systems from real world attacks. One
critical factor in the success of penetration testing is its underlying methodology. A systematic and
scientific approach should be used to successfully document a test and create reports that are
aimed at different levels of management within an organization. It should not be restrictive to
enable the tester to fully explore his intuitions.
Generally, penetration testing has three phases: test preparation, test, and test analysis.
5
All the necessary documents for the test are organized and finalized during the test
preparation phase. The testers and the organization meet to decide the scope, objectives, timing,
and duration of the test. Issues such as information leakages and downtime are resolved and put
into legal agreement document. Other legal agreements that are deemed necessary are concluded
and signed during this phase. The bulk of the penetration testing process is done during the test
phase. A variety of automated tools can be used in this phase. This phase involves the following
steps: information gathering, vulnerability analysis, and vulnerability exploits. The information
gathering step requires that the tester scan the physical and logical areas of the test target and
identify all pertinent information needed in the vulnerability analysis phase. Depending on the
information gathered or provided by the organization, the tester then analyzes the vulnerabilities
that exist within the target’s network, host and application. The tester may opt to use the manual
method to do this step but automated tools also exist to help the tester. The last step allows the
tester to find exploits for the vulnerabilities found in the previous steps. When exploits do not lead
to what is intended, for example, root access, then further analysis should be done. This is
represented by the loop between vulnerability analysis and vulnerability exploit phases. The
results of the test are thoroughly investigated during the test analysis phase. These results are
provided to the organization so it must be comprehensive and systematic. Preparation of a
mitigation plan is important in penetration testing. It is therefore mandatory to include a
mitigation plan section in the analysis report.
6
PROJECT OVERVIEW
The main aim of this project named LaMasia machine is to compromise the Linux machine
as the final project for the CPT course completion. In this machine, find the vulnerability and
exploit then compromise the machine using pentesting tools and skills gained from RedTeam
Hacker Academy.
IFCONFIG
As the first step I scanned my own IP address to get the other machines information which
is connected in the same network
7
NETDISCOVER
Netdiscover –r 192.168.1.0/24
IP address:192.168.1.100
8
NMAP
Now use the Nmap tool to gathering the information on the services and operating system that
are running on the machine by using the IP got from the above method.
Nmap has an aggressive mode that enables OS detection, version detection, script scanning
and trace routes. So, use –A argument to perform aggressive scan.
Nmap –A 192.168.1.100
9
PORT-KNOCKING
Now again fire up nmap scan. This time hopefully we will have more than one port in the result.
using the command: nmap -p- -A 192.168.1.100
10
As you can see there is one more port open in comparison to our previous scan i.e., 1337 which
has the service of HTTP and this is all we wanted as by default port 80 was not open. Let’s open
our target IP with this port.
It opens a page with only one image, as shown above, then we have also checked its source code
but didn’t get any clue. Generally, there are always some chances of getting robots.txt file inside
a web directory, therefore, while penetrating any system we should always check for the robots.txt
file. Here we had tested for robots.txt it in url 192.168.1.9: 1337/robots.txt, a new web page will
be following image gets opened. let’s dig deep and check in its “view page source” to see whether
it contains any useful information.
11
After then we looked into its source code and found brainfuck encoded format .
Antonela/index.ph is the decoded word we got. Let’s assume it’s a directory and try accessing it
in browser.
12
Test this form with some dummy data. This reveals that the error messages won’t help us try to
brute force usernames, so I fire up burp suite to capture a request and see what I can find. So, we
have a typical post request with 3 params and a cookie, all of which could be potential sql-injection
points.
So we have a typical post request with 3 params and a cookie, all of which could be potential sql-
injection points. So I did what I always do.
I copy the whole request to a file called messi.req and throw it at sqlmap.
sqlmap -r mateo.txt --dbs --batch
13
So it started gathering the database. I decided to immediately enumerate the tables of the Webapp
DB. sqlmap -r mateo.req --dbs --batch --level 3 -D Webapp --tables
We found a table called Users, which is always a good sign so, we go on to dump that table.
sqlmap -r mateo.txt --dbs --level 3 -D Webapp -T Users –dump
14
Finally, we get the username and password. The passwords are in the hash format, so we need to
crack the hash to get these passwords. It's looks like base 64 encoded string, so we need to decode
the hash using base 64 decoder.
15
We got another set of hashes from decoding the first set.
After decoding it all we got password i.e. oldtrafford.so we found the correct username is
mateo and password oldtrafford.
I decided to try these credentials via ssh.
ssh [email protected]
16
I start off by trying to list our sudo privileges as mateo .
sudo -l
17
We are going to Edit /etc/passwd File for Privilege Escalation
Refer the link I give to gain more information about it:
https://www.hackingarticles.in/editing-etc-passwd-file-for-privilege-escalation/
18
Let’s nano /etc/passwd and paste the hash we got in the area of encrypted password and save it
Switch user to “root”
Su root
Provide the password you given
My case its “lamasia”
Here, we have found a text file with the name flag which was our ultimate goal. So now no more
waiting let's read it. Now as we all do Cat the flag.txt from the root directory and be the owner of
your target machine.
Hence successfully find out the vulnerabilities of this machine and exploit the vulnerability to
find the Final Flag.txt .
19
CONCLUSION
This penetration testing process illustrated on the web applications. The testers should follow a
comprehensive format to present the test results. One of the most important parts of the test
analysis phase is the preparation of remediation which includes all necessary corrective measures
for the identified vulnerabilities. The final report needs to have enough detail and substance to
allow those doing remediation to simulate and follow the attack
pattern and respective findings
20