Final Penetration Testing Report

Executive Summary
The penetration test that was carried out over the targeting environments revealed loopholes at
risk because of poor configuration of systems, services, and password policies. Industry-standard
tools, such as Tenable Nessus, Nmap, Nikto, Hydra, and WebGoat, were used to simulate real-
world attacks in the course of the assessment. This report contains a detailed summary of
findings, the likely risk they pose, and recommendations for prevention or remediation.

Key Findings
1. Critical Vulnerabilities:
○ The presence of such services as Samba, vsftpd, and UnrealIRCd provides
outdated software versions, thus allowing RCE and unauthorized access.
○ Weak password policies enabled the attacks.

2. High-Risk Configuration Issues:

○ Use of insecure telnet with default credentials within the service of Apache
Tomcat.
○ Broken input validation causing SQLi and XSS vulnerabilities.

3. Policy Gaps:
○ No account lockout mechanism present.
○ Clear-text passwords are used for FTP and Telnet.

Recommendations
1. Updating outdated software along with patching.
2. Strengthening password policies and implementing multi-factor authentication.
3. Configuring more secure protocols (SSH instead of telnet).
4. Continually running updated software vulnerability scans.
Methodology
Tools Used
● Nessus: For exhaustive vulnerability scanning.
● Nmap/Nikto: For detecting open ports, services, and configuration issues.
● Hydra: For password-cracking simulations.
● WebGoat: To exploit common web application vulnerabilities.

Scope
The assessment included the following systems:
● Metasploitable: Simulated vulnerable host.
● Ubuntu Server: Hosting Apache services.
● Windows 11 VM: Configured with IIS and FTP services.
Findings and Analysis
1. Nessus Vulnerability Scanning
Summary:
Nessus identified 39 vulnerabilities across the target systems, categorized as follows:
● Critical: 10
● High: 15
● Medium: 9
● Low: 5
Detailed Findings

Service/ Component Vulnerability Risk Level Remediation

vsftpd 2.3.4 Backdoor High Update to a secure

vulnerability version or replace
with SFTP

OpenSSH 4.7 Weak encryption Medium Upgrade to the latest

OpenSSH version.

Samba SMB Remote code Critical Patch and enable

execution SMB signing

Apache Tomcat Default credentials High Disable default admin

accounts and update
to the latest version.
2. Web Application Security
Exploitation Using WebGoat
● SQL Injection:
○ Successful bypass of authentication with payloads such as ' OR '1'='1' --.
○ Impact: Exposed sensitive user data, compromising confidentiality.
○ Recommendation: Use prepared statements and parameterized queries.
● Cross-Site Scripting (XSS):
○ Injected scripts executed in browsers, proving insufficient input validation.
○ Impact: Allowed session hijacking and data theft.
○ Recommendation: Implement Content Security Policies and sanitize inputs.
3. Password Security
Hydra Results:
● Target: Linux SSH service.
● Outcome: Passwords like password123 cracked within 8 minutes.
● Issues:
○ Weak passwords.
○ No account lockout policy.
● Recommendations:
○ Enforce strong password policies (12+ characters with complexity).
○ Configure account lockout mechanisms.
4. Service-Specific Issues

Service Port Vulnerability Severity Remediation

Telnet 23 Insecure High Disable Telnet;

plaintext use SSH instead
transmission

MySQL 3306 Default/weak High Enforce strong

credentials authentication.

UnrealIRCd 6667 Backdoor Critical Update to the

vulnerability latest patched
allowing RCE version.
Recommendations for Remediation
1. System Updates and Patching:
 ○ Regularly update all software and operating systems.
○ Apply vendor-provided patches to eliminate known vulnerabilities.
2. Enhancing Password Policies:
○ Enforce complex password requirements.
○ Implement Multi-Factor Authentication (MFA) for sensitive systems.
3. Service Hardening:
○ Replace insecure services like Telnet with secure alternatives (e.g., SSH).
○ Disable unnecessary services to reduce attack surface.
4. Application Security:
○ Use secure coding practices (e.g., input validation, prepared statements).
○ Regularly test web applications for vulnerabilities using tools like OWASP ZAP.
5. Continuous Monitoring and Audits:
○ Conduct periodic vulnerability scans and penetration tests.
○ Deploy intrusion detection systems (IDS) and Security Information and Event
Management (SIEM) solutions.
Conclusion
The penetration test has revealed critical vulnerabilities and gaps in the security posture of the
tested systems. By addressing the identified issues and following the recommended actions, the
organization can significantly reduce its attack surface and improve overall resilience against
cyber threats.
Appendix
● Tools Used: Nmap, Nikto, Nessus, Hydra, WebGoat.
● Commands:
○ nmap -sV -A target_IP
○ nikto -h target_URL
● References:
○ Tenable Nessus Documentation.
○ OWASP Secure Coding Practices.