See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/362270334

Penetration testing report

Article · July 2022

CITATION READS
1 3,388

1 author:

Isuru Anuradha
Sri Lanka Institute of Information Technology
11 PUBLICATIONS 1 CITATION

SEE PROFILE

All content following this page was uploaded by Isuru Anuradha on 26 July 2022.

The user has requested enhancement of the downloaded file.

 Sri Lanka Institute of Information Technology

Penetration testing report

Applied Information Assurance - IE3022

Submitted by:

Student Registration Number Student Name

IT19184654 K.A.I. Anuradha

Date of submission: 27 / 9 / 2021

Executive Summery
This penetration testing was performed to identify vulnerabilities in the target domain, and two high-level
vulnerabilities, and one low-level vulnerability were discovered.

Tools used for the vulnerability assessment

• Maltego tool
• Recon-ng
• The Harvester
• Nmap
• Angry IP Scanner
• Legion
• Nbtscan
• Host
• Nslookup
• Dig Command
• Metasploit Framework
Scenario 1: Web Reconnaissance scan on Netflix.com

Maltego tool

Information gathering
 Recon-ng

Figure 1

Create a workspace and insert the target domain

Figure 2
Figure 2
Load the modules and run

Figure 5
Figure 4

Figure 7

Figure 6
 The harvester

Figure 8

Search for emails, IPs, and hosts through the

google search engine.
Get all information about the Netflix.com.

Figure 9

Figure 10
 Figure 12

Figure 11

➢ No vulnerability found.
➢ Risk level is low.

Scenario 2: Scan the IP Address on Metasploitable 2

Nmap

Check the connectivity using ‘ping’.

Figure 13 Figure 14
Scan the open ports.
Scan version information of services type.

Figure 13

Figure 12

Run aggressive scan to find all the details of a target

Figure 14 find how to reach the target destination

Figure 16

Figure 15 Find version of operating system.

Angry IP Scanner

Perform a scan on IP range 192.168.56.0 – 255

Figure 17 Open Web Browser

Figure 16

Figure 18 Open Trace Route

➢ Risk level high vulnerability found: - Information disclosure.

➢ Found all ports, open ports, OS version, services, hosts, actual OS details, website’s metadata, internal
files, disallowed directories.
➢ Impact: - All server information can be diverted to the third party. This will lead to a loss of integrity and
confidentiality. The reputation of the company will be damaged.
 ➢ Recommendations:
• Verify that none of the services operating on the server's open ports provide information about their
builds or versions.
• On all web servers, services, and web applications, make sure that effective access controls and
authorizations are in place to prevent attackers from gaining access.
• Disallow directory listing on the web server and ensure sure the web application always displays a
default web page.

Scenario 3: Enumeration scans

Legion

Figure 19 Figure 40 Services

Figure 21 CVEs (Common vulnerabilities) Figure 32 found valid username and password
Nbtscan

Figure 23Netbios on Metasploitable 2 & Win7

Figure 24 Verbose scan on Metasploitable 2 to find work

group information

Host
Nalookup

Figure 25
Figure 26
nslookup: - gather information
host -t ns: - name server information
set type=ns: - name server information
host -t mx: - mail server information
set type=mx: - mail server information
host -T: - enables TCP/IP mode
Dig Command

Find DNS related information

Figure 28

Figure 27

Figure 29

Figure 30

➢ Risk level high vulnerability found: - disclosure and brute-force

➢ Found user login details, server details, port details, work group information, common vulnerabilities
(CVEs)
➢ Impact: - Depending on the objective of the website and, as a result, what information an attacker can
access, can have both a direct and indirect influence. In certain situations, just revealing sensitive material
can have a significant impact on the persons involved. All server information can be diverted to the third
party. This will lead to a loss of integrity and confidentiality. The reputation of the company will be
damaged.
 ➢ Recommendations
• Verify that none of the services operating on the server's open ports provide information about
their builds or versions.
• On all web servers, services, and web applications, make sure that effective access controls and
authorizations are in place to prevent attackers from gaining access.
• Disallow directory listing on the web server and ensure sure the web application always displays
a default web page.
• Increase the length and complexity of the passwords (More choices and characters lengthen the
time it takes to brute-force crack).
• Implement Captcha.

Scenario 3: Metasploit Framework

SSH Exploitation

Figure 31

Figure 32
References
• All the labs and lecture sessions.

View publication stats