Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
29 views11 pages

Basic Pentesting

Uploaded by

Ritik
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
29 views11 pages

Basic Pentesting

Uploaded by

Ritik
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

“REPORT OF BASIC

PENTESTING1 VULNHUB
MACHINE”
Table of Contents:

Sr. No. Contents Page No.


1 Introduc on 3
2 Objec ves 3
3 Requirements 3
4 Scope 3
5 Tools Used 4
6 Methodology 4-9
7 Remedia on 10
8 Conclusion 11
9 References 11
Introduc on :
This report outlines the penetra on tes ng conducted on the "Basic Pentes ng
1" virtual machine from VulnHub. Designed as a training exercise, this VM helps
individuals prac ce and refine their penetra on tes ng skills. The tes ng
involved using tools and techniques to uncover vulnerabili es and exploit
them, ul mately achieving root access. The report details the assessment
process, findings, and provides recommenda ons to improve the system's
security posture. This exercise demonstrates prac cal skills and highlights
cri cal areas for enhancing overall security.

Objec ves :
The objec ve of this penetra on tes ng engagement was to assess the security
posture of the "Basic Pentes ng 1" virtual machine by iden fying, exploi ng,
and ge ng root access.
The end goal was to achieve root access to the system, and retrieve and crack
the password of the user "marlinspike."

Requirements :
1. VMware for running the virtual machines is required.
2. Kali Linux and Basic Pentes ng 1 VM is required.

Scope :
1. Network scanning and service enumera on on the "Basic Pentes ng 1"
VM to iden fy vulnerabili es.

2. Exploitation of identified vulnerabilities, including using Metasploit to


gain root access.

3. Retrieval and cracking of password hashes, specifically targeting the


"marlinspike" user.

.
Tools Used:

1. Nmap
2. Metasploit
3. Searchsploit
4. John The Ripper

Methodology Used :

Nmap Performed network scanning to identify open ports and


services running on the "Basic Pentesting 1" VM.

Figure 1: Scanning 1.1

So there are three open ports in this target machine.

 port 21/tcp — FTP — (ProFTPD 1.3.3c)


 port 22/tcp — SSH — (OpenSSH 7.2p2 Ubuntu)
 port 80/tcp — HTTP — (Apache httpd 2.4.18)

I chose the open port 21 FTP service to find a way to get root access to
this target machine.
Used msfconsole to search for and select an exploit related to ProFTPD
1.3.3c

Figure 2: Metasploit 2.1


Figure 3: Metasploit 2.2

 So there are several exploits have to this proftpd. And I


used exploit/unix/ftp/proftpd_133c_backdoor to attack the
target machine.

Figure 4: Metasploit Payload 2.3

 Configured the exploit with LHOST, LPORT, and RHOSTS

 Then set the payload to /unix/cmd/unix/reverse to gain


unauthorized access and achieve root control of the system.
The setups have been done. Now I have to exploit this.

Figure 5: Metasploit—Exploit 2.4

 Now I have root access to the target machine.

 Then I am looking the shadow file


The shadow password file is a system file in which encryption user
passwords are stored so that they aren’t available to people who
try to break into the system.

Figure 6: etc/shadow 3.1


Figure 7: Copy The Hash 4.1

 Copied this to a new file to crack this hash


marlinspike:$6$wQb5nV3T$xB2WO/jOkbn4t1RUILrckw69LR/0EMtUbF
FCYpM3MUHVmtyYW9.ov/aszTpWhLaC2x6Fvy5tpUUxQbUhCKbl4/:174
84:0:99999:7:::

I used John The Ripper to crack this hash

Figure 8: John The Ripper 5.1

Finally, I found the password for the marlinspike and it is marlinspike


Figure 9: Basic Pentesting1

 Finally, I get the root access and find the password of


the marlinspike user of this box. I used open port 21/tcp — FTP —
(ProFTPD 1.3.3c) to exploit this Basic Pentester:1 Box in Vulnhub.
Remedia on :

1. Update or Patch ProFTPD:


o Upgrade to the latest stable version of ProFTPD to mi gate the risk
of exploita on through known vulnerabili es.
o Regularly monitor and apply security patches for all services
running on the server.

2. Implement Stronger Password Policies:


o Ensure that users, especially privileged accounts, use strong,
complex passwords that are not easily crackable.
o Regularly update passwords and consider implemen ng mul -
factor authen ca on (MFA) where possible.
3. Don’t Use Default Passwords:
o Replace any default passwords with strong, unique ones
immediately a er system setup.
o Regularly audit systems to ensure that no default creden als are in
use, as they are a common target for a ackers.
4. Regular Security Audits:
o Conduct regular security audits and vulnerability assessments to
iden fy and remediate poten al weaknesses.
o Use automated tools to con nuously monitor for outdated
so ware and known vulnerabili es.
5. Restrict Access to Sensi ve Files:
o Limit access to sensi ve files like /etc/shadow to only necessary
system processes.
o Implement proper file permissions and access controls to reduce
the risk of unauthorized access.
Conclusion : :
The penetra on test on the "Basic Pentes ng 1" virtual machine was successful
in iden fying and exploi ng vulnerabili es, ul mately leading to root access.
Key vulnerabili es included an outdated version of ProFTPD, which was
exploited using Metasploit. The successful retrieval and cracking of the
"marlinspike" user's password further demonstrated the poten al risks posed
by weak or exposed creden als. The findings and recommenda ons provided
aim to enhance the overall security posture of systems vulnerable to these
types of exploits.

References :

You might also like