PENETRATI

ON
TESTING
BLACK-BOX
USING KALI
LINUX

Module: Penetration testing

Year: 2023
Word count:
Page count:
TABLE OF CONTENTS

1.Introduction

2.Methodology used

3.Executive Summary

4.Technical Summary

5.Assesment Summary

6.Remediation Strategy

7.Result

8.Refrences
INTRODUCTION
The purpose of a Blackbox system penetration test is to
evaluate security vulnerabilities by using a deliberately
vulnerable framework. This system is designed for
educational purposes, allowing professionals to gain
practical experience and knowledge about common
exploits.
During the Blackbox system penetration test, the
following areas are addressed:
1. Network scanning: Initial scan to identify open ports,
services, and potential vulnerabilities.
2. Vulnerability analysis: Thorough examination of
software, configurations, and infrastructure to
identify weaknesses.
3. Exploitation: Utilizing tools like Metasploit to exploit
vulnerabilities and gain unauthorized access.
4. Compromise evaluation: Assessing the extent of
compromise, identifying entry points, sensitive data,
and opportunities for lateral movement.
5. Reporting and recommendations: Detailed
documentation of findings, including vulnerabilities,
weaknesses exploited, and suggestions for
remediation. The report provides insights into the
system's security status and guidance for future
improvements.
It is crucial to emphasize that explicit authorization is
required for penetration testing. Unauthorized or illegal
testing is unethical and against the law.
METHODOLOGY USED
NIST METHODOLOGY:
The NIST methodology, developed by the National
Institute of Standards and Technology, provides a
structured approach to conduct penetration tests for a
comprehensive assessment of security vulnerabilities.
The methodology includes the following steps:
1. Planning and Scoping: Clearly define the test's
objectives, scope, and limitations. Identify the
systems, assets, and networks to be tested and
determine the testing methods and techniques to be
used.
2. Reconnaissance: Gather information about the target
system or network from publicly available sources.
This helps understand potential entry points and the
attack surface.
3. Threat Modelling: Analyse the target system from an
attacker's perspective to identify potential threats,
vulnerabilities, and attack vectors. This step
prioritizes high-risk areas for testing.
4. Vulnerability Analysis: Conduct a systematic
assessment of the target system's vulnerabilities
and weaknesses. Use various tools and techniques to
identify known vulnerabilities, misconfigurations, and
weaknesses in software, hardware, and network
infrastructure.
5. Exploitation: Attempt to exploit identified
vulnerabilities to gain unauthorized access or control
over the target system. Simulate real-world attacks
using penetration testing tools and evaluate the
effectiveness of existing security controls.
6. Post-Exploitation: Assess the impact of successful
compromises and identify potential further
exploitation opportunities within the target system
or network. This includes identifying sensitive data,
possibilities for lateral movement, and potential
escalation of privileges.
7. Reporting and Remediation: Document findings,
including identified vulnerabilities, successful
exploits, and recommendations for remediation. The
report should provide clear and actionable steps to
address security weaknesses and enhance overall
security.
8. Verification and Validation: Conduct follow-up testing
to verify the effectiveness of implemented
remediation measures and validate the adequacy of
addressing identified vulnerabilities.
The NIST methodology emphasizes careful planning,
comprehensive documentation, and collaboration
between the penetration testing team and the
organization being tested. It promotes a systematic and
structured approach to ensure reliable and consistent
results in assessing security vulnerabilities.

EXECUTIVE SUMMARY
The primary objective of this test was to assess the security vulnerabilities of
the BlackBox system by utilizing the Kali Linux penetration testing platform.
Findings:
Throughout the penetration test, significant discoveries were
made:
Network Scanning: The initial scan of the BlackBox system
using Nmap exposed multiple open ports and services, which
could serve as potential gateways for unauthorized access.
Vulnerability Assessment: A comprehensive examination of the
open ports was conducted, involving thorough research and
analysis.
Exploitation: Despite the identification of vulnerabilities,
attempts to exploit them using the available penetration
testing tools in Kali Linux were unsuccessful.
Post-Exploitation: Due to the unsuccessful exploitation process,
further exploration and evaluation in the post-exploitation
phase could not be carried out.

Recommendations:
Based on the findings of the Blackbox system
penetration test, the following recommendations are
suggested to improve its security:
1. Patch Management: Establish a robust patch
management process to ensure all software and
systems within the Blackbox system are regularly
updated with the latest security patches. This helps
address known vulnerabilities and protect against
potential exploits.
2. Access Control: Implement strong access control
mechanisms, including secure authentication and
authorization practices. Enforce the principle of least
privilege, granting users only the necessary access
rights based on their roles and responsibilities.
3. Network Segmentation: Separate the Blackbox
system into different network segments or zones
based on the sensitivity of the data and functions.
This helps mitigate the impact of a potential
compromise and limits lateral movement within the
system.
4. Encryption: Utilize encryption techniques to protect
sensitive data both in transit and at rest. Implement
strong encryption algorithms and ensure the proper
configuration and management of encryption keys.
5. Incident Response Plan: Develop and regularly test
an incident response plan that outlines the steps to
be taken in the event of a security incident. This
helps ensure a timely and effective response to
minimize the impact of any potential breach.
Conclusion: The penetration test from Kali to BlackBox
successfully uncovered multiple vulnerabilities and
weaknesses in the system. Implementing the suggested
security measures will significantly enhance the
system's overall security, minimizing the risk of
unauthorized access and exploitation.

TECHNICAL SUMMARY
VULNERIBILTY FINDINGS
Findings
The coursework began by identifying the IP addresses of both Kali
Linux and the vulnerable VM (obtained from osboxes.org). The
ifconfig command was utilized to retrieve the IP address
information.

After obtaining the IP address of the vulnerable VM, the "Nmap"

command was used with the IP address (in this case, 10.0.2.10)
to perform a network scan. This scan revealed the open ports on
the vulnerable VM, providing information about the services
running and potential entry points for unauthorized access.
After finding out the IP address of the blacbox system, I tried to
find out the open ports of the vulnerable system using kali linux.I
used the command nmap -Pn 10.0.2.10

PORT NUMBER SERVICE RUNNING SERVICE

25 SMTP EMAIL TRANSMISSION
110 POP3 UNENCRYPTED ACCESS TO
EMAIL

143 IMAP EMAIL RETRIEVAL

993 IMAPS SECURE IMAP
995 POP3S SECURE POP3
After identifying the open ports, attempts were made to exploit
them in order to gain root access to the system. However, these
exploitation attempts were unsuccessful. The attempt to gain
backdoor access using Metasploit on the BlackBox system failed.
Despite attempting to brute force, the open ports using tools like
Nmap and Hydra, the outcome was unsuccessful. The ports either
appeared as filtered or open, but connection errors prevented
successful exploitation.
MITRE attack
matrix- SMTP
PORT 25
Tactics Techniques Description

Initial Access Exploit-Public-Facing Attackers may take

Application (T1190) advantage of vulnerabilities
present in SMTP servers or
email applications in order
to gain unauthorized entry
into a system.
Command and Control Standard Application Layer Attackers might leverage
Protocol (T1071) SMTP to establish a
command-and-control (C2)
channel for communicating
with compromised systems
and issuing directives.

ASSESMENNT SUMMARY
Description of the vulnerability
Open SMTP ports can be a serious security risk when an SMTP server is weak
or lacking in necessary security safeguards. Attackers may target the server in
these circumstances in order to take advantage of software flaws or obtain
unauthorized access to private email data. Sensitive information may be
compromised as a result of security lapses, which could have a serious negative
impact on people or organizations. To reduce the dangers associated with open
SMTP ports and protect the server from potential assaults, it is imperative to
implement strong security procedures, such as regular upgrades, reliable
authentication methods, and encryption.
Detailed recommendations to fix vulnerabilities.
We can take the following steps to reduce risks associated with the vulnerability
of an open SMTP port:
1) Check for necessity: Determine whether your needs really require the open
SMTP port. To provide the needed functionality without leaving the port open,
take into account alternate techniques or configurations.
2) Apply access controls: If keeping the SMTP port open is necessary, impose
stringent access restrictions. Use firewall rules or network ACLs to restrict
access to trusted IP addresses or networks that demand SMTP communication.
3) Enable encryption: To prevent unwanted access to or the interception of
sensitive information, secure communication over the SMTP port by
implementing encryption, such as Transport Layer Security (TLS).
Source/destination IP addresses
Source IP address: 197.168.128.131
Destination IP address 10.0.2.10
Tools and techniques
Used nmap to scan for open ports.
Used Nessus
Used Metasploit framework.
I checked if ssh and ftp ports were available to exploit using the following
commands.

I also used to traceroute command to try brute force attack but it was
unsuccessful as well.

Results
None of the open ports were able to exploit.

REFERENCES
 Pentesting-Bible/a collection of awesome penetration testing ... - github. Available
at: https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/1-part-
100- article/A%20collection%20of%20awesome%20penetration%20testing
%20resources
%2C%20tools%20and%20other%20shiny%20things.pdf (Accessed: 13 May 2023).
 NIST cybersecurity framework (2022) NIST. Available at:
https://www.nist.gov/itl/smallbusinesscyber/planning-guides/nist-cybersecurity-
framework (Accessed: 10 May 2023).
 Bresnahan, E. (no date) What are the benefits of the NIST Cybersecurity Framework,
CyberSaint Security. Available at: https://www.cybersaint.io/blog/benefits-of-nist-
cybersecurity-framework (Accessed: 13 May 2023).
 SMTP enumeration (port 25) (no date) SMTP Enumeration (Port 25) - OSCP Notes.
Available at: https://gabb4r.gitbook.io/oscp-notes/service-enumeration/smtp-
enumeration-port-25 (Accessed: 13 May 2023).
 Bigueur, / Miguel (2016) Cybersecurity ‘exploitation’ using Kali Linux, Bigueur’s
Blogosphere. Available at: https://miguelbigueur.com/2015/05/31/cybersecurity-
exploitation/ (Accessed: 13 May 2023).