Penetration Testing Strategies And Methodologies With Metasploit Framework Essay.

On successful completion of this module the student will be able to:
1 Understand penetration testing strategies and methodologies
2 Implement penetration testing methodologies to perform a penetration test
3 Create a written report for a penetration test to a high standard
 

The Metasploit Framework

System Defense is a vital thing that any institution, organization or company making use of an information system ought to consider (Holik,2014). 

Metasploit is a framework that happens to be one of the most popular when it comes to penetration testing. Metasploit is meant for pen testing, vulnerability assessments, developing and executing exploit code against remote targets.

Metasploit has both command line (msfconsole) and graphical user interfaces (Armitage).

Armitage is the graphical attack management tool with the capability of visualizing targets and give recommendations on exploits for the known vulnerabilities with reference to the target.

In our penetration testing, we use the free Metasploit framework edition that comes installed by default in Kali Linux distribution.

Metasploit is presently the most popular word in the field of information security and penetration testing. It has completely changed the way we carry out security tests on a systems.

Metasploit’s popularity is as a result of its wide range of tasks that it can perform to relieve the work of penetration testing to make systems more secure. Metasploit is also available on almost all popular operating systems and platforms 

Metasploitable is a pre-configured Environment / Linux virtual machine that pen-testers can utilize to practice and gain knowledge on ethical hacking without violation of the law, regulations or having to test in a real production environment. Metasploitable is by design made to be vulnerable and can be setup as a virtual machine in any hypervisor or KVM like VMware Player or VirtualBox.

This is a Debian derivatives customized and maintained purposely for penetration testing. It comes preinstalled with hundreds of tools that cut across the field of penetration testing. The tools are categorized depending on purpose and platform being targeted. Such categories include information gathering, web application analysis, wireless attack, database assessment, vulnerability analysis, password attacks, reverse engineering, sniffing & spoofing, exploiting tools, post exploitation, forensics, reporting tools and social engineering tools. Due to this fact that Kali Linux comes with all these tools, it is the preferred tool for our exercises. Moreover, the tools are selected in such a way to avoid redundancy in tools functionality and availability of upgrades out of the box for those tools when a new version is released. Kali Linux is the favorite operating system for security professionals as it has all the popular penetration testing tools pre-installed in it; reducing the cost of a separate installation. The fact that Kali is a Linux-based operating system also makes it less prone to virus attacks and provides more stability during penetration testing. Open source means one has the freedom to modify or customize the Operating system to meet desired functionality without having to worry about proprietary issues. 

Metasploitable

This is a relatively straight forward U(nix) utility with the capability of reading and writing data across network connections using TCP / UDP protocols. It is possible to interact with netcat directly, or simply pipe its output to another program or script. (Maynor,2011)This means more flexibility in terms of its usage. From my experience with netcat or nc, it supports plenty of protocols such that when in doubt about services on a certain port to which I want to connect to, nc is the fast tool I deploy to test the services being run on that port. This is a great tool for debugging and exploration of hosted services on a network. Netcat has server capabilities and functionalities as it can listen for incoming connections on arbitrary ports after which the reading and writing is performed. Some of these protocols supported by nc include: telnet, ssh, ftp, http, just to mention a few.

This is a server daemon that provides Active Directory (AD), file-sharing and printing services to clients.(Chiem,2014) The server provides filespace and directory services to clients using the SMB (or CIFS) protocol and other related protocols such as DCE/RPC, LDAP and Kerberos. (Kearns,2011)Clients supported include MSCLIENT 3.0 for DOS, Windows for Workgroups, Windows 95/98/ME, Windows NT, Windows 2000/XP/2003, OS/2, DAVE for Macintosh, and cifsfs for Linux. (man samba)

This is a weakness in a system that allows an attacker or pentester to compromise the system's security.(Ramirez,2010) A vulnerability can exist in the network protocols, application software, or even in the operating system.

An exploit is a script or code that enables an attacker to utilize the vulnerability found in the system so as to compromise its security. In the penetration testing world, every known vulnerability has its own corresponding exploit. (Kasinathan,2013)These exploits are created by security enthusiasts or attackers so as to ease on the process of penetrating into the system whose vulnerability has been discovered. Bounty hunters do create exploits as a proof-of-concept when presenting their zero days for payment. 

This is a vulnerability that has yet to be classified as publicly known. (linux,2017)These kind of vulnerabilities are valued highly both by the good and bad guys as they can be used as a gauge for one’s experience and advancement in the field of information security. 

A payload is the actual code that runs on the system after exploitation or penetration. They are mostly utilized to set up a connection between the victim/target machine and the attacker. (Mudge,2011)A payload may set up a connection to the target or from the target to the attacker. This variation is mostly determined by factors such as existence of a firewall, NAT and other protocols

Kali Linux

Modules are the small building blocks of a complete system that performs a specific task. Modules cans be combined to form a complete system that functions as a single unit. The Metasploit framework make use of modules.(Steiner,2011) Thus, making it easy for developers to integrate new exploit codes and tools into the framework without having to rebuild the entire framework from scratch every time a new exploit is to be added.

While every thing  seemed to work out of the box when trying to get access into the Metasploitable on our virtual machine, this was not the case  when it came to penetrating into the kali Linux on our virtual machine. To begin with, nmap detected that the host was up as shown in
Figure 18: 2.2.5 nmap. However there were no open ports. The only thing we got after the nmap scan on Kali was the mac address of the virtual machine.

Despite port 139 being famously known for granting access to a machine on windows(XP), it failed to grant us access to our Metasploitable vitrual machine. This port runs netbios services. Thus, finding a working exploit for the port mean one could fully take over the target machine with administrative privilege.

We got access to the ftp server running on our Metasploitable vm. This however took a lot of time as the ftp server would lock us out after every ten failed attempts when using our dictionary attacks on it. This would take more time in a real world machine whose security has been enhanced to prevent dictionary attacks.

Generally, the main strategy for our penetration testing dwell on port scanning. Ports found open would indicate the services running on them. A Metasploit search for those services would then be carried out to find any published vulnerabilities for those services and possible exploits. When open ports were not detected on a host that was up, ‘-Pn” would be passed along as an nmap parameter thus skipping the “ping” on machines that block pings. When no open port was found, it made it difficult to continue with penetration testing on such a target. 

Conclusion

As from the demonstrations, samba and NFS have known vulnerabilities and existing exploits. With proper Metasploit Framework searching and usage, it wass possible to exploit both samba and NFS to not only get access to user data, but also create a connection back to (Us) the attacker. This means that the attacker can easily take over the Target machine or create a backdoor so as to make future access easy as there’s no need of repeating all the steps carried out in the initial pen testing. 

References 

Holik, F., Horalek, J., Marik, O., Neradova, S. and Zitta, S., 2014, November. Effective penetration testing with Metasploit framework and methodologies. In Computational Intelligence and Informatics (CINTI), 2014 IEEE 15th International Symposium on (pp. 237-242). IEEE. 

Maynor, D., 2011. Metasploit toolkit for penetration testing, exploit development, and vulnerability research. Elsevier. 

O'Gorman, J., Kearns, D. and Aharoni, M., 2011. Metasploit: the penetration tester's guide. No Starch Press. 

Ramirez-Silva, E. and Dacier, M., 2010, December. Empirical study of the impact of metasploit-related attacks in 4 years of attack traces. In Annual Asian Computing Science Conference(pp. 198-211). Springer, Berlin, Heidelberg. 

Kasinathan, P., Costamagna, G., Khaleel, H., Pastrone, C. and Spirito, M.A., 2013, November. An IDS framework for internet of things empowered by 6LoWPAN. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (pp. 1337-1340). ACM.

Marquez, C.J., 2010. An analysis of the ids penetration tool: Metasploit. The InfoSec Writers Text Library, Dec, 9. 

Linux, K., 2017. Penetration Testing and Ethical Hacking Linux Distribution. Retrieved on April, 21.

Thompson, M., Evans, N. and Kisekka, V., 2014, August. Multiple OS rotational environment an implemented moving target defense. In Resilient Control Systems (ISRCS), 2014 7th International Symposium on (pp. 1-6). IEEE. 

Mudge, R., 2011. Live-fire security testing with armitage and metasploit. Linux Journal, 2011(205), p.1.

Dieterle, D.W., 2016. Basic Security Testing with Kali Linux. CreateSpace Independent Publishing Platform. 

Dolgikh, A., Birnbaum, Z., Chen, Y. and Skormin, V., 2013, June. Behavioral modeling for suspicious process detection in cloud computing environments. In Mobile Data Management (MDM), 2013 IEEE 14th International Conference on (Vol. 2, pp. 177-181). IEEE. 

Steiner, C. and Zalewski, J., 2011. CNT 4104 Fall 2011–Networks Florida Gulf Coast University Fort Myers, Florida 11-20-11. 

Chiem, T.P., 2014. A study of penetration testing tools and approaches (Doctoral dissertation, Auckland University of Technology).

Roopkumar, K. and Kumar, B., 2014. Ethical Hacking Using Penetration Testing.