2022 10th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO)

Amity University, Noida, India. Oct 13-14, 2022

Penetration Testing on Virtual Machines

2022 10th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO) | 978-1-6654-7433-7/22/$31.00 ©2022 IEEE | DOI: 10.1109/ICRITO56286.2022.9964926

1
Sarthak Baluni, 2Shivansu Dutt, 3Pranjal Dabral, 4Srabanti Maji, 5Anil Kumar, 6Alka Chaudhary
1,2,3,4,5
DIT University, Dehradun, Uttarakhand, India
6
Amity University, Noida, Uttar Pradesh, India
1
1000011210@dit.edu.in, 21000010958@dit.edu.in, 31000010834@dit.edu.in, 4srabanti.maji@dituniversity.edu.in,
5
dahiyaanil@yahoo.com, 6alka.chaudhary0207@gmail.com

Abstract—Pen-testing or penetration testing is an exercise mechanized apparatuses or maybe even a combination of

embraced to differentiate and take advantage of all the possible both. An outline of penetration testing is shown in our
weaknesses in a system or network. It certifies the manuscript [1].
reasonability or deficiency of the security endeavours which
have been executed. Our manuscript shows an outline of pen II. LITERATURE REVIEW
testing. We examine all systems, the advantages, and respective
Objective of the pen- testing or the vulnerability
procedure of pen testing. The technique of pen testing
incorporates following stages: Planning of the tests, endlessly
assessment is to find out all the different security weaknesses
tests investigation. The testing stage includes the following in a system under controlled conditions so they can be fixed
steps: Weakness investigation, data gathering and weakness before hackers, unapproved clients or people who want to
exploitation. This manuscript furthermore shows the cause damage to exploit them. The pen-testing experts use
application of this procedure to direct pen testing on the model penetration testing to resolve issues inborn in vulnerability
of the web applications. assessment, finding out all the high-seriousness weaknesses.
Pen- testing is an esteemed method of confirmation
Keywords—Security testing, vulnerability assessment, instrument that benefits both activities and business [2].
penetration testing, web application penetration testing.
A. Benefits of Penetration Testing according to Business
I. INTRODUCTION Perspective
In the current scenario the major concerns of data According to the viewpoint of business, penetration
frameworks are security. The increasing accessibility of testing helps protect the association against disappointment
computers via the web, the widely increasing set of by forestalling monetary misfortune; demonstrating a
frameworks, and the evolution of the measurements and reasonable level of effort and clients and investors;
intricacy of frameworks have made concerns about security a protecting the picture of corporate; legalize data protecting
more significant problem in present time than previously. data. Many organizations burn through large amount of
However at this point of age it is a basic of business to money to safeguard from a security breach due to warning
securely safeguard data resources of an association by costs, remediation endeavors, diminished efficiency, and lost
following a thorough, and in an organized manner to deal income. The CSI concentrate on gauges recuperation
with the given security dangers an association could endeavors alone to be $167,713per episode. Pen-testing can
confront.[1] recognize and point out the gambles before security breaks
happen, consequently forestalling monetary misfortune
While attempting to address the security issue and agree brought about by security breaks.
to the told security rules, security experts have formulated
different security affirmation methodologies including check Loss of purchaser trust also, business reputation can
of layered plan, PC programming conditions and penetration seriously endanger the whole association. Pen- testing
testing and rightness. Penetration testing is a long and tiring increases the attention to the security’s significance at all the
strategy to test the total coordinated and function in levels of the association. Pen- testing assesses the viability of
registering the base that comprises of the programming, current secure measures items & given the aiding
equipment, and individuals. The interaction comprises of a conclusions that may help in upcoming speculation and
operational examination of the framework for any possible overhaul of the advances of safety.
loopholes which include bad or improper framework setup, B. Benefits of Penetration Testing according to
programming defects, machinery defects as well as the Operational Perspective
functional shortcomings in the encounters or special
countermeasures According to functional point of view, pen testing
mould’s security of data methodology by speedy and precise
Penetration testing is nothing related to a security identification of vulnerabilities; disposing the recognized
utilitarian testing. A security utilitarian test depicts the chances; execution of remedial measures; and improvement
correct performance of the circumstance's security controls regarding data. Pen testing provides actual information about
whereas pen- testing shows how much difficulty will it be for real, exploits threats also being indulged in the organization’s
someone in infiltrating an corporation's security controls precept and cycles. It’s aiding the organization by distinguish
against unauthorized permission to its data and datasets. It is quickly and accurately about the vulnerability. Providing
completed by mimicking an unauthorized hacker attacking data helps to think clearly about the vulnerability, pen testing
the framework making use of either manual technique or

978-1-6654-7433-7/22/$31.00 ©2022 IEEE 1

Authorized licensed use limited to: Ministry of Higher Education (HQ). Downloaded on December 22,2023 at 13:02:25 UTC from IEEE Xplore. Restrictions apply.
aids the organization to calibrate and examine design x Routers being tested
alteration to fixes to proactively dispense with recognized
risk Penetration testing can likewise assist an association x Bypassing of firewall
with measuring the effects and probability of the weaknesses x Foot printing of Domain name system
successfully and productively. This will permit the
association to focus on and execute restorative measures for x IPs being evaded
revealed known weaknesses. The most common way of pen
x Test of open ports along with scanning
test includes time, exertion, and information about bargain
along the intricacies of space being tested. Pen testing thusly x Secure shell attacks
upgrades information furthermore, expertise standard
anybody engaged in interaction. x Testing involving PS (proxy-server)

III. DIFFERENT APPROACHES TO PENETRATION TESTING B. Web Application Pen-testing

[3] A proper check-up of the whole app involving
exclusively fabricated functions and rationale business, to
A. White-box safety from information breaks & different assaults.
Total control and complete information are compulsory
A portion of the normal weaknesses include:
for the individual testing. To gather maximum amount of
information a deep research and testing of the system is 1. Network traffic being wirelessly encrypted.
recommended. The pros of this method are that due to
complete access and knowledge identification of remote 2. Hotspots being open and unsecured access points.
vulnerabilities is easier also providing us with a blueprint of
the security. 3. Media access control address being spoofed.
B. Black-box 4. Login information being weak and easy to guess.
In this method no prior knowledge is necessary about the
design or the system resulting in a realistic environment for 5. Database of the web site and server being
attacker. High skillset and good tech knowledge are compromised
recommended as this mimic a real-world scenario. This
method is quite time consuming also being expensive at the C. Social Engineering
same time. In socially engineered technique, human brain research
goes below the scanning system. Analysers influence plus
C. Gray-box take advantage of human instinct for breaking inside of a
This method is a blend of black as well as white box test. framework into friendly designing pen test process. Using
Individual performing the test have finite details regarding control, that analyser would persuade that person for
the framework. Individual only have a limited uncovering touchy data that would help to utilize for
information/knowledge, the pros of using this unique method infiltrating of framework plus planning furthermore assaults
is to help focus on the specific area of attack hence resulting
in less time consumption and being more efficient. Few familiar methodologies for attacking can be:
1. Attacks by phishers
IV. TYPES OF PEN-TESTING [3]
2. Masking to portray like co-workers, contract person,
A. Network Pen-Testing even sellers
Pen testing allow us to identify vulnerabilities in the
network framework, vulnerabilities can be present on system 3. Shadowing
or on the cloud climate Penetration Testing and AWS 4. Dive in the data dump for information
Penetration Testing. It’s a fundamental testing, also
important step to safeguard our information and the data of 5. Spying
our apps. This testing involves, regions like setups, 6. Get data out of unwired gadget by connecting via
encrypting, also obsolete updates regarding security. Pen Bluetooth
testing classify as per (1) (External) Pen testing it produces
an assault via an outcast along admittance to web, negative V. METHODOLOGY OF PENETRATION TESTING
earlier information on the framework. The analyzer will The existence of numerous levels inside pen test
endeavor to break into your framework by taking advantage process:[4]
of weaknesses from outside and access inward information
and frameworks. Stage 1: Analysing before Arrangement
(Internal) Pen testing it’s additionally worried about the Prior to arranging testing, it is basic work to alongside
testing of our app through the inside generally centered our security supplier talk about points like the extent of the
towards inward climate. Main suspicion, for such situation, is test, financial plan, goals, and so forth. Lacking them, it
attacker being ready for attacking the external area while would not become clarity sufficient course regarding that
being inside the network. Outer dangers are less secure than testing plus would bring about tons of squandered exertion
inside ones as accessing the inner area resulting due to
Stage 2: Gather Information
breach in outer secure network.
Prior to beginning of penetration testing, that analyzer
The following are a portion done via pen testing:
would endeavor for seeing every openly accessible data

2
Authorized licensed use limited to: Ministry of Higher Education (HQ). Downloaded on December 22,2023 at 13:02:25 UTC from IEEE Xplore. Restrictions apply.
regarding that framework plus whatever will come handy to 1) Scope of working inclusive of:
break inside. This will help with making the strategy and 1. Assessing the vulnerabilities as well as pen-test
uncover possible targets.
2. Collaborative dashboards to report and manage
Stage 3: Assessing the Vulnerabilities vulnerabilities
Inside the phase, our app would be examined to find 3. Consultations for best and safe practices
security flaws using examination of our security foundation
as well as design. That analyzer looks to find some open gap 2) We have various test methods based on what we
if not then security holes which could give advantage require:
regarding breaking inside that framework 1. Regarding web pages
Stage 4: Exploitation 2. For web apps
When that analyzer has outfitted regarding all 3. After completion of pen test, we set up definite
information on weaknesses existing inside that framework, vulnerabilities record to give an elevated perspective
that person would begin taking advantage of those. That of safety status. With their definite reports and
would come handy for recognizing that idea regarding those weakness, the management stage. The record
security loopholes and that process expected for taking contains the below pointers
advantage of those. 4. Details of the vulnerability
Stage 5: After Exploit Step 5. Videos, screenshots and POC of the found
The fundamental goal for penetration testing is to mimic vulnerabilities
a certifiable assault where assailants will be causing genuine 6. Well fitted steps to fixing security bugs and better
harm after taking advantage of those security defects inside execution.
that framework. Accordingly, once that analyser gains access
into that framework, they would utilize every suitable way 3) Virtualization software and machines
for raising their honours. 1. *Oracle Virtual Box (virtualization software)
Stage 6: Maintaining access 2. *Kali Linux Wallaby’s nightmare (machine)
When assailants gain admittance into that framework, B. Info-Gathering Step
they attempt for keeping a way open for additional abuse In this step, we gather as much data as we can about the
using indirect accesses as well as rootkits. The equivalent is web application as one could reasonably be expected and get
finished by analysers as well. They introduce malware as all the understanding of its reasoning. The assembled data
well as different projects for keeping the framework tainted will be utilized to make a base of information to follow up on
as well as checking whether those programs are identified as in later advances. We ought to assemble all the data we find
well as eliminated by that app. regardless of whether it appears to be useless and
Stage 7: Reporting insignificant since no one at the start knows which pieces of
data are required [5].
Every work done during the pen-test has to be recorded
in a definite format along with procedures as well as plans TABLE I. WEB APPLICATION PEN- TESTING TOOLS
for fixing the blemishes regarding the security.
A. Access-gaining Methodology [4]
We utilize a blend of assessing the vulnerabilities as well
as pen test for checking and observing every security defects
inside the app. We not just implement test which are
standardized yet additionally well-fitted test considering the
app, for getting as better result as possible.

Test preparation phase

Information gathering

Vulnerabilities analysis

Vulnerabilities Exploits

Test analysis phase

Fig. 1. Penetration Testing Methodology[4]

3
Authorized licensed use limited to: Ministry of Higher Education (HQ). Downloaded on December 22,2023 at 13:02:25 UTC from IEEE Xplore. Restrictions apply.
 1) Nmap Scanning
At its center, Nmap is a network filtering tool which
make use of internet protocol packets for recognizing each of
the devices linked with a network and to provide data on the
services and operating systems. Execution is shown in Fig. 2.

Fig. 4. Running Dir buster to find hidden web pages in the web server.

C. Steps to analyse weakness(vulnerability)

Using information gathered in the previous steps to test
Fig. 2. Running Nmap to check connection between our machine and
and help identify weakness(vulnerabilities) that are present
server
Direct test can be done for management of configuration,
2) Metasploit Project logic of business, to authenticate, management of session,
validation, Dos and WS (web-services). Moving forward
The Metasploit Framework is a security project for
weakness on WS (webserver), validation system weakness
computers that gives data about the security issues or
and vulnerabilities related to user input can analysed.
vulnerabilities and helps in the penetration testing and the
development of IDS signature as shown in figure 3. It is 1) LFI (Local -File Inclusion)
owned by Boston, Massachusetts which is a security-based In LFI the attacker tricks a app on the web into a file that
organization called Rapid7[6]. is uncovered and running. Its attack can bring out vulnerable
data, and in some cases it pops-out cross-site scripting
.Local-file inclusion is identified a one of the most web-app
vulnerability [8].
2) Dirty cow (dirty copy on write)
A basic imperfection named "Dirty COW" was found in
the Linux piece. A condition of Race is identified in a way
on the Linux part’s dealing with duplicate on writing of
private memory Utilization of this defect by the client can
often result in unauthorized write access, peruse just memory
mappings and hence increment their honors on the
framework. https://dirtycow.ninja/
The vast majority current Linux dispersions are impacted
on the grounds that this defect exists in the portion.
Executives of Linux frameworks are encouraged to fix
quickly, particularly on multi-client systematic before 2018.
D. Vulnerability Exploit Step 9.1LFI (Local File Inclusion)
We injected file name 'pwd' in the URL so that the server
shows us the present working directory, which confirms that
the server can be exploited using LFI as shown in figure 5
Fig. 3. Starting Metasploit to generate payload. and 6 [8].

3) DirBuster
Dir Buster is a multi-strung java tool made by OWASP
that is intended to attack directories via brute-force and
documents on internet and server of apps as shown in figure
4. It is accessible at a Kali Dir buster GitLab (proposed)[7].

4
Authorized licensed use limited to: Ministry of Higher Education (HQ). Downloaded on December 22,2023 at 13:02:25 UTC from IEEE Xplore. Restrictions apply.
 VI. RESULT AND DISCUSSION
A. LFI (Local -File-Inclusion)
Following are the few ways to stop LFI attacks:
Assigning ID’s– One way is to save the paths of the files
in a database which is secure and then provide an ID for
every one of them, using this method the users only get to
see their ID’s without being able to view the path or alter it.
Whitelisting – Using secured and verified whitelist files
Fig. 5. Checking for the possibility of LFI. is highly recommended and everything else is to be
completely ignored.
Use databases – Files should not be included on the web
server because there is a possibility that it can be
compromised; use of the database is highly recommended.
Instructions for the better use of server– Server should
receive, download, and send headers on their own instead of
carrying out file execution in a specified directory.
Fig. 6. LFI vulnerability confirmed.
B. Dirty cow (dirty copy on write)
Dirty cow (dirty copy on write) Install new patches immediately using the references
We used Metasploit framework for script injection below. If your distribution is not listed, you should consult
through web delivery. Once inside the server we took the your vendor or check if temporary mitigation is available for
help of dirty cow exploit to generate a race condition, thus your distribution in the original advisory by EGI Software
gaining access to the system as shown in figure 7 and 8 [9]. Vulnerability Group.
The System Tap content will automatically apply the fix
while the framework is running, without the need of a reboot.
This is finished by capturing the weak framework call, which
permits the framework to keep functioning to its true form
without being compromised.
VII. CONCLUSION
Pen test is a complete technique for identifying all
vulnerable things inside the framework. It gives advantages
like prediction for monetary loss; consistence for industrial
controllers, customers furthermore, people who invest
money; protecting corporate photo; proactive disposal for
identified chances. Those testers can browse among the three
types that are (black box, white box, and grey box) which
depends on the measurement of datasets that are available to
Fig. 7. Initializing dirty cow exploit. individual testing. These individuals could also browse both
inward &outward test that depends on the targets needed to
be acquired. Penetration testing are of three types:
organization, app, as well as social design. This paper
portrays a 3-step approach including testing plan, endlessly
testing investigation stage. The testing step is done in 3 steps:
gather data, examine the vulnerabilities, as well as exploiting
the vulnerabilities. This step should be feasible physically or
by making use of automated apparatuses. The tester must
pursue a proper configuration for initiating those
experimental results. One of the best significant pieces of the
testing investigation stage is that planning of remedy that
incorporates every fundamental remedial method for the
recognized vulnerabilities. The last record needs to contain
sufficient points and matter for permitting those doing
remedy for recreating and following the assault design as
well as separate discoveries
ABBREVIATIONS
x Pen-testing-penetration testing.
x Apps-application.

Fig. 8. Dirty cow exploit successful. x LFI- Local file inclusion

5
Authorized licensed use limited to: Ministry of Higher Education (HQ). Downloaded on December 22,2023 at 13:02:25 UTC from IEEE Xplore. Restrictions apply.
 REFERENCES [5] Nmap – Free Security Scanner for Network Explorer,
http://nmap.org/
[1] Pen-Testing - What, Why & How [A Complete Guide]
https://www.getastra.com/blog/security-audit/penetration-testing/ [6] Metasploit, http://www.metasploit.com/
[7] “Dir buster_ Brute-force directories”,
[2] “An overview of Pen-Testing”
https://www.kali.org/tools/dirbuster/
https://www.researchgate.net/publication/274174058_An_Overview_
of_Penetration_Testing [8] Local-File Inclusion (LFI) — Web Application Pen-Testing
https://medium.com/@Aptive/local-file-inclusion-lfi-web-
[3] What, Why & How? https://www.getastra.com/blog/security-
application-penetration-testing-cc9dc8dd3601
audit/penetration-testing/
[9] Dirty Cow- https://dirtycow.ninja/
[4] “Penetration Testing” overview-
https://www.researchgate.net/publication/274174058_An_Overview_ [10] Shewmaker_J. (2008). “Introduction to Pen-Testing,” (book)
of_Penetration_Testing.

6
Authorized licensed use limited to: Ministry of Higher Education (HQ). Downloaded on December 22,2023 at 13:02:25 UTC from IEEE Xplore. Restrictions apply.