WIXLIB

International Journal of Innovation in Computational Science and EngineeringVolume-2 Issue-1, pp:09-22penetration testing, a frame can be built depending on theflaw which can offer more protection for websites like this.The developed methodology can be used to assessinsecurity in many organizations, companies, andorganizations.Another paper [7] would focus on exploring andreviewing the VAPT process life cycle and VAPTvulnerability detection tools in the framework. Theyemphasize its value at different organizational levels toupdate security mechanisms to protect against variouscyber-attacks. In today's world, organizations andinstitutions, their networks, and data are risingvulnerabilities are in a complicated position. It is alwayseasier to detect and recognize those vulnerabilities until anintruder uses them. Thus, vulnerability evaluation andpenetration evaluation techniques help decide whether thesecurity device configurations function correctly or correctthe protection deficiencies.A student-centred experiment was done as part of theEthical Hacking training in this article [8]. The hands-ontraining and comprehensive understanding of ethicalhacking have become essential for computer securitystudents. However, fewer studies show extensive realisticknowledge on ethical hacking and penetration testing in theenclosed lab due to restricted budgets and the availability ofcertain facilities. In this article, the author addressedVIBRANT as a virtual cloud-based laboratory frameworkfor Ethical Hacking. It is used to enhance cryptographyeducation and to teach students in universities. The softwareis only used by students from LJMU and not available toother people.The following paper [9] addresses topics relating toethical hacking and information systems security. Whendiscussing information network security, confidentiality,integrity, and availability, we are talking about the corethree characteristics of a system. There are severalapproaches for identifying existing threats to protect andenhanced security measures. One is Kali Linux, with itsrobust integrated capabilities that are particularly suitablefor carrying out such forms of attacks. In this paper, theauthor presents a series of choices for using client andserver-side resources in Kali OS. They spoke mainly aboutthe advantages of Kali, which provides a range of hackingmethods and a free framework for device vulnerabilities.We have reviewed many research papers in whichresearchers discussed different hacking techniques.However, there is a shortage of good hacking papers whichdescribe the detailed process of Metasploit attacksincluding server-side and client-side example together forfresh Ethical Hacking users. In this study, we have used Kalito perform Metasploit-related experiments on apreconfigured network and systems as part of EthicalHacking to exploit their vulnerabilities. The Metasploitprovides the infrastructure and tools for the user to performIJICSE@2021ISSN: 2708-3128May-2021a penetration test and security auditing. We have exploitedvulnerabilities of a preconfigured network, operatingsystem, and application to generate new exploitsvulnerabilities and access them without permission. Wehave used the Metasploit framework for informationgathering, vulnerabilities scanning, exploit development,client-side attack etc. In the end, we have suggested someproposals for end-users to defend their networks and to takeadequate steps to prevent these attacks.3. Ethical HackingAs businesses and individuals use many online servicesand depend on the Internet, hackers find more avenues andopenings to access sensitive data through web apps andonline networks. The need to safeguard web apps andnetworks against the growth of hackers and the demand forconsumers to stop such criminal attacks is then increasingon the users' systems. Ethical hackers have therefore beenable to solve these fundamental issues. Ethical hackinginvolves the identification and correction of device flawsand vulnerabilities. This can also be defined as a hackingmechanism without harming or destructive aim to anetwork. Ethical hacking may also be described as a safetyevaluation, training, or environment protection review forinformation technology. This method demonstrates the risksfaced by an IT environment and the steps to minimize thoserisks. Furthermore, these techniques are also known asPenetration Hacking, Red Teaming, or Intrusion Testing [1,10, 11].Ethical Hacker is those who work on a securityframework and checks for the bugs a malicious hackermight use to exploit the networks. They use their experienceand skills to render the cyber environment alike for ownersand consumers. Ethical hacking is essential to secure theinfrastructure from harm caused by hackers. The primarypurpose behind the ethical hacking service is to assess andreport to the owner on the safety of the targeted systems andnetworks.Ethical hacking is performed along with penetration testtechniques to evaluate the security loopholes. There aremany techniques used to hack information, such itation, and Test Analysis.Ethical hacking involves automatic methods. Thehacking process without automated software is inefficientand time-consuming. There are several tools and ways thatcan be used for ethical hacking and penetration testing.NMAP is a standard automated tool for port scanning andservice usability applications in hacking environments.Nessus is another home consumer hacking app.Metasploit consists of a directory containing a list ofvulnerabilities accessible, which is simple to use with one ofthe best penetration test tools. The Metasploit Framework is11

International Journal of Innovation in Computational Science and EngineeringVolume-2 Issue-1, pp:09-22ISSN: 2708-3128May-2021open-source software that, based on its commercialproducts, is built. It provides the infrastructure and tools forthe user to perform a penetration test and security auditing.Metasploit framework eases the effort to exploitvulnerabilities in networks, operating systems andapplications and generate new exploits for new or unknownvulnerabilities. Metasploit offers many features such asinformation gathering, vulnerabilities scanning, exploitdevelopment, client-side attack etc., [12, 13].4. Penetrate TestingThe penetration test is one of the standard means ofassessing protection status and increasing safety threats. It isalso known as Pentest. Pentest is a controlled effort topenetrate a system or network to identify vulnerabilities. Itis an approved simulated cyber assault conducted on anetwork to evaluate device security. Pentest employs tacticsidentical to hackers when attacking usually. Thismechanism requires adequate steps to be taken beforeunauthorized individuals can explore vulnerabilities. Thesechecks are carried out to examine several of the bugs,including the possibility for unauthorized parties to haveaccess to the software and the application's data.The penetration test is used to identify exploitation andweakness in the enterprise's network and allow developersto build safe and effective systems. Business and individualsmust secure their systems and information from external orinternal attackers and constantly monitor the securityloopholes. The test results are regarded as private andconfidential because it reveals both system problems andhow they can be utilized. Pentest can be accomplished byattacking the system close to external threats and figuringout what can be achieved. By using an attack chain series toreach the targeted system [13, 14].5. Ethical Hacking and Penetrate Testing ModelAn ethical hacker is a white hat hacker who exploits for alegitimate cause, for example, to protect organizationalnetworks. They have legal rights to enter and exploitorganization networks to find our vulnerabilities. They usedvarious tools to scan open ports, find websites loophole andbugs through a proper mechanism to attack the system. Toperform an Ethical Hacking, they need five steps [12, 13]: Reconnaissance Scanning and Enumeration Gaining Access Maintaining Access Clearing TracksIJICSE@2021Figure 1: Ethical Hacking & Penetrate Testing Procedure5.1. ReconnaissanceReconnaissance is an essential method used forpenetrating testing and the origin of several privacyinfringements. The method includes the gathering of atargeted system to find bugs and weaknesses. In the firststep, the hacker obtains detailed information about securitymeasures on the targeted network. This phase is known asFootprint or information gathering. Footprinting iscompleted with the following objectives [11, 13]: Get full system knowledge to reduce the attack area. To understand the detail of the security structure Draw information database of attack. Develop or create Network Map.Reconnaissance is a collection of strategies andprocedures used to identify targeted device security flawswithout user knowledge and use these flaws to enter thesystem. This information includes three parameters, such asNetwork, Host, and involved people details. The attackeracts as a detective and collects as much as possible details ofthe targeted system to understand it. This process involvesexamining email lists, identifying open-source and accesspoints, operating system fingerprinting, revealing runningservices on ports, and mapping related information. Theirpurpose is to understand the system better than internalpeople. They analyze vulnerabilities and utilize every flawto get benefited.Reconnaissance can be divided into two phases, asActive and Passive [12]. Passive: In this process, hackers tried to gather thetargeted system information without directlyinvolving or communicating with the system. Theyused public sources such as search engines, OSINT,Shodan, Whois Lookup, social media, SocialEngineering, and related tools. Network sniffing alsocomes under the passive phase in which a hackergains IP addresses, naming conventions, servers,networks, and services information of the targetedsystem. It is a natural process that can reveal a12

International Journal of Innovation in Computational Science and EngineeringVolume-2 Issue-1, pp:09-22massive amount of critical information on a targetedsystem. Active: In this process, hackers are directly involvedwith the targeted system to gain related information.However, this is a risky task and could be detectedby network security devices. It needs professionalexpert knowledge and experience. If securitybarriers detect the hacker, the network administratorcould attack back to identify and trap them again.Several applications can be used for this purpose,such as NMAP, Tracert, Ping, ZemMAP, NSlookup,etc.5.2. Gaining AccessIn the 3rd phase, once an attacker completed thereconnaissance phase and collected all vulnerabilitiesinformation, he will enter a targeted system using varioustechniques by cracking the security password or bypassingsecurity barriers. In this phase, he will be getting access tothe targeted system; in the next step, he needs to increase hisprivilege at the administrator level to control the applicationand services for data manipulation. Hacker could useseveral methods for password cracking [12, 15]: Bruteforce: Hacker uses the primary method of tryingall possible combinations until they are successfullycracking the passwords. Dictionary Attack: In this method, the hacker triesdictionary words combination to crack thepasswords. Rule base Attack: In this method, they used necessaryknown information to retrieve the detailedinformation and break security barriers. Rainbow Table: In this method, the hacker used a hashvalue of the password and compared it with the list ofpre-computed hash values to crack the password.This is a better method instead of using theBruteforce or Dictionary attacks. Passive Online Attack: In this method, the hacker doesnot change the state of the targeted system; instead,they tried to monitor or capture the data processingto get the transmitted data. Wire Sniffing, Man in theMiddle, Reply Attack are examples. Active Online Attack: This is the most natural way toaccess unauthorized administrator access into atargeted system using password guessing, Trojan,spyware, keyloggers, hash injection, or phishingmethods.ISSN: 2708-3128May-2021steal private information, manipulate resources/data, ordestroy the system. His main goal is to keep himself on alow profile to keep control and hide from the administratoruntil finishing his job. If an attacker has achieved this point,the organizational assets and prestige may become verydangerous. Hacker used Rootkits to gain access at the OSlevel and Trojan Horse to gain access at the applicationlevel. Furthermore, they used Trojan Horses to retrieve andtransfer the user's personal information such as usernames,passwords, credit cards, and other related data [13].5.4. Maintaining AccessAfter gaining the required information or exploiting thesystem, the attacker's main job is to clear his footprint anddelete all information related to his identity. To completethis job, he will destroy evidence of his presence on thetargeted system or network. This process is known asclearing tracks. In this step, an attacker will perform thefollowing things [53]: Disable Auditing: Removing audit information is asmart move because no traces can be discoveredwhile monitoring is switched off. On WindowsSystem, hackers may use the “Auditpol” commandto remove the auditing and to verify the loggingstandard established by the system administrator. Clearing Logs: Logs maintain the trace of proof of theintrusion. Clearing logs is the excellent move for ahacker to remove his presence. On the WindowsSystem, they can run Clearlog.exe to perform thistask. However, they need to run the Shred tool toachieve the same job on the Linux system. Modifying Logs: In some cases, it easy to alter the logsusing a text editor to delete the history. Erasing Command History: On a Linux system, thebash application keeps a record of all runningcommands. Therefore, it is essential to remove thecommand history. It can be done using the e-ToolsPurposeWiresharkWork on WindowsOS and Linux OSNetwork TrafficAnalyserWork on WindowsOS and Linux OSGive basicinformation ofwebsiteTo find out websiteidentityAnalysis ofPassive ToolsGoogle5.3. Maintaining AccessIn the following step, the attacker needs to maintain thevictim system's access or control to perform illegalactivities. Once he gained access, he can exploit the system,IJICSE@2021FindSubDomains.comVirusTotal13

International Journal of Innovation in Computational Science and EngineeringVolume-2 Issue-1, pp:09-22ShodanOSINTReconnaissance-NMAPActive gGaining AccessJohn The RipperAircrackFluxionCain & AbelMetasploitPenetrationTesting 21potentiallymalicious filesBehaviouralAnalyserIoT base SearchEngineAssist to finddevices IP addressesMonitor relevantinformationcontained on thesocial mediaNetwork ScannerFind system servicesand applicationrelated rWeb ServerVulnerabilityScannerExploitation ToolkitUse to obtaininformationregarding DNSUsed for the networkdiagnosticsTo find out localcomputer IP addressand connectivityRun on Windowsand Linux OSPassword CrackingToolWireless PasswordCracking ToolsSocial EngineeringToolUsed to get WiFipassword usingKeystrokesRun on WindowsOSTool to CrackPasswordsCyber SecurityFrameworkUsed for PenetrateTestingRun on WindowsOSTrojan Horse used tocreate backdoorsRun on WindowsOSForensic tool use todelete the log filesISSN: 2708-3128May-2021and registry files.Run on Linux. Useto clear Bashcommand and logsTable 1: Ethical Hacking Tool and Apps [12, 16]Clearing TracksShred6. MethodologyWe have created a dummy environment to attack ethicalhackers who exploit the system to get confidentialinformation from any company. We planned to perform theattack on a dummy company to steal confidentialinformation. To obtain that information, we have usedserver and client-side exploitation. First, we gather thecompany network infrastructure and internal information.All staff computers are running Windows 7 OperatingSystem with Microsoft Security Essential Antivirus. Theirnetwork security contains a hardware firewall to filter outunauthorized packets from entering their network.Furthermore, most of the staff phones have AndroidOperating systems. Inside the company, the staff uses“Skype for Business” to communicate among each andvideo conferencing between different branches. We plannedto use Metasploit to create a payload to access the companylaptops and mobile phones. A client-side exploit is used asdirect access into the targeted company infrastructure byusing a phishing email to send the exploit to the appropriatestaff working in the company during the server-side exploit.If the company staff does not fall for the phishing emailexploit, we planned a backup plan of using the server-sideexploit. For this purpose, we must enter the companynetwork to launch the exploit. Therefore, this plan requiredmore careful planning, how to access the company networkfrom the inside. On the contrary, the server-side exploit willbe able to access into company computer without the userexecuting the file to run the exploit because this method willnot leave any evidence of the user opening an infected file.To assist in gaining confidential information of thecompany, we used to exploit to access company’s staffmobile devices to extract information that might be useful.6.1. MetasploitThe Metasploit Framework is open-source software that,based on its commercial products, are built. It provides theinfrastructure and tools for the user to perform a penetrationtest and security auditing. Metasploit framework eases theeffort to exploit vulnerabilities in networks, operatingsystems and applications and generate new exploits for newor unknown vulnerabilities. Metasploit offers many featuressuch as information gathering, vulnerabilities scanning,exploit development, client-side attack etc., [17].6.2. Basic Concept of MetasploitWorkspace: A workspace is a container that contains14

International Journal of Innovation in Computational Science and EngineeringVolume-2 Issue-1, pp:09-22data, reports, targets, and tasks that the user needed for thepenetration test. All penetration action must be done insidea workspace in the Metasploit framework.Module: Most actions perform in Metasploit require theuse of a module. Module is a piece of code that extends thefunctionality of Metasploit framework.Discovery scan: It is a scanning perform by Metasploit toenumerate and fingerprint targets.Exploit: An exploit is a program that advantages aspecific vulnerability and delivers a payload to the targetand provides attacker access to the targeted system.Meterpreter: Meterpreter is a multi-function payload thatprovides an interactive shell. It runs on memory, so it doesnot detect intrusion detection systems.Payload: A payload is a shellcode that executes ontarget’s system after an exploit successfully compromisesthe system. Bind shell payload or reverse shell payload isthe two options that define how you want to connect to theshell.Vulnerability: It is a security flaw or weakness that allowsthe attacker to compromise a target.Listener: A listener waits for an incoming connectionmessage from the other end of the connection and managesthe connection when the message is received [18, 19].6.3. Functionality of MetasploitReconnaissance is the process of gathering

Kali Linux Operating System (OS) tool to complete these ethical hacking and penetration testing. In the end, we have proposed mitigation measures and security enhancement to resist hacking attacks. 1. Introduction Cybercrimes on the Internet users are increasing exponentially. The recent attacks using network flaws and