Fundamentals of Penetration Testing Methodology Guide

Penetration Testing Methodology

DIY Project – Part 1 Using Metasploitable 2

Course: Information Security | Amity University Online

Aryansingh2887@gmail.com

Student Details

Name: Aryan Kumar Singh College: Amity University Online Semester: 4 Email: aryansingh2887@gmail.com

Project Details

Course: Information Security Project: TCS iON Career Edge

Introduction

Penetration testing is the process of identifying security weaknesses in systems and networks by simulating real-world attack scenarios.<br><br>This project focuses on reconnaissance, information gathering, and vulnerability scanning performed in a controlled virtual lab environment.

Objectives

To understand standard penetration testing methodology.

To perform comprehensive footprinting on a target system.

To identify open ports and running services.

To detect potential vulnerabilities using scanning tools.

Virtual Lab Setup

The simulation was conducted in a safe, isolated network.<br><br><b>Host OS:</b> Windows<br><b>Attacker Machine:</b> Kali Linux<br><b>Target Machine:</b> Metasploitable 2<br><b>Network Type:</b> Host-Only Network (Isolated)

Footprinting: Whois Lookup

$ whois target-domain

<b>Details Gathered:</b><br>&bull; Domain registration details<br>&bull; Registrar information<br>&bull; Creation and expiry dates<br>&bull; Administrative contact details

DNS Footprinting

Tools: <code>nslookup</code>, <code>dig</code><br><br><b>Output Observed:</b><br>&bull; Name server records<br>&bull; Mail exchange (MX) records<br>&bull; IP address resolution

Network Footprinting & Enumeration

<b>Tool:</b> Nmap<br><b>Command:</b> <code>nmap target-ip</code><br><br><b>Findings:</b><br>&bull; Live host detected<br>&bull; Open ports identified<br>&bull; Service names and versions displayed

Social Engineering Footprinting

<b>Method:</b> Passive Information Gathering (OSINT)

<b>Sources:</b> Public websites, Social media (LinkedIn), Job postings

<b>Identified Data:</b> Technologies in use, key employee roles, OS versions, running software.

Port Scanning Results

<div style='display:grid; grid-template-columns: 1fr 1fr; gap:20px;'> <div>TCP 21: FTP</div> <div>TCP 22: SSH</div> <div>TCP 23: Telnet</div> <div>TCP 80: HTTP</div> <div>TCP 139: NetBIOS</div> <div>TCP 445: SMB</div> <div>TCP 3306: MySQL</div> <div>TCP 5900: VNC</div> </div>

Service Identification

<b>FTP (21):</b> File Transfer Protocol service running, potentially unencrypted.

<b>SSH (22):</b> Remote secure shell enabled.

<b>Telnet (23):</b> Insecure remote administration protocol detected.

<b>MySQL (3306):</b> Database service active and listening.

Database Enumeration

Specific scans were targeted at database services.<br><br><b>Findings:</b><br>• MySQL service detected on default port 3306.<br>• Database is accessible from the network, increasing the risk of unauthorized data access or SQL injection attacks.

SNMP & Patch Enumeration

SNMP (Simple Network Management Protocol) service was detected.

System information, including OS details and process lists, was accessible without strong authentication.

Enumeration revealed multiple missing security patches, indicating an outdated operating environment.

Vulnerability Scanning Tools

Multiple tools were deployed to cross-verify security gaps:<br><br><b>1. SMB Login Check:</b> Testing for weak file sharing credentials.<br><b>2. VNC Authentication:</b> Checking remote desktop security.<br><b>3. WMAP:</b> Web application vulnerability scanning.<br><b>4. Nessus:</b> Comprehensive automated system audit.

Nessus Scan Results

The automated scan highlighted significant risks:<br><br><b>Key Issues:</b> default configurations, outdated services, and weak authentication.<br><br>• Critical: 2<br>• High: 5<br>• Medium: 7

Conclusion

Phase 1 of the testing methodology is complete.<br><br>• Multiple services were found exposed on the target.<br>• Open ports significantly increased the attack surface.<br>• Vulnerability scanning confirmed critical security weaknesses.<br><br><b>Next Steps:</b> Exploitation and remediation planning.