Sara Almazan

During this long weekend, I decided to perform a penetration test on my personal lab network that I’ve been building at home. For those who may wonder – “But Sara, why would you want to hack your own network?” This is the reason why - I am a student in cybersecurity at the University of Montreal and am extremely passionate about Cybersecurity. Also, I had a deep desire to experiment and finally do my very own penetration test to find out how vulnerable my network is and how can I protect it against any potential threats.




 

To perform this test, I set up a home lab wireless network completely isolated from the internet. My home lab network comprised of:

VMware workstation 15.5

1 VM running Windows server 2003 (running Active Directory)

2 VMs running Windows XP professional (connected to the lab domain)

2 VMs running Windows 10

2 VMs running Unix (one of which was Kali Linux)

A cisco router

A VoIP phone

A Wi-Fi extender

Couple of smart plugs (IoT),

2 amazon Alexas (IoT),

1 Amazon fire tv (IoT)

1 desktop with windows 10 (running VMware and all VMs installed)

Note: I was able to avail all the legacy Operating systems from archive.org

To perform the test, I made use of the following security assessment tools:

NMAP Network Scanner (Free tool available from NMAP website)

Nessus Vulnerability Scanner (Nessus essentials evaluation version)

Nexpose Vulnerability scanner (30-day Trial version)

Kali Linux Operating system (Free Debian based penetration testing OS)

Metasploit framework (Part of Kali Linux as a free version)

Windows utility tools (such as nslookup, ping, traceroute etc.) 

Step 1: To begin the test, I performed a network scan on my home lab network using NMAP (a network discovery tool). This helped me identify the active hosts and open ports on them. The NMAP scan also provided me with a report on the OS running on the hosts (for e.g. Debian or Amazon OS) which helped me classify the hosts. 

Step 2: I used the hosts found in step 1 to feed to the Nessus Vulnerability scanner to examine vulnerabilities on the hosts and their threat level. Once the scan was complete, I got a report on the vulnerabilities present on each of the hosts.

Step 3. I examined the vulnerabilities and classified them based on severity based on CVSS score (ranking them from high to low) to identify the most severe vulnerabilities. 

Step 4. Right after my assessment was complete, I jumped to Kali Linux and started Metasploit) to begin with the exploitation of the vulnerabilities.

Note: Metasploit is a pen-testing framework used to exploit vulnerabilities.

Step 5. Since I have limited experience with Metasploit, I used a basic search for the vulnerability keyword and was able to find an exploit available.

Step 6. Using this exploit was fairly simple where all I had to do was to put in the required parameters.

Step 7. Once the parameters were put in place, I tried to exploit the vulnerability and boom it was a Success!!!

Step 8. Finally, I formulated all the process and findings in a formal Security assessment report.

Ref. Link. Company X Security Assessment Report

While I was not able to exploit all the vulnerabilities I found, I still understood the basic concept and idea of vulnerability assessment and penetration testing.

Though, I was able to exploit only one vulnerability (MS08-067) through Metasploit, I was quite excited, since it was my first time using this framework and its different commands to execute the exploit. After months of learning, I finally learnt how easy it is to use this platform.

I came to conclude that, that Vulnerability assessment and penetration testing are inter-dependent processes which when performed in a step by step manner can be easily done to accomplish the objectives. 

While performing this test, I learnt about popular vulnerabilities in legacy operating systems and about the importance of keeping an operating system up to date and how this helps to keep it safe, protected and supported by the vendor.  From the experience, I learnt that the most severe vulnerabilities were associated to out-of-date OS or patches. Thus, it is extremely important to regularly patch the systems in order to keep the network secure.