Penetration testing of a web-based virtualised infrastructure

Here are some basic scans that are often used during the information gathering stage in the penetration test of web-based infrastructure. Some of the tools than can be used for scanning an infrastructure include NMAP, Nikto2 and Dirbuster.

• NMAP: Is a network mapping tool that is used to discover hosts and services on a computer network, thus building a "map" of the network. For the purpose of these tests the "Port Scan" option is often the main option used.
• Nikto2 Web Scanner: Is a web server scanner that tests web servers for dangerous files/CGIs, outdated server software and other problems.
• DirBuster: Is a multi threaded java application designed to brute force directories and files names on web/application servers.

1. NMAP Port Scan: The purpose of this scan was to analyse the ports of the systems and see if there were any unnecessary ports that were open. The results shown below is the complete opposite of what you want your infrastructure to look like. This is a test system and currently has way too many vulnerable ports opened. For example port 1034 (zincite-a) is a well know backdoor into the system which could allow for unauthorised remote server connections. 

2. Nikto2 Web Scanner: The purpose of this scan is to build a picture of potential vulnerabilities against the web server. As you can see in the image below Nikto shows you a general overall view of the settings of the web server. An example of something that could be a potential risk on this test system is “The anti-clickjacking X-Frame-Options header is not present” This option should be implemented into the web server as it provides a layer of security to stopping click-jacking attacks on the site. 

3. DirBuster: The purpose of this scan is to analyse all the directories and file names on the web-server. Often there are pages and applications hidden within default files and directories, DirBuster attempts to find these. Here's just an example of the many directories and files in which hidden material could be found in.

Many more tools out there

This is just a handful of some of the many tools that can be used for the analysis and information gathering of a web-based infrastructure. Some other examples of potentials tools which could be used are INURLBR and Armitage. Once I've finished playing around with these a bit more I'll be posting another article up. Hope you enjoyed reading a little bit about Security and Penetration testing please look out for more articles.