Skip to main content
SpringerLink
Log in

Penetration Testing of Web Server Using Metasploit Framework and DVWA

  • Conference paper
  • First Online:
Intelligent Data Engineering and Analytics (FICTA 2023)

Part of the book series: Smart Innovation, Systems and Technologies ((SIST,volume 371))

Abstract

Cyberspaces are ubiquitous today. These online spaces have made their mark in fields such as education, government, and ecommerce. It is believed that the development of cyberspace is inevitable, and we can expect to see its impact in all domains around us soon. Post-pandemic, we have seen a paradigm shift, with many services moving online. As vulnerable systems move online, there has been an exponential increase in cyber-attacks. Penetration testing is a powerful practice that can be used to safeguard against cyber-attacks. However, the framework of penetration testing, the extent of automation, and the metrics of security measures are still a work in progress. In this paper, we aimed to exploit the vulnerability of a web server. Using reverse TCP protocol, Metasploit framework and Burp Suite tool of Kali Linux, we successfully gained access into a web server based on Xampp. Our work suggests that penetration testing can be used to identify flaws of a system, and this knowledge can be used to create a more robust version.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 229.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 299.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Pitney, A.M., Penrod, S., Foraker, M., Bhunia, S.: A systematic review of 2021 microsoft exchange data breach exploiting multiple vulnerabilities. In: 7th International Conference on Smart and Sustainable Technologies (SpliTech), pp. 1–6. IEEE (2022, July)

    Google Scholar 

  2. Rouland, Q., Hamid, B., Jaskolka, J.: Specification, detection and treatment of STRIDE threats for software components: modeling, formal methods, and tool support. J. Syst. Architect. 117, 102073 (2021)

    Article  Google Scholar 

  3. Schwartz, J., Kurniawati, H.: Autonomous Penetration Testing Using Reinforcement Learning. arXiv preprint arXiv:1905.05965 (15 May 2019)

  4. Timalsina, U., Gurung, K.: Metasploit Framework with Kali Linux (Apr 2015)

    Google Scholar 

  5. Arote, A., Mandawkar, U.: Android hacking in Kali Linux using metasploit framework. Int. J. Sci. Res. Comput. Sci. Eng. Inf. Technol. 7(3), 497–504 (2022)

    Google Scholar 

  6. Al-Mohannadi, H., Mirza, Q., Namanya, A., Awan, I., Cullen, A., Disso, J.: Cyber-attack modeling analysis techniques: an overview. In: 2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW), pp. 69–76. IEEE (22 Aug 2016)

    Google Scholar 

  7. Yohanandhan, R.V., Elavarasan, R.M., Manoharan, P., Mihet-Popa, L.: Cyber-physical power system (CPPS): a review on modeling, simulation, and analysis with cyber security applications. IEEE Access 8, 151019–151064 (2020)

    Article  Google Scholar 

  8. Gao, Y., Li, X., Peng, H., Fang, B., Philip, S.Y.: HinCTI: a cyber threat intelligence modeling and identification system based on heterogeneous information network.: IEEE Trans. Knowl. Data Eng. 34(2), 708–722 (2020)

    Google Scholar 

  9. Caras, C.J.: Diamond Model of Intrusion Analysis—Travelex Ransomware Attack

    Google Scholar 

  10. Valea, O., Oprisa, C.: Towards pentesting automation using the metasploit framework. In: IEEE 16th International Conference on Intelligent Computer Communication and Processing (ICCP), pp. 171–178. IEEE (2 Sept 2020)

    Google Scholar 

  11. Likhar, P., Yadav, R.S.: Securing IEEE 802.11 g WLAN using open VPN and its impact analysis. arXiv preprint arXiv:1201.0428 (2012)

  12. Watts, S.: Secure authentication is the only solution for vulnerable public WiFi. J. Comput. Fraud Secur. 18–20 (1 Jan 2016)

    Google Scholar 

  13. Raj Raj, S., Walia, N.K.: A study on metasploit framework: a pen-testing tool. In: 2020 International Conference on Computational Performance Evaluation (ComPE), pp. 296–302. IEEE (2 July 2020)

    Google Scholar 

  14. Holik, F., Horalek, J., Marik, O., Neradova, S., Zitta, S.: Effective penetration testing with metasploit framework and methodologies. In: 2014 IEEE 15th International Symposium on Computational Intelligence and Informatics (CINTI), pp. 237–242. IEEE (19 Nov 2014)

    Google Scholar 

  15. Kennedy, D., O’gorman, J., Kearns, D., Aharoni, M.: Metasploit: The Penetration Tester’s Guide. No Starch Press (15 July 2011)

    Google Scholar 

  16. Marquez, C.J.: An analysis of the ids penetration tool: metasploit. J. InfoSec Writers Text Library 9 (2010)

    Google Scholar 

  17. Kotenko, I., Saenko, I., Lauta, O.: Modeling the impact of cyber attacks. J. Cyber Resilience Syst. Netw. 135–169 (2019)

    Google Scholar 

  18. Sanchez, H.S., Rotondo, D., Escobet, T., Puig, V., Quevedo, J.: Bibliographical review on cyber attacks from a control-oriented perspective. J. Ann. Rev. Control 48, 103–128 (2019)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Fairleigh Dickinson University, Vancouver, Canada

    Tamanna Jena Singhdeo & Arpan Bhavsar

  2. VIT AP University, Amravati, India

    S. R. Reeja

  3. KIIT University, Bhubaneswar, India

    Suresh Satapathy

Authors
  1. Tamanna Jena Singhdeo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. S. R. Reeja
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Arpan Bhavsar
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Suresh Satapathy
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tamanna Jena Singhdeo .

Editor information

Editors and Affiliations

  1. Department of Electronics Engineering, Faculty of Engineering and Technology (UNSIET), Veer Bahadur Singh Purvanchal University, Jaunpur, Uttar Pradesh, India

    Vikrant Bhateja

  2. Cardiff School of Technologies, Cardiff Metropolitan University, Cardiff, Warwickshire, UK

    Fiona Carroll

  3. Faculty of Engineering, University of Porto, Porto, Portugal

    João Manuel R. S. Tavares

  4. Cardiff Metropolitan University, Cardiff, Warwickshire, UK

    Sandeep Singh Sengar

  5. Faculty of Computer and Information Science, University of Ljubljana, Ljubljana, Slovenia

    Peter Peer

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Singhdeo, T.J., Reeja, S.R., Bhavsar, A., Satapathy, S. (2023). Penetration Testing of Web Server Using Metasploit Framework and DVWA. In: Bhateja, V., Carroll, F., Tavares, J.M.R.S., Sengar, S.S., Peer, P. (eds) Intelligent Data Engineering and Analytics. FICTA 2023. Smart Innovation, Systems and Technologies, vol 371. Springer, Singapore. https://doi.org/10.1007/978-981-99-6706-3_17

Download citation

Publish with us

Policies and ethics

Search

Navigation