Abstract
Cyberspaces are ubiquitous today. These online spaces have made their mark in fields such as education, government, and ecommerce. It is believed that the development of cyberspace is inevitable, and we can expect to see its impact in all domains around us soon. Post-pandemic, we have seen a paradigm shift, with many services moving online. As vulnerable systems move online, there has been an exponential increase in cyber-attacks. Penetration testing is a powerful practice that can be used to safeguard against cyber-attacks. However, the framework of penetration testing, the extent of automation, and the metrics of security measures are still a work in progress. In this paper, we aimed to exploit the vulnerability of a web server. Using reverse TCP protocol, Metasploit framework and Burp Suite tool of Kali Linux, we successfully gained access into a web server based on Xampp. Our work suggests that penetration testing can be used to identify flaws of a system, and this knowledge can be used to create a more robust version.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Pitney, A.M., Penrod, S., Foraker, M., Bhunia, S.: A systematic review of 2021 microsoft exchange data breach exploiting multiple vulnerabilities. In: 7th International Conference on Smart and Sustainable Technologies (SpliTech), pp. 1–6. IEEE (2022, July)
Rouland, Q., Hamid, B., Jaskolka, J.: Specification, detection and treatment of STRIDE threats for software components: modeling, formal methods, and tool support. J. Syst. Architect. 117, 102073 (2021)
Schwartz, J., Kurniawati, H.: Autonomous Penetration Testing Using Reinforcement Learning. arXiv preprint arXiv:1905.05965 (15 May 2019)
Timalsina, U., Gurung, K.: Metasploit Framework with Kali Linux (Apr 2015)
Arote, A., Mandawkar, U.: Android hacking in Kali Linux using metasploit framework. Int. J. Sci. Res. Comput. Sci. Eng. Inf. Technol. 7(3), 497–504 (2022)
Al-Mohannadi, H., Mirza, Q., Namanya, A., Awan, I., Cullen, A., Disso, J.: Cyber-attack modeling analysis techniques: an overview. In: 2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW), pp. 69–76. IEEE (22 Aug 2016)
Yohanandhan, R.V., Elavarasan, R.M., Manoharan, P., Mihet-Popa, L.: Cyber-physical power system (CPPS): a review on modeling, simulation, and analysis with cyber security applications. IEEE Access 8, 151019–151064 (2020)
Gao, Y., Li, X., Peng, H., Fang, B., Philip, S.Y.: HinCTI: a cyber threat intelligence modeling and identification system based on heterogeneous information network.: IEEE Trans. Knowl. Data Eng. 34(2), 708–722 (2020)
Caras, C.J.: Diamond Model of Intrusion Analysis—Travelex Ransomware Attack
Valea, O., Oprisa, C.: Towards pentesting automation using the metasploit framework. In: IEEE 16th International Conference on Intelligent Computer Communication and Processing (ICCP), pp. 171–178. IEEE (2 Sept 2020)
Likhar, P., Yadav, R.S.: Securing IEEE 802.11 g WLAN using open VPN and its impact analysis. arXiv preprint arXiv:1201.0428 (2012)
Watts, S.: Secure authentication is the only solution for vulnerable public WiFi. J. Comput. Fraud Secur. 18–20 (1 Jan 2016)
Raj Raj, S., Walia, N.K.: A study on metasploit framework: a pen-testing tool. In: 2020 International Conference on Computational Performance Evaluation (ComPE), pp. 296–302. IEEE (2 July 2020)
Holik, F., Horalek, J., Marik, O., Neradova, S., Zitta, S.: Effective penetration testing with metasploit framework and methodologies. In: 2014 IEEE 15th International Symposium on Computational Intelligence and Informatics (CINTI), pp. 237–242. IEEE (19 Nov 2014)
Kennedy, D., O’gorman, J., Kearns, D., Aharoni, M.: Metasploit: The Penetration Tester’s Guide. No Starch Press (15 July 2011)
Marquez, C.J.: An analysis of the ids penetration tool: metasploit. J. InfoSec Writers Text Library 9 (2010)
Kotenko, I., Saenko, I., Lauta, O.: Modeling the impact of cyber attacks. J. Cyber Resilience Syst. Netw. 135–169 (2019)
Sanchez, H.S., Rotondo, D., Escobet, T., Puig, V., Quevedo, J.: Bibliographical review on cyber attacks from a control-oriented perspective. J. Ann. Rev. Control 48, 103–128 (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Singhdeo, T.J., Reeja, S.R., Bhavsar, A., Satapathy, S. (2023). Penetration Testing of Web Server Using Metasploit Framework and DVWA. In: Bhateja, V., Carroll, F., Tavares, J.M.R.S., Sengar, S.S., Peer, P. (eds) Intelligent Data Engineering and Analytics. FICTA 2023. Smart Innovation, Systems and Technologies, vol 371. Springer, Singapore. https://doi.org/10.1007/978-981-99-6706-3_17
Download citation
DOI: https://doi.org/10.1007/978-981-99-6706-3_17
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-6705-6
Online ISBN: 978-981-99-6706-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)