Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
AWS Penetration Testing

You're reading from   AWS Penetration Testing Beginner's guide to hacking AWS with tools such as Kali Linux, Metasploit, and Nmap

Arrow left icon
Product type Paperback
Published in Dec 2020
Publisher Packt
ISBN-13 9781839216923
Length 330 pages
Edition 1st Edition
Languages
Tools
Arrow right icon
Author (1):
Arrow left icon
Jonathan Helmus Jonathan Helmus
Author Profile Icon Jonathan Helmus
Jonathan Helmus
Arrow right icon
View More author details
Toc

Table of Contents (17) Chapters Close

Preface 1. Section 1: Setting Up AWS and Pentesting Environments
2. Chapter 1: Building Your AWS Environment FREE CHAPTER 3. Chapter 2: Pentesting and Ethical Hacking 4. Section 2: Pentesting the Cloud – Exploiting AWS
5. Chapter 3: Exploring Pentesting and AWS 6. Chapter 4: Exploiting S3 Buckets 7. Chapter 5: Understanding Vulnerable RDS Services 8. Chapter 6: Setting Up and Pentesting AWS Aurora RDS 9. Chapter 7: Assessing and Pentesting Lambda Services 10. Chapter 8: Assessing AWS API Gateway 11. Chapter 9: Real-Life Pentesting with Metasploit and More! 12. Section 3: Lessons Learned – Report Writing, Staying within Scope, and Continued Learning
13. Chapter 10: Pentesting Best Practices 14. Chapter 11: Staying Out of Trouble 15. Chapter 12: Other Projects with AWS 16. Other Books You May Enjoy

Exploring vulnerable services

Vulnerable services can be the Achilles heel of a system if left unpatched. What this means is vulnerabilities, if left unpatched, leave a severe weakness in companies' systems that can allow malicious hackers to gain access. A vulnerability is classed as an issue in a system that, if not fixed, could cause large issues if it were to become an attack vector. Vulnerabilities come in many variants and can come in the form of outdated operating systems, open ports, unauthorized access, and many more. To fix known vulnerabilities and protect systems from attacks, patches and updates have to be installed accordingly. Doing so helps remediate most of the major problems you will see.

Discovering vulnerable services

Now that we know what a vulnerability is, let's mention the typical way pentesting discovers vulnerabilities:

  1. Ensure that you have a list of targets. Targets are categorized as hosts – we can think of EC2 instances as hosts.
  2. Once you have a list of hosts, you'll need to scan them and enumerate information from them. Scanning can be used with various tools, which we will use more of in Chapter 9, Real-Life Pentesting with Metasploit and More!.
  3. You then create the risk associated with vulnerabilities you found while scanning and enumerating. Risk is typically labeled as low, medium, high, or critical – with critical having the most impact.
  4. You may also find "low-hanging fruit" while scanning. Low-hanging fruit are easy-to-exploit vulnerabilities that allow you to exploit a target quickly.
  5. Discovered vulnerabilities should be reported immediately so that they can be properly patched. Typically, another team is assigned to fix these issues and apply patches to the systems.

This is the basis of how vulnerabilities are discovered in a pentesting environment. Now let's look at how vulnerable services are created from an administrator's point of view.

Creating vulnerable services

For this short example, we are going to install vsftpd and enable anonymous login on our CentOS 7 machine. Anonymous login is a default feature in quite a few FTP clients and allows anyone to connect to the FTP using the following credentials:

  • Username: Anonymous
  • Password: Anonymous

As you can already assume, allowing anyone such easy access to your server creates a huge security risk. We will learn how to set up the server as vulnerable, and then later will learn some security controls that we can put in place to lock down the FTP server:

  1. ssh into the CentOS 7 server that we set up. You will need to log in as the user ec2-user, and not root.
  2. Once logged into the server, run the following commands to update your server and install the vsftp service:
    $ sudo yum update
  3. Follow this by running the following:
    $ sudo yum install vsftpd

    If you're having issues due to fewer rights and privileges, run the command sudo su to switch over to the root user account. This will allow you to run all commands as the root user.

  4. Verify the service is running by typing sudo service vsftpd status. Now that vsftpd is installed, we need to ensure that anonymous login is enabled. Run the following command to access the vsftpd configuration file:
    anonymous_enabled=YES

    It will look like the following screenshot:

Figure 1.25 – Installing Metasploit

Figure 1.25 – Installing Metasploit

Now your server is set with anonymous login. Later on in the book, in Chapter 3, Exploring Pentesting and AWS, we will discuss how to scan and connect to the service locally and remotely from other instances within our environment.

We now have some understanding of what vulnerabilities are and how to reproduce them ourselves. It's important to understand the full scope of the technical attributes of what we will be doing throughout this book. In regard to vulnerabilities, please note that discovering vulnerabilities is not the same as attacking them. When discovering vulnerabilities, you will be assigned to discover, assess, and evaluate any vulnerabilities found. Pentesting executes this type of testing one step further by attacking and exploiting those vulnerabilities through manual and automated exploitation.

Let's move on to discussing what attacking vulnerabilities entails.

You have been reading a chapter from
AWS Penetration Testing
Published in: Dec 2020
Publisher: Packt
ISBN-13: 9781839216923
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image