Penetration Test Report:

$1.$ Target:

The target of this penetration test is the drisst.com web server, specifically to conduct a vulnerability scan to identify potential security weaknesses.

Step $2$

$2.$ Purpose:

The purpose of this penetration test is to identify potential security vulnerabilities in the drisst.com web server and assess the security posture of the organization. This test will help identify potential security weaknesses and suggest measures to improve the security posture of the organization.

Step $3$

$3.$ Scope:

The scope of this penetration test is limited to a vulnerability scan of the drisst.com web server. The penetration tester is allowed to scan the web server for vulnerabilities using Nmap and OpenVAS, but not authorized to conduct any potentially destructive scans or tests. The penetration test is limited to the web server and does not include any other systems or networks within the organization.

Step $4$

$4.$ Summary of Findings:

During the vulnerability scan, three high$-$severity vulnerabilities were identified in the drisst.com web server using OpenVAS. The vulnerabilities are as follows:

Vulnerability $1$: MvSOL MariaDB Weak Password

Severity: $9\mathrm{.}0($High$)$

Description: The MariaDB service is using a weak password, which can be easily guessed or brute$-$forced by an attacker. This could lead to unauthorized access to the database and sensitive information being stolen.

Recommendation: Change the MariaDB password to a stronger and more complex one, preferably using a combination of upper and lowercase letters, numbers, and special characters.

Vulnerability $2$: vsftpd Compromised Source Packages Backdoor Vulnerability

Severity: $7\mathrm{.}5($High$)$

Description: The vsftpd service is using compromised source packages, which contain a backdoor vulnerability that can be exploited by an attacker to gain unauthorized access to the server.

Recommendation: Update the vsftpd service to the latest version, which does not contain the backdoor vulnerability, and remove any compromised source packages from the system.

Vulnerability $3$: vsftpd Compromised Source Packages Backdoor Vulnerability

Severity: $7\mathrm{.}5($High$)$

Description: The vsftpd service is using compromised source packages, which contain a backdoor vulnerability that can be exploited by an attacker to gain unauthorized access to the server.

Recommendation: Update the vsftpd service to the latest version, which does not contain the backdoor vulnerability, and remove any compromised source packages from the system.

Answer

$5.$ Conclusion:

The penetration test has identified several vulnerabilities in the drisst.com web server, including three high$-$severity vulnerabilities that pose a significant security risk to the organization. The vulnerabilities need to be addressed immediately to prevent unauthorized access to the system and sensitive information being compromised. The organization should implement the recommended remediation measures to improve the security posture of the drisst.com web server and mitigate the identified security vulnerabilities. It is recommended that regular vulnerability assessments and penetration tests are conducted to identify and address potential security weaknesses in the organization's IT infrastructure.