User Account

All Pages

Advanced cyber exploitation and mitigation methodologies

Assignment Help Computer Network Security
Reference no: EM133674447

Advanced Cyber Exploitation and Mitigation Methodologies

Project 1: Reconnaissance and Enumeration

Task 1: Gather Publicly Available Information
1) Open a web browser and search for the name of the Damn Vulnerable Web App instance.
2) Look for any publicly available information about the target organization, such as company websites, social media profiles (e.g., Facebook, LinkedIn), and job postings.
a) In this case, you will find a plethora of information regarding these intentionally vulnerable systems. You will not find standard corporate information like you would during a real penetration test but the habit, technique, and process is good to practice. Furthermore, you will be able to learn more about the images, the technology stacks used, and the intentionally present vulnerabilities. All this will become important in later phases of the penetration test.
3) Take notes on any information found. Notes are always helpful!

Task 2: Perform Service Banner Grabbing
1. Open a terminal window (Command Prompt on Windows, Terminal on macOS/Linux).
2. Use the "nc" (Netcat) command followed by the IP address and port number to connect to a service running on the Damn Vulnerable Linux instance. For example: ncumgc-web-dvwa.azurewebsites.net 80 to connect to the HTTP service on port 80. You can also use the IP Address 10.13.246.8instead of the name.

3. Note the response received, which may include information about the service and its version number.
4. Repeat this process for other common services such as HTTP (port 80), HTTPS (port 443), FTP (port 21), etc., using the appropriate port numbers. Based your activities on what you discovered during earlier steps.
Task 3: Fingerprint Service Versions Through Telnet
1. Open a terminal window (Command Prompt on Windows, Terminal on macOS/Linux).
2. Use the "telnet" command followed by the IP address and port number to connect to a service running on the Damn Vulnerable Web App instance. For example: telnet umgc-web-dvwa.azurewebsites.net80 to connect to the HTTP service on port 80. You can also use the IP Address 10.13.246.8instead of the name.

3. Interact with the service by sending commands (e.g., typing "GET / HTTP/1.0" for HTTP) and observing the responses.

4. Note any information received, such as the server type and version number.
5. Repeat this process for other services on different ports as needed.

Active Reconnaissance

Task 1: Scan for Live Hosts with Ping Sweep
1. Open a terminal window on your Linux workstation.
2. Use the "ping" command followed by the network range to perform a ping sweep and identify live hosts: ping -b10.13.246.8
o This command will send ICMP echo requests to the broadcast address of the network.
3. This will not complete in a reasonable amount of time! Wait a few minutes and then use ctrl+c to exit the process. We'll see the difference another tool can make in a moment.
Task 2: Use Traceroute to Map Network Paths
1. Open a terminal window on your Linux workstation.
2. Type the following command to perform a traceroute to the Damn Vulnerable Web App instance: traceroute 10.13.246.8
o This command will trace the network path to the specified IP address and display the route taken by packets.
3. Observe the output to identify the hops (routers) between your workstation and the Damn Vulnerable Web app instance.
Task 3: Enumerate Hosts Using Nmap
1. Open a terminal window on your Linux workstation.
2. Type the following command to perform a service version detection scan on the Damn Vulnerable Linux instance: nmap -sn10.13.246.0/24
o This command will scan the specified IP network and determine if any hosts are online and responsive.

3. Wait for the scan to complete and observe the list of hosts.
Document Findings
Enter the information gathered during reconnaissance and enumeration, including details about the targets, services running on the target hosts, and any other relevant findings in Section 3.1of the Penetration Test Report.
Also, remember to insert your screenshots in the appropriate appendix in your Penetration Test Report. Also, don't forget to document specific findings from each task in the hands-on sections above.
Finally, answer the Reflection Questions below (insert your answers in the appendix after the screenshots in the Penetration Test Report):

1. Now that you have initiated a penetration test, what do you think are 3-5 goals of penetration testing?

2. How might publicly accessible information gathered during reconnaissance and enumeration further some or all of those goals?

3. What are some differences between active and passive reconnaissance and enumeration?

4. Why is banner grabbing an effective technique to employ?

5. What difference(s) did you observe between the active reconnaissance using ping -b and nmap -sn? What technical explanation is there for your observation?

Project 2: Vulnerability Discovery

Task 1: Scan for Services Using Nmap
We used nmap in Project 1 to conduct basic reconnaissance and enumeration. Now we are going to use additional features to gain more knowledge about our targets. First, let's baseline again to ensure our landscape has not changed.
1. Open a terminal window on your Linux workstation.
2. Use the "nmap" command followed by the network range to perform a ping sweep and identify live hosts: nmap -sn10.13.246.0/24
3. Take stock of the IP addresses of the live hosts and note if anything has changed.
Task 2: Scan for Open Ports and Services Using Nmap
Let's advance and attempt to gain more detailed knowledge about our targets.
1. Open a terminal window on your Linux workstation.
2. Type the following command to perform a port scan on the Damn Vulnerable Linux instance: nmap10.13.246.8

3. Wait for the scan to complete and observe the list of hosts as well as open ports and services.
4. Now, repeat step 2 using nmap -sSfor all hosts identified previously.
o Note whether there is any difference in the results.
5. Now, repeat step 2, this time using nmap -sOfor all hosts identified previously.
o Note whether there is any difference in the results.
Task 3: Conduct Vulnerability Assessment Using Nikto
Assuming you found at least one target with a web server (indicated by an open port 80 and/or 443), we can advance again in our discovery process. We'll move away now from nmap and engage a web specific vulnerability scanner.
1. Open a terminal window on your Linux workstation.
2. Type the following command to run Nikto against the Damn Vulnerable Web App instance: nikto -h 10.13.246.8
o This command will launch Nikto and perform a comprehensive scan of the specified web server (10.13.246.8) to identify potential vulnerabilities and misconfigurations.

3. Wait for the scan to complete and observe the list of vulnerabilities detected by Nikto.
4. Review the scan results to prioritize vulnerabilities based on severity and potential impact.

Task 4: Nessus Vulnerability Scan
First, register for an essentials license
You'll get an email with the activation code.
1. Launch Nessus by browsing to localhost:8834 and use the activation code to register. You'll need to create a local username and password (make it easy to remember).
2. The first time Nessus launches will take some time. The tool has to download plugins and compile them. When Nessus is ready, you will see a screen similar to the following:

3. Create a new Basic Network Scan. You can name the scan anything you want, I used "My First Scan". Use the IP address of the DVWA system (10.13.246.8):

4. Click on the "Launch Scan" button:

5. When the scan finishes, you'll see a day and time in the "Last Scanned" column:

6. Click on the scan and you will see an overview screen like the following (note: you may not see these exact vulnerabilities):

7. Click on one of the vulnerability categories to get a list of specific vulnerabilities related to that technology or service:

8. You can then click on specific vulnerabilities from that list to get even more detail:

Task 5: Document Findings
Enter the information gathered during your vulnerability discovery activities, including details about the targets, services running on the target hosts, and any other relevant findings in Section 3.2of the Penetration Test Report.
Also, remember to insert your screenshots in the appropriate appendix in your Penetration Test Report. Also, don't forget to document specific findings from each task in the hands-on sections above.
Finally, answer the Reflection Questions below (insert your answers in the appendix after the screenshots in the Penetration Test Report):

1. How did active and passive reconnaissance results from Project 1 inform your understanding of the vulnerability discovery results?
2. Which of the tools used during this phase of the penetration test yield the most useful results for the next phase?
3. What information gathered during vulnerability discovery can be used to further the penetration testing?
4. Is vulnerability scanning invasive or noninvasive?

Reference no: EM133674447

Questions Cloud

Determine type of aggression the other person is displaying : What information would you need to know to determine what type of aggression the other person is displaying?
Forecasted growth and stock intrinsic value : Analysts recommend purchasing or not purchasing a company's stock based on forecasted growth and the stock's intrinsic value
What artistic elements make this play a masterwork : Why does this play still matter? What artistic elements make this play a masterwork? How does this play make me feel about being an American today?
Calculate the forward prices : Column A gives you the last market date of the month for 200 months. Calculate the forward prices for both X and Y.
Advanced cyber exploitation and mitigation methodologies : CST 630 Advanced Cyber Exploitation and Mitigation Methodologies, University of Maryland Global Campus - find a plethora of information regarding
Calculate the risk neutral probability of stocks going down : The current price of southwest airline stocks is $39. Calculate the risk neutral probability of stocks going down for this year pick the closest number.
Analyze the concepts in the context of a criminal justice : Write a comprehensive scholarly essay analyze the concepts in the context of a criminal justice organizational issue.
Help develop reflection to the standard : Help develop a reflection to the following standard. The program shall prepare candidates who demonstrate knowledge of the theories and skills of accounting
Calculate the net present value of the investment : Elf on a Shelf Company bought a new computer-assisted design (CAD) software. Calculate the net present value (NPV) of the investment.

Reviews

len3674447

4/11/2024 2:24:03 AM

CST 630 Advanced Cyber Exploitation And Mitigation Methodologies In addition do you require my log in details to the virtual machine I use for the class below and attached are all details The MARS is how to access the virtual machine Everything has to be documented with screenshots The MARS instruction is how to access the virtual machine Do all two projects attached

Write a Review

Computer Network Security Questions & Answers

  Perform routing between the different networks and vlans

Inter-VLAN routing. This concept is also known as a router on a stick, which involves a switch setup with multiple VLANs but a router is in place to perform.

  Application to input a character string

Output the string rotated to the right by a user-defined number of characters (0 or more). For example, Hello world!rotated by two characters would be: Hello world.

  What applications will be included in baseline

What applications will be included in the baseline? If you chose to develop several baselines, what applications will be in each baseline?

  Access control models

Compare and contrast access control models. Select an access control model that best prevents unauthorized access for each of the five scenarios given below

  Network threats originate

Where do most network threats originate? What are some of the reasons for these network attacks?

  Identify the threat sony faced in the 2014 hack

Describe a scenario of what method of attack at least one other type of threat actor could use in the future, and why - Sonys information infrastructure

  Why would the company wish to remain anonymous

what implementing your solution will do for the organization; this should be a preliminary report that will evolve as the weeks progress

  Describe two of advantages associated with using types cable

Describe one or two of the advantages and/or disadvantages associated with using each cable type for a business's network infrastructure.

  Future of internet anonymity services

Discuss what you believe to be the most important lesson you have learnt as a result of these discussions. Explain the impact of this and its application/impact in real life.

  What are some of the most widely publicized dos attacks

What are some of the most widely publicized DoS attacks that have recently occurred? What about attackers who threaten a DoS attack unless a fee is paid?

  How does the event relate to issues addressed in cyber

Find a Cybersecurity-related current event, activity, or development in the news, briefly summarize the event and reflect on its significance, How does the event relate to issues addressed in cyber

  Provide a literature review on layered security architecture

Network Security (COMP 30019) - Provide a literature review on layered Security Architecture and suggest a layered security architecture

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd