Reference no: EM132324598
Vulnerability Exploitation Assignment -
Lab Objectives - This activity will address module outcome. Upon completion of this activity, you will be able to:
- Identify exploits of common vulnerabilities.
- Use industry tools to explore password guessing and/or cracking.
- Demonstrate the impact of discovered vulnerabilities through ethical exploitation.
This week we will work with vulnerability validation, exploitation, and post-exploitation. We will leverage an automated tool called Armitage. It is a Graphical User Interface for the Metasploit Framework. We will use it import Nmap and Nessus scan results, find attacks based on these results, exploit them if possible, and facilitate interaction with the target. After successful exploitation, we will search for username and password hashes and crack them as a post-exploitation activity.
Lab Instructions -
Review the provided videos for this module and any related references.
Use the provided videos to help you complete the assignment.
Save or locate saved reports for scans with Nmap (XML format) and OpenVas (NBE Format).
Start Armitage, interface for the Metasploit Framework.
Import the Nmap and OpenVas reports.
Search for attacks.
Exploit any vulnerabilities presented in the video tutorial.
Dump all password hashes for the Metasploitable target and crack them using Johnny, GUI for John the Ripper password cracker.
Update the table with results from the previous weeks to add the exploit that was used and if the exploitation was successful. You need to add columns for:
- Exploit - what is the exploit you used to gain access to the system or escalate privileges. Example. /exploit/linux/ftp/vsftpd2.3.4
- Exploit Success - was the exploit successful or not. Example, yes/true, no/false, partial (if partial explain)
Example table with Note that all columns need to be filled at this stage with results where they are present.
Completed step-by-step instructions with full-screen screenshots - Example of full-screen screenshot.
Lab Deliverables -
Full-screen screenshot for each exploit, which you validated successfully as shown in the "Exploitation" video
Full-screen screenshot for the cracked passwords with the Johnny password cracking post-exploitation activity as shown in the "Post-Exploitation" video.
Make sure each full-screen screenshot is accompanied by a brief explanation of the results, file, etc.
- If you only upload screenshots without an explanation, you will receive "0" points for the assignment.
- If you do not upload full-screen screenshots, you will receive "0" points for the assignment.
- Do not upload just screenshots or you will receive "0" points for the assignment.
Completed table with results with Nmap, OpenVas, and Exploit information as specified in the "Instructions" section of this lab.
Attach the table with results in Excel format to your assignment dropbox for M7A1.
Attachment:- Assignment File.rar