User Account

All Pages

Perform the first three phases of an attack

Assignment Help Other Subject
Reference no: EM132689214

Intrusion Detection & Penetration Testing

VMs & Tools Needed
KALI Linux
NoSecCorpServer (192.168.1.100) - Custom Debian VM
All tools needed to complete this assessment are located in KALI.

No Security Corp's Server
The IP address of the server in which you will be conducting your penetration test is 192.168.1.100. Page 2 of these instructions contains a full copy of the web based list of the company's contact information as mentioned in the Background paragraph above.

Method
Perform the first three phases of an attack: Footprinting and Reconnaissance, Scanning, and Gaining Access.

Getting Started:
Use 2 VMs to complete. KALI and NoSecCorpServer. The NoSecCorpServer VM has a static IP address of 192.168.1.100. Configure these two VMs to be on the same network. Since you will not have the login information for the No Security Corp's system, you do not have the ability to change its IP address. Therefore, you must set up a network in VMWare Workstation that will allow your KALI to be on the same network as the NoSecCorpServer VM.
Instructions are provided below:
? Verify both Kali and No Security Corp (victim) are set to Host Only in VMWare Workstation.
? In Kali, run ifconfig to see which network adaptor is enabled. See example below, eth0 is enabled, but yours might be eth1, eth5, eth12, etc. Note which network adaptor is enabled on your system.

? Use vi (or your favorite text editor) to modify the /etc/network/interfaces file.

? Type the following lines in the /etc/network/interfaces file to set a static IP address.
auto eth0 
iface eth0 inet static 
address 192.168.1.200 
network 192.168.1.0 
netmask 255.255.255.0 
broadcast 192.168.1.255 
gateway 192.168.1.1

Note: see screenshot below to compare

? Save the changes to your /etc/network/interfaces file
? Restart your Kali system.
? Verify that Kali now has an IP address of 192.168.1.200

? Ping 192.168.1.100
If you get ping responses, you are ready to start. If you don't, verify your systems are in Host Only and re-do the steps above.
Footprinting and Reconnaissance

Using your Kali browser, visit https://192.168.1.100/ to view No Security Corp's website.
? Make a list of potential usernames that could be utilized to gain access to the system.

? After reviewing list above, which user/user account do you believe might pose the greatest security risk to the organization and thus should be the first target of your penetration test?

Why did you select this user? What would make you think this user might not be utilizing the best security practices?

? Users you suspect might not have good security practices may also use weak passwords. If you were to perform a brute-force password attack against the user identified in Step 2, make a list of at least 10 potential passwords you would try.

Scanning and Gaining Access

? Use your favorite port scanning tool to identify the open ports of your victim server. Record those ports below.
Port Number Service

Screenshot #1: Insert a screenshot showing the command you ran and the results of the open/closed ports. Include Nazaire Biscoe typed in the screenshot (either on the next line or in an overlapping terminal).

? Was port 22 ssh open on the victim server?
Circle, highlight or bold Yes or No.
Yes No

If no, continue onto Step 7.
If yes, complete the following:
? Input the following command #ssh 192.168.1.100
Note: if you are running Kali 2020, you will need to enter #sudo ssh 192.168.1.100
? Who's password are you prompted to insert?
Note: this answer is NOT kali.

? Type Ctrl+Z (or exit) to exit since you do not know the password of the account.

? Attempt to ssh utilizing the account you identified in Step 2 that might be using weak security.

What command did you use to ssh into the system?

When prompted to insert the user's password, attempt to brute-force the password using the passwords you identified in step 3. Note: The system will give you three tries, after three tries, you will need to reenter your ssh command in order to gain three additional attempts.
What password was successful in gaining access to the users account?

Screenshot #2 insert a screenshot of the command used and successful SSH entry. Include Nazaire Biscoe typed in the screenshot (either on the next line or in an overlapping terminal).

If you have selected the correct user in Step #2, brute forcing the password of the user should take less than 5 minutes

? Change to the /home directory. List the 11 directories located in the /home directory.

? Attempt to change directories to the 11 directories identified above. Which directory does your user not have access to?

Attempt to view the /etc/shadow file. You should receive a message indicating that your user is not authorized to view this file.
Since it appears your user does not have privileges to view important files you will need for your penetration test, you will need to identify another user with higher privileges to log in as.
? View the groups on the system. Which group is a special group found on a Linux system that allows its members to masquerade as another user using super user privileges?
Indicate the group name and group ID below.
Group ID Group Name

? View the users on the victim system. List the user IDs and their group IDs.
Username User ID Group ID
jjackson
oramsey
fsmithers
bfloyd
cyork
brangel
rdavenport
rmedina
tsawyer
wcrawford

? Compare the Group IDs of the users you identified in Step 10 with the Group ID you identified have super user privileges in Step 11. Which employee has super user privileges on this server?
Employee Username Employee Actual First & Last Name

? Enter the command exit to return to the root account in Kali.

? Crack the password of the user you identified in in Step 10 using the tool Hydra.
Note: The password is between 250 - 350 in rockyou.txt. Also, you should not need to use -t 4. Try without -t 4 first, then add -t 4 if your system goes past the 350th password.

What command did you use to crack the password?

Screenshot #3: Insert a screenshot of the successful password crack. Include Nazaire Biscoe typed in the screenshot (either on the next line or in an overlapping terminal).

? Attempt to ssh utilizing the new account you identified in Step 10.
When prompted, insert the users password identified in Step 12. What was the password?

? View the /etc/shadow file. Does your new user have access?
Circle, highlight or bold Yes or No.
Yes No
Hint: Remember, this user has root privileges and should be able to view the file. If you are denied access to the file, what command can you use that will allow you to view the file by invoking security privileges of another user (such as a superuser, or root).

? Use John the Ripper to crack the password for the root account using the rockyou.txt wordlist.
What command did you use to crack the password?

What is the password for the root account?

Hint: You will use the brangel account to locate the hash for the root account, however you will need to either (a) exit your brangel ssh session on the victim machine or (b) open a new terminal window in order to use John to crack the hash file.

Screenshot #4: Insert a screenshot of the successful password crack. Include Nazaire Biscoe typed in the screenshot (either on the next line or in an overlapping terminal).

Screenshot #4

? Switch to the NoSecCorpServer VM. Log into the root account using the password identified.
? Change to /home directory.
? Take a look at the names of the files in the s3cret directory. Are there any files in the /home/s3cret/file directory that have names that look suspicious or indicate the file might be sensitive in nature (personal information, company secret data, etc.)?
Circle, highlight or bold Yes or No.
Yes No

If Yes, list the file name: ___________________

? Input the following command to decrypt the sensitive file identified in Step 23:
#openssl enc -d -aes-128-cbc -in insert name of file to decrypt -out decryptedfile.txt
Typing the command above exactly as stated is CRITICAL.
openssl enc -d -aes-128-cbc -in insert name of file to decrypt -out decryptedfile.txt
Tip: Make sure to insert the file name exactly as it appears in the directory (case sensitive). This step will create a new file called salaryunencrypted.csv in the same directory. Verify 2 files (the encrypted file and this new unencrypted file) are both listed in the directory prior to moving onto the next step. Also, you will be prompted to enter the root account password to decrypt.
? View (cat) decryptedfile.txt
? The unencrypted file appears to be encoded in some way. Run the following command to decode the file:
base64 -d decryptedfile.txt > newdecryptedfile.txt

? View the new unencrypted file. It appears to be a csv (common separated value) file.
What is Carla York's "Direct Deposit Account Number"?

? View newdecryptedfile.txt. List the yearly salary of the following personnel:
Title Salary
Head of HR
CEO
Sr. System Admin

? View the newdecryptedfile.txt. Which employee still needs to attend security training?

Attachment:- Intrusion Detection.rar

Reference no: EM132689214

Questions Cloud

Windows authentication-networking and data access : You have been instructed to ensure that Windows authentication, networking, and data access are hardened. This will help to provide a high level of security.
Provide space and facilities for support personnel : Provide space and facilities for support personnel (you need to determine what job functions will be required to your best ability)
Responsibilities of risk management programs : Consider the responsibilities of risk management programs and risk in volunteer management.
What do think will be greatest challenge in college : What is your career goal when you graduate? 3 years after you graduate? 10 years after? 25 years after? What do think will be greatest challenge in college
Perform the first three phases of an attack : Intrusion Detection & Penetration Testing - Perform the first three phases of an attack - Users you suspect might not have good security practices
Discuss digital forensics : Organizations, especially those in the public, health, Discuss digital forensics and how it could be used in a risk management program.
Bond annual coupon rate-wonka candy company : Wonka Candy Company has an issue of $1,000 par value bonds that pay interest quarterly. The issue has 5 years remaining to the maturity date.
Difference between internet and world wide web : What is the difference between the Internet and the World Wide Web? Create at least three statements that identify the differences between the two.
Linear Development in Learning Approaches : Review the section on Linear Development in Learning Approaches. Discuss how learning changes over time impact organizational culture.

Reviews

Write a Review

Other Subject Questions & Answers

  Discuss the particular area of specialization in psychology

review paper whose topic is the particular area of specialization in psychology that is of most relevance to the occupation you would like to eventually enter (e.g., industrial/organizational psychology if you want to become a human resources dire..

  Describe caring attributes of the culture

Describe caring attributes of the culture where you currently practice. Which attributes stand out as having significant influence on patients, nurses.

  Related to improved self-esteem for adolescents

Childhood participation in clubs appears to be related to improved self-esteem for adolescents. In a representative study, a sample of 100 adolescents with a history of group participation is given a standardized self-esteem questionnaire.

  What should health officer do in the given scenario and why

Do you believe public health officials should have the authority to close sorority houses? If so, what should they do in this scenario and why?

  Health class and required to doa behavioral change project

This is for an health class and it is required to doa Behavioral Change Project. it can be an change with smoking or even weight issues justhas to be something relating to that i changed in my dailybehavior.

  What are the challenges and opportunities of working

What are the challenges and opportunities of working with others who are different from you? How might you navigate the challenges

  Is the absence of variation optimal

While exploring opportunities to improve processes of care for a group practice, you find no variability in compliance with the US Preventive Services Task.

  Government managing the economy

Government Managing the Economy

  What part of the assignment did you find most difficult

Explain your process for coming up with the functions that represent your object or event. Explain the point of reference you chose and why you chose it, how you measured or gathered the data you need, etc.

  What are risk factor that predict violent behaviors in youth

What are the risk factors and resilience factors regarding the developing PTSD? What are the risk factors that predict violent behaviors in youth?

  Higher level of primary productivity

In most situations, which would you expect to have a higher level of primary productivity: homogenous water column or a heterogenous water column?

  What is the level of measurement you are using

This assignment is one in a progression of assignments that will move you toward your final research proposal.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd