User Account

All Pages

Advanced cyber exploitation and mitigation methodologies

Assignment Help Computer Network Security
Reference no: EM133674447

Advanced Cyber Exploitation and Mitigation Methodologies

Project 1: Reconnaissance and Enumeration

Task 1: Gather Publicly Available Information
1) Open a web browser and search for the name of the Damn Vulnerable Web App instance.
2) Look for any publicly available information about the target organization, such as company websites, social media profiles (e.g., Facebook, LinkedIn), and job postings.
a) In this case, you will find a plethora of information regarding these intentionally vulnerable systems. You will not find standard corporate information like you would during a real penetration test but the habit, technique, and process is good to practice. Furthermore, you will be able to learn more about the images, the technology stacks used, and the intentionally present vulnerabilities. All this will become important in later phases of the penetration test.
3) Take notes on any information found. Notes are always helpful!

Task 2: Perform Service Banner Grabbing
1. Open a terminal window (Command Prompt on Windows, Terminal on macOS/Linux).
2. Use the "nc" (Netcat) command followed by the IP address and port number to connect to a service running on the Damn Vulnerable Linux instance. For example: ncumgc-web-dvwa.azurewebsites.net 80 to connect to the HTTP service on port 80. You can also use the IP Address 10.13.246.8instead of the name.

3. Note the response received, which may include information about the service and its version number.
4. Repeat this process for other common services such as HTTP (port 80), HTTPS (port 443), FTP (port 21), etc., using the appropriate port numbers. Based your activities on what you discovered during earlier steps.
Task 3: Fingerprint Service Versions Through Telnet
1. Open a terminal window (Command Prompt on Windows, Terminal on macOS/Linux).
2. Use the "telnet" command followed by the IP address and port number to connect to a service running on the Damn Vulnerable Web App instance. For example: telnet umgc-web-dvwa.azurewebsites.net80 to connect to the HTTP service on port 80. You can also use the IP Address 10.13.246.8instead of the name.

3. Interact with the service by sending commands (e.g., typing "GET / HTTP/1.0" for HTTP) and observing the responses.

4. Note any information received, such as the server type and version number.
5. Repeat this process for other services on different ports as needed.

Active Reconnaissance

Task 1: Scan for Live Hosts with Ping Sweep
1. Open a terminal window on your Linux workstation.
2. Use the "ping" command followed by the network range to perform a ping sweep and identify live hosts: ping -b10.13.246.8
o This command will send ICMP echo requests to the broadcast address of the network.
3. This will not complete in a reasonable amount of time! Wait a few minutes and then use ctrl+c to exit the process. We'll see the difference another tool can make in a moment.
Task 2: Use Traceroute to Map Network Paths
1. Open a terminal window on your Linux workstation.
2. Type the following command to perform a traceroute to the Damn Vulnerable Web App instance: traceroute 10.13.246.8
o This command will trace the network path to the specified IP address and display the route taken by packets.
3. Observe the output to identify the hops (routers) between your workstation and the Damn Vulnerable Web app instance.
Task 3: Enumerate Hosts Using Nmap
1. Open a terminal window on your Linux workstation.
2. Type the following command to perform a service version detection scan on the Damn Vulnerable Linux instance: nmap -sn10.13.246.0/24
o This command will scan the specified IP network and determine if any hosts are online and responsive.

3. Wait for the scan to complete and observe the list of hosts.
Document Findings
Enter the information gathered during reconnaissance and enumeration, including details about the targets, services running on the target hosts, and any other relevant findings in Section 3.1of the Penetration Test Report.
Also, remember to insert your screenshots in the appropriate appendix in your Penetration Test Report. Also, don't forget to document specific findings from each task in the hands-on sections above.
Finally, answer the Reflection Questions below (insert your answers in the appendix after the screenshots in the Penetration Test Report):

1. Now that you have initiated a penetration test, what do you think are 3-5 goals of penetration testing?

2. How might publicly accessible information gathered during reconnaissance and enumeration further some or all of those goals?

3. What are some differences between active and passive reconnaissance and enumeration?

4. Why is banner grabbing an effective technique to employ?

5. What difference(s) did you observe between the active reconnaissance using ping -b and nmap -sn? What technical explanation is there for your observation?

Project 2: Vulnerability Discovery

Task 1: Scan for Services Using Nmap
We used nmap in Project 1 to conduct basic reconnaissance and enumeration. Now we are going to use additional features to gain more knowledge about our targets. First, let's baseline again to ensure our landscape has not changed.
1. Open a terminal window on your Linux workstation.
2. Use the "nmap" command followed by the network range to perform a ping sweep and identify live hosts: nmap -sn10.13.246.0/24
3. Take stock of the IP addresses of the live hosts and note if anything has changed.
Task 2: Scan for Open Ports and Services Using Nmap
Let's advance and attempt to gain more detailed knowledge about our targets.
1. Open a terminal window on your Linux workstation.
2. Type the following command to perform a port scan on the Damn Vulnerable Linux instance: nmap10.13.246.8

3. Wait for the scan to complete and observe the list of hosts as well as open ports and services.
4. Now, repeat step 2 using nmap -sSfor all hosts identified previously.
o Note whether there is any difference in the results.
5. Now, repeat step 2, this time using nmap -sOfor all hosts identified previously.
o Note whether there is any difference in the results.
Task 3: Conduct Vulnerability Assessment Using Nikto
Assuming you found at least one target with a web server (indicated by an open port 80 and/or 443), we can advance again in our discovery process. We'll move away now from nmap and engage a web specific vulnerability scanner.
1. Open a terminal window on your Linux workstation.
2. Type the following command to run Nikto against the Damn Vulnerable Web App instance: nikto -h 10.13.246.8
o This command will launch Nikto and perform a comprehensive scan of the specified web server (10.13.246.8) to identify potential vulnerabilities and misconfigurations.

3. Wait for the scan to complete and observe the list of vulnerabilities detected by Nikto.
4. Review the scan results to prioritize vulnerabilities based on severity and potential impact.

Task 4: Nessus Vulnerability Scan
First, register for an essentials license
You'll get an email with the activation code.
1. Launch Nessus by browsing to localhost:8834 and use the activation code to register. You'll need to create a local username and password (make it easy to remember).
2. The first time Nessus launches will take some time. The tool has to download plugins and compile them. When Nessus is ready, you will see a screen similar to the following:

3. Create a new Basic Network Scan. You can name the scan anything you want, I used "My First Scan". Use the IP address of the DVWA system (10.13.246.8):

4. Click on the "Launch Scan" button:

5. When the scan finishes, you'll see a day and time in the "Last Scanned" column:

6. Click on the scan and you will see an overview screen like the following (note: you may not see these exact vulnerabilities):

7. Click on one of the vulnerability categories to get a list of specific vulnerabilities related to that technology or service:

8. You can then click on specific vulnerabilities from that list to get even more detail:

Task 5: Document Findings
Enter the information gathered during your vulnerability discovery activities, including details about the targets, services running on the target hosts, and any other relevant findings in Section 3.2of the Penetration Test Report.
Also, remember to insert your screenshots in the appropriate appendix in your Penetration Test Report. Also, don't forget to document specific findings from each task in the hands-on sections above.
Finally, answer the Reflection Questions below (insert your answers in the appendix after the screenshots in the Penetration Test Report):

1. How did active and passive reconnaissance results from Project 1 inform your understanding of the vulnerability discovery results?
2. Which of the tools used during this phase of the penetration test yield the most useful results for the next phase?
3. What information gathered during vulnerability discovery can be used to further the penetration testing?
4. Is vulnerability scanning invasive or noninvasive?

Reference no: EM133674447

Questions Cloud

Determine type of aggression the other person is displaying : What information would you need to know to determine what type of aggression the other person is displaying?
Forecasted growth and stock intrinsic value : Analysts recommend purchasing or not purchasing a company's stock based on forecasted growth and the stock's intrinsic value
What artistic elements make this play a masterwork : Why does this play still matter? What artistic elements make this play a masterwork? How does this play make me feel about being an American today?
Calculate the forward prices : Column A gives you the last market date of the month for 200 months. Calculate the forward prices for both X and Y.
Advanced cyber exploitation and mitigation methodologies : CST 630 Advanced Cyber Exploitation and Mitigation Methodologies, University of Maryland Global Campus - find a plethora of information regarding
Calculate the risk neutral probability of stocks going down : The current price of southwest airline stocks is $39. Calculate the risk neutral probability of stocks going down for this year pick the closest number.
Analyze the concepts in the context of a criminal justice : Write a comprehensive scholarly essay analyze the concepts in the context of a criminal justice organizational issue.
Help develop reflection to the standard : Help develop a reflection to the following standard. The program shall prepare candidates who demonstrate knowledge of the theories and skills of accounting
Calculate the net present value of the investment : Elf on a Shelf Company bought a new computer-assisted design (CAD) software. Calculate the net present value (NPV) of the investment.

Reviews

len3674447

4/11/2024 2:24:03 AM

CST 630 Advanced Cyber Exploitation And Mitigation Methodologies In addition do you require my log in details to the virtual machine I use for the class below and attached are all details The MARS is how to access the virtual machine Everything has to be documented with screenshots The MARS instruction is how to access the virtual machine Do all two projects attached

Write a Review

Computer Network Security Questions & Answers

  An overview of wireless lan security - term paper

Computer Science or Information Technology deals with Wireless LAN Security. Wireless LAN Security is gaining importance in the recent times. This report talks about how vulnerable are wireless LAN networks without any security measures and also talk..

  Computer networks and security against hackers

This case study about a company named Magna International, a Canada based global supplier of automotive components, modules and systems. Along with the company analysis have been made in this assignment.

  New attack models

The Internet evolution is and is very fast and the Internet exposes the connected computers to attacks and the subsequent losses are in rise.

  Islamic Calligraphy

Islamic calligraphy or Arabic calligraphy is a primary form of art for Islamic visual expression and creativity.

  A comprehensive study about web-based email implementation

Conduct a comprehensive study about web-based email implementation in gmail. Optionally, you may use sniffer like wireshark or your choice to analyze the communication traffic.

  Retention policy and litigation hold notices

The purpose of this project is to provide you with an opportunity to create a document retention policy. You will also learn how to serve a litigation hold notice for an educational institute.

  Tools to enhance password protection

A report on Tools to enhance Password Protection.

  Analyse security procedures

Analyse security procedures

  Write a report on denial of service

Write a report on DENIAL OF SERVICE (DoS).

  Phising email

Phising email It is multipart, what are the two parts? The HTML part, is it inviting the recepient to click somewhere? What is the email proporting to do when the link is clicked?

  Express the shannon-hartley capacity theorem

Express the Shannon-Hartley capacity theorem in terms of where is the Energy/bit and is the psd of white noise.

  Modern symmetric encryption schemes

Pseudo-random generators, pseudo-random functions and pseudo-random permutations

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd