User Account

All Pages

Complete a penetration testing engagement

Assignment Help PL-SQL Programming
Reference no: EM132320517

Final Project - Penetration Test Planning and Reporting

Lab Objectives - Upon completion of this activity, you will be able to:

  • Utilize and recognize basic programming and scripting technologies to assist in cyber attacks and defense.
  • Differentiate encryption and decryption as they apply to cryptography.

For this assignment, we will research and become familiar with different approaches to complete a penetration testing engagement, using the instructor as your client. You are hired to complete a penetration test of the "target" VM. Some specifics about the assessment:

Purpose/business objective:

  • To assess the security posture of the Metasploitable VM.
  • Proactively identify, prioritize, and report existing vulnerabilities and successful exploits.
  • Gain root access to the system using any of the discovered vulnerabilities.
  • Crack the passwords of any existing system, app, database user.
  • Provide synthesized action plan for the IT operations team to address the findings.
  • Provide a comprehensive findings report.
  • Include a table with results that need to line up.

IP Address

FQDN

OS

Port

Protocol

Service

Name

Version

Additional Nmap Script Information (To be Added Manually)

Vulnerability

CVE

CVSS

Exploit Success? If yes, which exploit?

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The scope of the assessment is:

  • Only the Linux Target, Metasploitable, VM, no other IPs should be included.
  • All Metasploitable ports, services/applications, and databases that are open or running need to be evaluated.
  • The assessment is system, application, database level.
  • Manual and automated scans are acceptable.
  • Post-exploitation activities like privilege escalation and password cracking of additional system/database accounts are in scope.

Rules of engagement

  • No social engineering and DDoS attacks
  • No physical attacks. Since this is a VM, you cannot use the msfadmin:msfadmin credentials to sign in to the VM using the console interface and claim you successfully exploited a vulnerability like weak/easy to guess credentials.
  • You can only scan/attack from the Kali VM
  • You are find all existing vulnerabilities
  • Validate all of the discovered vulnerabilities through active exploitation (at least those specified by the instructor during week 7)
  • No time restrictions for the testing; you can test any time of the day
  • For the vulnerability identification, you have 1 week (week 6)
  • For the exploitation/validation, you have 1 week (week 7).

Lab Instructions -

We will focus on preparing a pen test execution plan and a report template. They will help you for the final project. Think of it as a preparation for the final.

Review the provided video and additional references above

Review approaches like the Pen Testing Execution Standard or NIST SP800-115 before starting to figure out the before, during, and after of a pen test

For the plan, you need to outline what activities, you need to include before, during, and after a pen test execution:

- Before - Planning and preparation

  • Example, scope, rules of engagement, methodology, permissions. You need to go in details.
  • I provided a foundation for your scope, rules of engagement, and the video and presentation should help you come up with a methodology=approach for complete the pen test.

- During the assessment - Execution

  • This is where you provide more details about the phases outlined in your methodology
  • Highlight what you will do during each phase

What are the objectives of each phase?

What are the deliverables? For example, for the information gathering phase:

- You will collect information like:

  • System IP
  • Hostname
  • Open ports
  • OS type
  • Running services/Applications and their versions
  • Record any information discovered via Nmap Script Engine

- You will record the results in a table with results so each port, service/app, version can be mapped appropriately

- You will provide evidence of the discovery in the form of a screenshot and brief explanation of the command and findings/result.

After- Reporting and result presentation

- You will organize the results and put them in a comprehensive report

- The report will cover areas like:

Table of contents

Executive summary

  • Background
  • Scope
  • risk classification/categorization
  • major findings chart/graph
  • overall risk profile

Technical report

Methodology

Examined assets

Tools used

Attack Narrative/Details

  • typically focus on the most critical findings,
  • what you assessed (IP, app, database)
  • what you found (CVE, CVSS, exploit and screenshots),
  • how you found it (command, scan and screenshot),
  • why is the finding significant (risk impact, likelihood, ease of use, etc)

Conclusion - overall recommendation for direction and prioritization

Appendix

Table with synthesized results that will help with client result verification and remediation lifecycle efforts

IP Address

FQDN

OS

Port

Protocol

Service

Name

Version

Additional Nmap Script Information (To be Added Manually)

Vulnerability

CVE

CVSS

Exploit Success? If yes, which exploit?

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Manual and automated scan results

Additional exploit information and reference link to figures, graphs in the body of the report

Additional guidance and recommendation to address the findings like guide on how to align the findings prioritization against CIS CSC top 20 or another control standard

Once you finish the write up of the plan, create a report template cover

Submit assignment including the plan and report template in the same assignment.

Lab Deliverables -

Plan that provides a roadmap for completing a pen test engagement and addresses before, during, and after of a pen test as shown in the lab instructions section

Report template appended to the plan that addresses all sections specified in the lab instructions "after" the pen test (section 5.c)

  • You may include additional sections as needed
  • Create a document/template that you can use for the final project

Make sure each screenshot is accompanied by a brief explanation of what you did in the screenshot.

Attachment:- Assignment File.rar

Reference no: EM132320517

Questions Cloud

Result of health care reform : Accountable Care Organizations (ACOs) are a result of health care reform. What does a ACO do and also do you think it is a necessary oversight group?
What issues shape the way technology is used : What issues shape the way technology is used in today's classroom? How are teachers addressing technology standards and skills in today's classroom?
Calculate the optimal economic order quantity : If the company used a fixed order quantity model, calculate the optimal economic order quantity. Show all work.
Calculate the optimal economic order quantity : If the company used a fixed order quantity model, calculate the optimal economic order quantity (EOQ). Show all work.
Complete a penetration testing engagement : M5A1 Final Project - Penetration Test Planning and Reporting. Complete a penetration testing engagement, Provide a comprehensive findings report
Mean versus average when referencing : What is the importance of using mode, median or mean versus average when referencing any type of important data.
How would you have voted if you were a state legislator : What would be the advantages and disadvantages of approving a law like Colorado's? What happened to S.J.R. 8 this year?
How ethics play a vital role in providing feedback : In 250-500 words, summarize and explain how higher-order questioning skills promote independent learning and guide students to examine their own thinking.
Evaluate the knowledge and skills acquired over your tenure : Discuss at least three (3) ways in which the portfolio development process has helped you to synthesize and / or evaluate the knowledge and skills acquired.

Reviews

inf2320517

7/23/2019 4:42:19 AM

this zip file will also help tremendously because is it from the instructor and has example reports of what he is looking for 33693772_1M5.zip awesome thank you so much Every problem when I asked they have the solution for the same. As in monetary terms they have justified pricing for every assignments. They can also give discount for regular students if being requested to them.

len2320517

6/11/2019 11:56:55 PM

Compose your work in a .doc or .docx file type using a word processor (such as Microsoft Word, etc.) and save it frequently to your computer. For those assignments that are not written essays and require uploading images or PowerPoint slides, please follow uploading guidelines provided by your instructor. Check your work and correct any spelling or grammatical errors. When you are ready to submit your work, click "Upload Submission." Enter the submission title and then click on "Select a file to upload." Browse your computer, and select your file. Click "Open" and verify the correct file name has appeared next to Submission File. Click on "Continue." Confirm submission is correct and then click on "Accept Submission & Save."

Write a Review

PL-SQL Programming Questions & Answers

  Create a database model

Create a database model and Submit the table creation statements for the Database Model.

  Write pl-sql procedures and functions

Write PL/SQL procedures and functions to populate and query that database

  Sql questions

Write a query to display using the employees table the EMPLOYEE_ID, FIRST_NAME, LAST_NAME and HIRE_DATE of every employee who was hired after to 1 January, 1995.

  Run the lab_03_01.sql script

Run the lab_03_01.sql script in the attached file to create the SAL_HISTORY table. Display the structure of the SAL_HISTORY table.

  Write sql queries

Write a query to display the last name, department number, and salary of any employee whose department number and salary both match the department number and salary of any employee who earns a commission.

  Explaining sql insert statement to insert new row in cds

Write down a SQL insert statement to insert new row in "CDS" table.

  Write down name of actors in ascending order

Write down actors (or actress, your choice, but not both) who have won at least two (2) Academy Awards for best actor/actress. Provide the actor name, movie title & year. Order the result by actor name."

  What is an sql injection attack

What is an SQL injection attack? Explain how it works, and what precautions must be taken to prevent SQL injection attacks.What are two advantages of encrypting data stored in the database?

  Determine resonant frequency in series rlc resonant circuit

Given the series RLC resonant circuit in the figure, operating at variable frequency, determine: The resonant frequency ω o ,  The circuit’s quality factor Q , The cut-off frequencies, f 1  & f 2  and the bandwidth BW

  Query that uses cube operator to return lineitemsum

Write summary query which uses CUBE operator to return LineItemSum (which is the sum of InvoiceLineItemAmount) group by Account(an alias for AccountDesciption).

  Query to show customers were missing for existing orders

As DBA, your manager called a meeting and asked why there are so many orders for customers that don't exist in the customer table. Write query which would shows which customers were missing for existing orders. Use a join or a subquery.

  Sql query into a relational algebra statement

Turn this SQL query into a relational algebra statement? SELECT Request.reqfor, Ordering.invamt, Ordering.invnbr, Ordering.invdat

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +91-977-207-8620

Phone: +91-977-207-8620

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd