Fill This Form To Receive Instant Help
Fill This Form To Receive Instant Help
Homework answers / question archive / Option 1 - Local Lab 1
Option 1 - Local Lab
1. Virtualization Software. Choose your virtualization software (either works fine and they are both free):
• VirtualBox: o https://www.virtualbox.org/wiki/Downloads • VMware Workstation Player: o https://www.vmware.com/products/workstation-player/workstation-player-evaluation.html 2. Attack OS/VM. Once your virtualization software is chosen, choose an attack OS to download. You will use Kali Linux in the lab environment and would likely be the most comfortable with that. However, you may download any "attack OS." Other options include: Parrot OS, BackBox, BlackArch (advanced only - save yourself the pain and skip this one), and many others. Note: It will be much easier to download a pre-built VM instead of the .iso image option. Additionally, the pre-built images are specific to the virtualization software that you are using so choose accordingly. • https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/ 3. Vulnerable Target OS/VM. You will need a victim machine to target and exploit. Download a virtual machine that you can attack. There are many options that are designed to help students practice their skills and learn to exploit vulnerabilities in an approved, educational manner. Keep in mind that these are inherently vulnerable and designed to be relatively easy to exploit. A recommended best practice is to not allow other machines outside of your "virtual network" to be able to communicate with them. There is a "NAT" network setting within your virtualization software that helps to isolate your "lab" systems from the other devices on your local area network. Many options exist, but here are a few: • Metasploitable (also includes many of the ones below - the same as what is in the InfoSec labs). There are a few versions out there - go with "Metasploitable2" - it can be downloaded from: https://sourceforge.net/projects/metasploitable/files/Metasploitable2/ or https://information.rapid7.com/download-metasploitable-2017.html • ()WASP's Broken Web Apps (includes WebGoat): https://sourceforge.net/projects/owaspbwa/files/latest/download • DVWA (Web Application): https://github.com/ethicalhack3r/DVWA/archive/mastenzip. • Bad Store (Web Application): https://www.vulnhub.com/entry/badstore-123 41/ • VulnHub: Many options exist here - somewhat like a "capture the flag" with near limitless possibilities with new ones being added all of the time (Note: I would save these for after the class project - more for fun) https://www.vulnhub.com 4. If you need additional help installing Kali, please review Kali Linux Revealed for step-by-step instructions. There is also a course video during Week 2 that is very helpful • https://kali.training/downloads/Kali-Linux-Revealed-1st-edition.pdf
Part 2 - TESTING (MAPPING AND SCANNING): Mapping the target environment and conducting a vulnerability scan (Week 4) PROJECT SECTION 2 DETAILS: The second part of your project has two parts. You may choose either Project Lab Option ("Local Lab" or "Remote Lab") below to complete the following
requirements:
• Part A: Identifying the target system through network discovery using at least two network discovery/mapping tools (e.g., Nmap, Netdiscover, Arp-scan, etc.) to identify networks and targets. Identify what ports, services, and versions of software are running in the network environment. • Part B: Additionally, you will need to complete a vulnerability scan against your target host to identify vulnerabilities that you can then use to exploit to gain administrative/root access in the following project section
Option 1 - Local Lab
Choose any of the tools within your chosen Attack VM (Kali, Parrot OS, etc.) to map your network following the Part A requirements
Choose any vulnerability scanning software to download, install and configure (Open VAS, Nessus, etc.) complete Part B. You should be able to find free "personal/home use versions)." Configure a scan to run against your target host. If your target host is a deliberately vulnerable machine, you should find plenty of "critical/high" vulnerabilities to choose for your attack in the following project section.
Option 2 - Remote Lab
You may choose to complete this portion of the project using the Infosec Learning Lab "Remote and Local Exploitation." No software downloads are required, so just configure your tools and complete the scans. Follow the requirements in the Project Section 2 Details.
Part 3 - Exploitation: Gaining Access through A vulnerability identified during the vuln scan (Week 6)
PROJECT SECTION 3 DETAILS: The third part of your project requires you to exploit a vulnerability of your choosing based on the previous section's scanning. The exploit should be through a Metasploit Module or other open-source/commercial tool or custom script/code. Select your vulnerability carefully. You should thoroughly research your vulnerability before you start to exploit it - which is the same process you would use in a professional capacity. The vulnerability MUST RESULT IN GAINING SYSTEM/ROOT ACCESS on the target host. Compromised credentials (including no password or weak password) is not a sufficient vulnerability to exploit.
During the course labs, you will have completed labs that require you to exploit a vulnerability. You must choose an exploit that we have not done in class. I suggest doing a web search on "Metasploitable Walkthrough" for additional ideas on Metasploit modules that could be used (if you have selected Metasploitable as your vulnerable target), or research vulnerabilities specific to your vulnerable framework. Keep in mind that your vulnerability should have been flagged during the vulnerability scanning portion.
Option 1 - Local Lab
Depending on your chosen vulnerable target host, you may have many more vulnerabilities to choose from. I recommend that you keep it simple and stick with a vulnerability that is well documented so there is sufficient write-ups and posts to follow. With that said, creativity and rigorous exploit research is always welcomed and appreciated.
Option 2 - Remote Lab
Your choices are surprisingly not limited here. There are, of course, vulnerabilities in some of the web applications that will not show up in a vulnerability scan with a tool like Nessus due to what Nessus is actually looking at. With that said, web application vulnerabilities are a bit more complex than some of the other software vulnerabilities that are well documented for Metasploitable. I recommend you stick with a well-documented vulnerability.
Figure 1 Evidence of Exploitation
• Risk Assessment: Use this area to discuss what the risk represents to an organization. Would it change the risk if it were on a public-facing server as opposed to an internal server? What happens if this exploit were successful? Assume that the vulnerable software would be installed in a business environment, not your home lab network. Discuss the a few different risks that would be dependent on where and how the vulnerable software would be installed across the organization. • Mitigation and Security Control Recommendation: Discuss how you fix this vulnerability. Can you patch it? Are there additional security controls, protections, or sensing mechanisms that could be installed to lessen the impact of an attack?
Guidelines
• The proposal document should be 7 to 10 pages, conforming to APA standards (double-spaced). • At least two authoritative outside references are required. These should be listed on the last page titled "References" - which does not count toward your overall page count. • Screenshots are required for each major section - any sensitive information may be obfuscated or redacted). o Screenshots will be no larger than 1/4 page. The text within the screenshot should appear readable so avoid taking "full screen" captures. Capture only the appropriate detail. Terminal command output should be no smaller than an "equivalent" 12-point font size (similar to the font in this document). o Screenshots and images do not count toward the overall page count. The project may extend into multiple pages depending on the number of screenshots o Clear screenshots should be used. There are numerous options available to take screenshots. Use Google, or go to https://www.take-a-screenshot.org for various options. By no means should you take a picture with your smartphone or camera and paste in. • Appropriate in-text citations are required. • This will be graded on quality of the research topic, technical demonstration/write-up, the content quality, use of citations, grammar and sentence structure, and creativity. • The paper is due during Week 8 of this course. • This paper should effectively describe the vulnerability, risks and recommendation in a manner that will allow TECHNICAL readers to understand the vulnerability, risk and mitigation. The course material and research should provide you with the right level of technical understanding. • Format: The paper must contain clearly labeled headings for each major section: Network Mapping, Vulnerability Scan, Vulnerability Research, etc.
References
• https://www.offensive-security.com/reports/penetration-testing-sample-report-2013.pdf (Links to an external site.) • Note: If you've never used Microsoft Word's "References" feature to manage citations, please invest some time in learning how to do this. You'll be glad that you did. https://support.office.com/en-ie/article/Add-a-citation-and-create-a-bibliography-17686589-4824-4940-9c69-342c289fa2a5?ui=en-US&rs=en-lE&ad=1E • Ensure that you cite your references in the text when you are using material from the reference. https://owLenglish.purdue.edu/owl/resource/560/18/
