Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Cis 471 Lab2 Kwong

    Hochgeladen von

    api-354229827
    406 Ansichten9 Seiten

    Originaltitel

    cis-471-lab2-kwong

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    DOCX, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden

    Copyright:

    © All Rights Reserved
    Als DOCX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    406 Ansichten9 Seiten

    Cis 471 Lab2 Kwong

    Hochgeladen von

    api-354229827

    Copyright:

    © All Rights Reserved
    Als DOCX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 9

    California State Polytechnic University Pomona

    CIS 471 Internet Security


    Brandon R. Brown - PhD, PMP, CISSP, CCNP
    Fall Quarter 2016
    LAB 2
    Steps:

    1. Do an NMAP scan of the server and take a screenshot of the results. Look at the OPEN
    ports and keep in mind which ones MAY be susceptible to vulnerabilities. You will need to cross
    reference these with what you find from step 2.
    2. Provide a screenshot of one of the vulnerabilities you find from an OpenVAS scan.
    Analyze these results and formulate an Attack Plan as to how you can infiltrate the server.

    3. Manually look at open ports from many readily available applications. (http, telnet, ssh,
    ftp etc.) There is a good CLUE (I.E. Data Leak) that an admin has left that you can exploit.
    Provide a screenshot of the File opened that gives you what you need for #4.
    4. Given the data you found in #3. Exploit the server (I.E. login somehow) This vector
    will not give you admin rights but you can use it for #5. Provide a screenshot of you logged in as
    this user! There are a couple of ways you can login to the server.

    5. Using any multitude of tools (Again, do some research!) Try to gain a command shell.
    Provide attempts via screenshot. HINT: MS03dcom and MS08 Netapi DO NOT WORK!!! There
    are several ways that you can use already obtained info to do this. (Hint. I like my Potatoes Hot!)
    6. This step will require you to do a little research on how persistence works with
    Metasploit / Armitage and HOW to get a payload onto the Server to execute. Provide a
    screenshot that proves you did this. There are several ways. (HINT: Here is one Google:
    Persistent Netcat Backdoor) There are SEVERAL backdoor programs you can use.

    7. After gaining access, create your own account and access via Armitage. Using a tool from
    Arimitage, dump the password hashes of the users from the server. Provide a screen shot of
    them.
    8. Configure a service on the server that will provide you with remote access on an
    Unconventional port. There are several ways you can do this. This is a common methodology
    that hackers use to hide their persistence from anti-virus / IPS systems. HINT: Configure an
    application / service like Telnet, SSH, Remote Desktop to use a different port. There are
    SEVERAL ways to get this right Screenshot and provide in your document.
    9. Using a brute force tool. Try and crack the administrators password via MS Remote
    Desktop or some other means. This is more of an exercise to learn a tool than to compromise the
    server. Provide a screen shot of the tool you used and the successful attempt. HINT: It is o.k. to
    change the password first if you completed a previous step! Hint-2: you can use your own
    account made in step 6 as long as you add the password into your password file.

    10.

    Findings Report
    Vulnerabilities
    445/TCP - Microsoft Windows SMB2 Negotiation Protocol Remote Code Execution Vulnerability
    - Can be remediated by applying the appropriate updates to fix this issue, restrict network
    access, disable SMB2 by using a certain script, and/or monitor critical systems.

    445/TCP - Microsoft Windows SMB Server NTLM Multiple Vulnerabilities


    - Run Windows update and update the listed hotfixes or download and update mentioned
    hotfixes in the advisory form the link here
    http://www.microsoft.com/technet/security/bulletin/ms10-12.mspx

    445/TCP - SMB Brute Force Logins with Default Credentials


    - Remediate by changing password as soon as possible.

    21/TCP - Anonymous FTP login


    - remediate by disabling it or at least deny anonymous logins.

    80/TCP - Microsoft llS Default Welcome Page information Disclosure Vulnerability


    - Remediate by iis-server-disable-or-rm-default-page

    80/TCP - Microsoft ASP.NET Information Disclosure Vulnerability


    - Remediate by WINDOWS-HOTFIX-MS10-070-0607d949-80d8-4602-a679-
    99ea58786d0c

    80/TCP - Windows SharePoint Services detection


    - Allow connection to this host only from trusted hosts or networks.

    TCP timestamps
    - remediate by disabling TCP timestamps with net.ipv4.tcp_timestamps = 0 to
    /etc/systctl.conf. Execute sysctl-p to apply settings at runtime.

    general/tcp - Traceroute
    - remediate by blocking unwanted packets from escaping your network.

    135/TCP - DCE Services Enumeration


    - remediate by filtering incoming traffic to this port

    5900/TCP - VNC Server and protocol version detection


    - Filter incoming traffic to this port

    80/TCP - HTTP Server type and version


    - Configure server to use an alternate name.

    Das könnte Ihnen auch gefallen