Penetration Testing and Vulnerability Assessments

Penetration Testing and Vulnerability Assessments

This paper is on CYBS 7355 Penetration Testing and Vulnerability Assessments. In Unit 4, you completed “Lab #4: Using Ethical Hacking Techniques to Exploit a Vulnerable Workstation” and were able to compromise a remote Linux host using the VSFTP_234_backdoor vulnerability.

CYBS 7355-Penetration Testing and Vulnerability Assessments

1. 100 Points – In Unit 4, you completed “Lab #4: Using Ethical Hacking Techniques to Exploit a Vulnerable Workstation” and were able to compromise a remote Linux host using the VSFTP_234_backdoor vulnerability. Follow the steps below to complete this exam question:

Firstly,  Re-start Lab #4 and then open/re-do your Nessus Vulnerability Scan report submitted in Section 2, Part 2. This vulnerability report identified several “High” severity vulnerabilities, which could allow a hacker to gain remote access.

Secondly,  Repeat the steps in Part 3 (ignore Part 1 and Part 2!) of Lab #4 to search Metasploit for a new High exploit associated with an additional vulnerability (there are at least six!)

Thirdly, Exploit a new High vulnerability to gain remote access and compromise the remote Linux target again (NOTE: Do not use the same
VSFTP_234_Backdoor exploit! You already demonstrated that in Unit #4!!!)

Fourthly,  Provide a screenshot proving you have gained “root” access (prove using if configure, who am I or user id command.) All screenshots must show date/time.

Further, IMPORTANT NOTE: Getting “root” access on the local VM you are logged into locally to launch the attack from is not considered success. You must gain access to the remote target!

Moreover,  You will need to conduct research to find the answer. The tools and methods you use to research are your own, I care only about the result.

Extra Credit:  Also, 10 bonus points if you can get a Meterpreter session onto the remote machine (screenshot with timestamp required)

Extra Extra Credit: Lastly, 15 more bonus points if you send me a .txt file of the password hashes from the remote machine! (Upload to Unit 6 folder with exam)

CYBS 7355-Penetration Testing and Vulnerability Assessments

2. 50 Points – Penetration testing requires a very deliberate approach, to provide a thorough and safe result. Your textbook describes one methodology/framework, but there are several more widely used methodologies such as the Open Source Security Testing Methodology Manual
(OSSTMM), Penetration Testing Execution Standard (PTES), and MITRE’s increasingly popular Adversarial Tactics, Techniques, and Common
Knowledge (ATT&CK) framework. Select either OSSTMM, PTES, or ATT&CK and explain the importance of using a formal testing methodology.

Finally, Clearly define what occurs in each phase of your selection and the significance of each phase.

CYBS 7355-Penetration Testing and Vulnerability Assessments

3. 50 Points – During the last 5 weeks, you have been exposed to numerous testing tools, as well as the phases in which the tools would be used.
Research the following five (5) tools below that could be using during a penetration test:
A. Nmap
B. Wireshark
C. John the Ripper
D. Maltego

E. Recon-ngFor each tool, answer the following questions:

Firstly, What does the tool do?

Secondly, Why is the tool favored by attackers for badness?

Thirdly,  How can the tool be used by a Defender for good?

Fourthly,  What risk does the tool present if used incorrectly on the organization?

4. 50 Points – The University of Dallas’ Chief Information Security Officer (CISO) has asked that you use your extraordinary Google skills to assist him. He’s concerned about two things:

A. The UD Banner Web AppDev team system may be creating unnecessary risk for the university. He has asked you use Open Source Intelligence
(OSINT) to see if you can find any public information regarding the non-production TEST and DEVL databases for both Banner Forms and the Banner
Web (4 items in total). Find the URLs of these items (provide screenshots of URLs) and any other information you can. (**CAUTION: Use only OSINT, and do not attempt to exploit any sites!**)

B. He’s also concerned that his boss, the CIO, wanted him to attend the 2017 Tower Awards and to report about what was said concerning the UD
Cyber security program. He missed the event and desperately needs your help.

Lastly, Can you find the press release from event and identify the recipient who spoke regarding the University’s cyber security program, and provide the specific cyber security quotes from the speech?