Analysis and Reflection Papers

I did run “JDRF” Advanced Networking Scan

I have following these steps:

To run the Advanced Network Scan

1. Click New Scan

2. Choose advanced scan from the available templates

3. In the name field, type the full name of the client

4. In the targets field, type the domain name of the client's website (without http(s)://www.)

5. Click the down arrow next to save

6. Press Launch

“This is the information about the running Advanced Networking Scan of “JDRF”.

Name: Juvenile Diabetes Research Foundation

Status: Running

https://trello.com/c/pvHWwwJB

https://trello.com/c/pvHWwwJB

I have learned from CFC those things:

Phase 1 - Pre-Assessment

Pre-assessment is the first part of a penetration test and consists of Information Gathering and Threat Modeling. The goal is to lay the foundation for the exploitation phase of the penetration test.

Information Gathering

In the context of pre-assessment, information gathering consists of two things: performing reconnaissance and footprinting and scanning and enumeration. These two tasks can be roughly divided up into the following two tasks.

Passive Information Gathering

Passive information gathering involves tasks that does not affect the target network in a noticeable way (like a port scan would), but still produces valuable information.

Here are some passive information gathering tasks:

· Check Job Postings

· Employee Footprinting

· “Google Hacking”

· Whois Query

· Shodan

Shodan

Shodan is a search engine for computers. By using keywords, you can find computers on the web. Shodan is used as part of the pre-assessment process. There is both a web application and terminal application. The web application can be found at shodan.io. The login information is as follows:

Username:

Password:

Some useful filters include:

These filters can be combined for more refined searches. The Shodan website is easier to use and more functional then the terminal version. The terminal version can be used through Kali Linux, however it is not installed by default. You can test to see if it is already installed by typing shodan -h in a terminal. If all of the options and switches show up, you are good to go (if not, instructions are on shodan.io). Refer to these options and switches for usage. Additional Resources:

· Basic Security Testing with Kali Linux 2 by Daniel Dieterle

active information Gathering

Active information gathering involves tasks that deliberately probe the target's network, such as a port scan. Since they are active, it is possible that the target will notice these activities. Active tasks should be completed after passive ones. Here are the active information gathering tasks:

· Ping

· Traceroute

· Nmap

Ping

[Image: file:///-/blob/BXfAAAGvhjq/SunoQXzzopf3cRWmPP4tVQ] The ping command allows a user to send an ICMP echo packet to a destination host. If the destination host is live and not blocked by a firewall, it will respond to the packet. ping is part of the Pre-Assessment process and provides documents a clients IP address. Here is what a ping scan's output might look like: To run a ping command open up terminal. Enter a command with the following format: ping example-domain.com -c 5 > ~/Desktop/OrganizationName_ping_$(date +%b%d_%Y).txt Note: be sure to change “OrganizationName” to the actual name of the organization!p -c 5 indicates that we only want five ICMP echo messages to be sent. > ~/Desktop/OrganizationName_ping_$(date+%b%d_%Y).txt indicates that we want to save the output to the desktop in a text file called OrganizationName_ping_TodaysDate. Note: $(date +%b%d_%Y ) is interpreted by the terminal and translator to today's date. If running a ping as part of a client's Pre-Assessment, make sure to save the outputted text file or screenshot in the client's iCloud folder.

Traceroute

Note: there are currently issues with traceroute when using Kali Linux. It seems there is a firewall blocking outgoing packets right away. For now, use the “Network Utility” or terminal on the Mac computers to perform traceroutes. Traceroute is a command that shows that path a packet takes as it traverses to a target. Traceroute is part of the pre-assessment process. To run a traceroute command open up terminal and Enter a command with the following format: traceroute example-domain.com > ~/Desktop/OrganizationName_traceroute_$(date +%b%d_%Y).txt >~/Desktop/OrganizationName_traccceroute_$(date+%b%d_%Y).txt indicates that we want to save the output to the desktop in a text file called OrganizationName_traceroute_TodaysDate. $(date +%b%d_%Y).txt indicates that we want todays date inserted at the end of the file. Here is what an output may look like: [Image: file:///-/blob/cYQAAA7ZU0S/b7kbkyTYhG2WjKXs6gap8w] Note: the command for traceroute on a windows machine is tracert. If running traceroute for a clients pre-assessment > screenshot and save to appropriate client's CSC 20 folder.

Nmap

nmap is a command-line tool that allows us to scan an IP address for open ports. It also has a GUI version (Zenmap - the SOP for which can be found at the bottom of this document). Knowing which ports are open and what services are running on those port allows us to pick compatible exploits. Running an nmap scan is part of the Pre-Assessment process.

Zenmap

· Open VMWare Fusion -> log into Kali Linux (username: root / password: toor) -> on left side, click on the 9 dot button (equivalent of Windows Start Menu) -> Search for Zenmap -> Open leftmost Zenmap application

· Type IP address or domain name from the IP Address Lookup procedure into the Target box Select Intense Scan -> Scan

· Multiple screenshots will be required. Here is what’s needed:

· Save scan to Kali Linux Desktop by going to the Zenmap Menu Bar à Scan à Save Scan (Ctrl+S).

· Move to the Ports / Hosts tab and take a screenshot. The name of this procedure is PortsHosts.

· Move to the Topology tab. You should see a diagram called a Fisheye. Click Save Graphic (R side of the window) à This procedures name is Fisheye à Make sure to change Select File Type at bottom is set to PNG à Save to Kali Linux Desktop

· Move to the Host Details tab à Take a screenshot (it’s ok if some of the information is cut off) and the name of this procedure is HostDetails

· By this point there should be two files on Kali Desktop. Right click on each file and click copy within Kali Linux. Go into OSX and then paste the file to iCloud à Company name à CSC 20: Penetration Testing.

· Be sure to remove the files from the Kali Linux Desktop once you are finished

In the end we need information on, ports/hosts, topology, host details, and the entire scan saved in the client's CSC 20 folder.

· Phase 2 - Vulnerability Scanning

· After information has been gathered during pre-assessment, it is time to start enumerating vulnerabilities - both in the target host and the web application that host is running. Luckily, we have (heavy-duty, expensive) tools to help us find these vulnerabilities which are Nessus and Acunetix . We use Nessus to scan for external network vulnerabilities, while Acunetix is used to scan for web applications vulnerabilities. It is important to understand the distinction between these two types of scans: Nessus is used to tell us if target networks/hosts are adequately hardened; Acunetix is used to tell us if the web application running on the target host is adequately hardened.

Nessus scans should be run before Acunetix, because we want to know that state of the target hosts before we know the state of the software running on those hosts. In other words, what good is a secure web application if an attacker can easily break in and have complete control over the computer running that software?

Phase 4 - Reporting

After scans and exploitation are conducted, reports are created to inform the client of vulnerabilities found. As of this writing (Feb 16th), the CFC is issuing a report after external vulnerability tests are conducted against the client's web application and network vulnerabilities using Acunetix and Nessus. A separate report will be created for exploitations later on after the client has had time to remediate any issues.

Writing a Report

After running Acunetix and Nessus, reports are saved into the client's iCloud folder. The items in these documents are what is included in the report.

What you need:

· The Acunetix and Nessus PDF report for the company, found in their iCloud folder

· The External Penetration Testing Report Template found in the CFC folder under Penetration Testing

· DO NOT save over the original template. Save it as a new document with the client's name and “External Pen Test Report”

The Process

Not all items will be included in the report. Some items, such as Low vulnerabilities, are not necessary to include in the report. Remember that the purpose of conducting these assessments is to find the client's current vital weaknesses and to inform them of these vulnerabilities. Important Note: actually, look into the links to each vulnerability to see if you can find anything of interest. You should not blindly copy of the results of Acunetix scans. As cyber fusion analysts, it is our job to analyze! It is important to dig deeper into the vulnerabilities Acunetix or Nessus finds. Simply copying the vulnerability info is not enough, we have found a lot of sensitive data by taking that extra step! Follow the template and refer to past reports if necessary. As always, ask a peer for help! Sharing knowledge is caring!

What to include from acunetix scans:

· Include all HIGH ranked vulnerabilities in the report. These are critical security vulnerabilities that the client should address.

· Include only important Medium vulnerabilities if you deem them important. Use your own discretion and refer to your peers or the faculty member on duty for advice.

· Limit the number of vulnerabilities told the client to the most critical items. If we flood the client with 10 vulnerabilities, they are most likely to be overwhelmed. Limiting the report to a handful of the most critical vulnerabilities will enable the client to focus their remediation efforts on the most important items. Recall that there's always a level of acceptable risk!

Finding an IP Address

· Finding the IP Address:

· Mac:

· Click on the search magnifying glass -> search “terminal” -> Open Terminal -> type the following:

· ping www.whateverthewebsitenameis.com

· CTRL-C will stop the process

· Note the IP address listed

· Windows

· Start -> type “cmd” in the search bar” -> open cmd -> type the following: ping www.websitenamehere.com

· CTRL-C will stop the process

· Note the IP address listed

· Linux

· Open the terminal -> type ping www.websiteaddresshere.com

· CTRL-C will stop the process

· Note the IP address listed

· Take a screenshot or equivalent and name the procedure Ping (i.e. OrganizationName_Ping_Date)

To run a Nessus scan, open up a web browser and go to https://cloud.tenable.com You will be prompted to login. The username is .and the password is the standard CFC password If you are running the scan on one of the PCs, the names of each PC are below.

· Desk one log in as CyberFusion1

· Desk two log in as cyber

· Desk three log in as CyberFusion3

Password is the standard CFC password.

Performing the scan

To run the Advanced Network Scan

7. Click New Scan

8. Choose advanced scan from the available templates

9. In the name field, type the full name of the client

10. In the targets field, type the domain name of the client's website (without http(s)://www.)

11. Click the down arrow next to save

12. Press Launch

To run the Web App Scan

1. Click New Scan

2. Choose Web App Scan from the available templates

3. IN the name field, type the full name of the client

4. In the targets field, type the domain name of the client's website (with http (s)://www.)

5. Click the down arrow next to save

6. Press Launch

Storing the results of the scan

1. Click on the name of the scan you wish to view the results

2. Click on export in the upper-right-hand side of the screen

3. Export to HTML

4. Change the report to custom

5. Click export

6. The scan results will be point in the Downloads folder in Finder

7. Copy the results from Downloads into the appropriate clients iCloud drive folder

Acunetix: We are not currently running anymore Acunetix scans at this time.

To run an Acunetix scan, type in Acunetix in the search bar on PC 2 Note: that the Acunetix service must be running on the computer for the web interface to work. If having trouble, type net start in a windows command prompt. This will produce a list of currently running services. If Acunetix does not appear on this list, then it must be started.

Performing the scan

1. The client's website must be added to targets; Click on Targets on the left-hand side of the screen

2. Click add target

3. Enter the client's domain name into the address box

4. Click Scan

5. Change report to Affected Items

6. Click create Scan

7. The scan will begin and will take some time to complete

Storing the results of the scan

1. Go to the Reports tab

2. Click “New Report”

3. Click “Scan Report”

4. Click on the checkmark next to the client you want a report for

5. Click “Generate Report”

6. Select “Affected Items” for the template

7. Click “Generate Report”

8. After the report finished processing, click the bell icon in upper-right

9. The latest report should be at the top of the list

10. Click “Download”

11. Store the report in the client's iCloud drive

Follow the template and refer to past reports if necessary. As always, ask a peer for help! Sharing knowledge is caring!

What to include from acunetix scans:

* Include all **HIGH **ranked vulnerabilities in the report. These are critical security vulnerabilities that the client should address.

* Include only important **Medium** vulnerabilities if you deem them important. Use your own discretion and refer to your peers or the faculty member on duty for advice.

* Limit the number of vulnerabilities told the client to the most critical items. If we flood the client with 10 vulnerabilities, they are most likely to be overwhelmed. Limiting the report to a handful of the most critical vulnerabilities will enable the client to focus their remediation efforts on the most important items. Recall that there's always a level of acceptable risk!

Note: You can write about:

1- “Trello” what is it and how to use it.

2- “Slack” what is it and how to use it.