CMIT 321

naomikimbi

CMIT321Project.docx

Home >Computer Science homework help >CMIT 321

CMIT 321: ETHICAL HACKING.

Penetration Test Proposal

PROJECT 1: ROLES OF ENGAGEMENT.

Instructions

The first deliverable of the Penetration Test Proposal is the rules of engagement (ROE) document, a formal document that outlines the objectives, scope, methodology, and overall test plan agreed upon by the penetration testers and client system administrators. Penetration testing can cause complications such as network traffic congestion, system downtime, and may cause the same vulnerabilities and compromises it was designed to prevent. Due to the potential consequences of penetration testing, it is vital to agree upon a comprehensive ROE before testing.

For your ROE deliverable, consider the following:

· How will you identify Haverbrook Investment Group's network characteristics, expectations, constraints, critical systems, and other relevant information?

· What are your preliminary engagement activities with regard to scheduling, scope, and key stakeholders?

· What will you use to establish a binding agreement between Centralia Security Lab and Haverbrook Investment Group?

· How will you determine the services, targets, expectations, and other logistics that will be covered during the Rules of Engagement section?

· How will you explain to Haverbrook that the tools and techniques to be used in the penetration test will not corrupt data, violate privacy, and are in compliance with industry standards and any applicable laws and regulations?

Project 2: Reconnaissance and Scanning Plans

Outline and discuss specific use cases to discover and enumerate information that could be used for potential exploitation. Some examples of information that you are gathering from Haverbrook Investment Group's systems are usernames, machine names, shares, and services from a system. Identify any software, applications, or scripts that will be needed and provide a description of how this software will be used to gather information about Haverbrook's systems.

As you are developing the Scanning Plan, keep these questions in mind:

· How would you detect active systems?

· How would you determine the best attack vector you wish to exploit?

· How would you prioritize different targets of opportunity?

· What tools would you be using for scanning and enumeration of systems and vulnerabilities?

Be sure to identify any needed software and provide a description of how it will be used to gather information about the systems.

Top of Form

Project 3: Gaining Access Plan

Instructions

After collecting enough information about the target during Deliverable 2 (Reconnaissance and Scanning Plan), you will describe how to use that information to gain access to Haverbrook's systems. Your one- to two-page plan on gaining access should include:

· details of the gaining access process in regards to the techniques commonly used to exploit low-privileged user accounts by cracking passwords through techniques such as brute-forcing, password guessing, and social engineering, and then escalate the account privileges to administrative levels, to perform a protected operation.

· an implementation outline of any software that will be used in gaining access to the network(s) or system(s) You may include open source and commercial tools available to execute the actual exploit: Burp Suite, Cain and Abel, Core Impact, John the Ripper, Metasploit, and others. You can also use some programming languages, such as Javascript, Perl, Python, Ruby, or C++, if you choose to develop custom exploits.

As you are developing the Gaining Access Plan, keep these questions in mind:

· How would you escalate your privileges?

· How would you establish a command and control communication channel?

Refer to Chapter 6 in the textbook for the different techniques that can be used to gain access to the system.

Project 4: Final Penetration Test Proposal

In the Final Penetration Test Proposal Template, add previous submissions, make updates and corrections based on the feedback received from your instructor, and add the Maintaining Access and Covering Your Tracks plans.

So, your final proposal will include the following components:

· Rules of Engagement (from Deliverable 1)

· Reconnaissance Plan (from Deliverable 2)

· Scanning Plan (from Deliverable 2)

· Gaining Access Plan (from Deliverable 3)

· Maintaining Access Plan (New)

· Covering Your Tracks Plan (New)

DISCUSSIONS 1

IS SOCIAL ENGINEERING ETHICAL?

Bottom of Form

After reading the article " Don't Include Social Engineering in Penetration Tests ," discuss whether social engineering should be included as part of a penetration test. Knowing that the human is the weakest link in the cybersecurity chain, is it ethical as part of the pen test to engage in behavior that the author describes as a "grey area: compromising staff members' personal devices or personal email accounts (as opposed to work accounts); breaking into office buildings to steal equipment or plant network monitoring devices; compromising social media accounts to perform recon; etc."? (Kaplan-Moss, 2017)

Review several of your fellow learners' posts and respond to at least two of your peers by end of Day 7 of the week. In your response to your classmates' posts:

· Do you agree with your fellow learners' assessments of social engineering as part of penetration testing?

· Try to expand on your rationale by asking your classmates questions and provide additional resources and evidence to support your claims and to extend their thoughts on their point of view.

DISCUSSIONS 2

PORT SCANNING.

You’ve spent time in the labs learning about scanning, ports, and the services provided from those ports. In this discussion exercise, you’ll look at a port scan of a Windows Server and answer some questions.

There are several ports open. Select one or more ports from the following list and describe what the service does.

· Can you provide recommendations about whether that service should continue to be used? Why or why not?

· If the service is likely to cause security-related issues, can you choose a replacement service that will still meet the IT needs to the end users?

· Provide references and examples to back up your claim.

This is not intended to be an extensive assignment. You shouldn’t spend too much time on it in terms of references and examples. However, you must post first before viewing/responding to the posts of your peers.

root@kali:~# nmap 192.168.1.10

Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-04 11:52 EST

Nmap scan report for 192.168.1.10

Host is up (0.00069s latency).

Not shown: 971 filtered ports

PORT STATE SERVICE

7/tcp open echo

13/tcp open daytime

17/tcp open qotd

19/tcp open chargen

21/tcp open ftp

23/tcp open telnet

25/tcp open smtp

42/tcp open nameserver

53/tcp open domain

80/tcp open http

88/tcp open kerberos-sec

110/tcp open pop3

135/tcp open msrpc

139/tcp open netbios-ssn

143/tcp open imap

389/tcp open ldap

443/tcp open https

445/tcp open microsoft-ds

464/tcp open kpasswd5

593/tcp open http-rpc-epmap

636/tcp open ldapssl

3268/tcp open globalcatLDAP

3269/tcp open globalcatLDAPssl

3389/tcp open ms-wbt-server

49154/tcp open unknown

49156/tcp open unknown

49157/tcp open unknown

49158/tcp open unknown

49165/tcp open unknown

MAC Address: 00:0C:29:ED:2E:72 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 17.35 seconds

DISCUSSIONS 3

PASSWORD HASHES.

After your lab experience with password hashes, let’s look at the Cisco, Windows, and Linux password hashes in the list below.

· What is a password hash?

· RedHat and Cisco passwords are salted while Windows passwords are not. What does that mean?

· What are some software tools that can be used to crack password hashes?

· Are there any websites that can be used to crack passwords?

If you can crack any of the passwords, post your findings.

Again, this is not intended to be an extensive assignment. You shouldn’t have to spend a lot of time to answer the questions.

Finally, what do you feel are some best practices to avoid having your own personal passwords cracked? Note: If a word is listed before the hash, that is the username being provided.

Cisco Type 7

08224D42001F0A051C020D

0832595C0F1C17

Cisco Type 5

$1$mERr$hx5rVt7rPNoS4wqbXKX7m0

Windows

eagles:"":"":B100E9353E9FA8E8E72C57EF50F76A05:476788B1A5DA9EA8BAD2DE16328E77D7

tom:"":"":5C9059611FF9BC49AAD3B435B51404EE:5F0D3E40FCEFCE47C87142D85AE024C8

bill:"":"":3A087C6FAED6FB70AAD3B435B51404EE:FA0447F7AC1156CB8A2F87245348C566

cookie:"":"":C1E93C824B1CFAA8AAD3B435B51404EE:8969A961103AF73FCC0748E43C5FF7F2

elmo:"":"":D30164DE174649CAAAD3B435B51404EE:E894D1C5CF0D494266F598B3E133AB54

ernie:"":"":C34A2BD1F1E1138DAAD3B435B51404EE:2908DAB3584EDD2460A02E9BDF604E9F

luke:"":"":0FB2BA42035F6B70AAD3B435B51404EE:4B43CB4B09E7F914A0AF81DBCC4B7256

vader:"":"":92FFF08D536C01DEAAD3B435B51404EE:B1739F7FC8377E25C77CFA2DFBDC3EC7

Linux:

jabba:$1$EOOf8aCq$CxX.EjJzy8B8cNm1pXL6Y0:17568:0:99999:7:::

root:$1$F1mYtUEn$DBQd0.FMl0rS8thGYKbMt0:17568:0:99999:7:::

r2d2:$1$lC0W.dhB$osdsuKbdzk1Ifkj3fJHeH1:17568:0:99999:7:::

c3p0:$1$k70QiSfi$fNmJmF2kA3WV9agV9Hfwa.:17568:0:99999:7:::