CST 640 Project 1

profilejrbasagic
Project1-ANetworkIntrusionJustin-FINAL31.pptx

Digital Forensics Technology and Practices: Project 1 - A Network Intrusion <Program><Section #> <Student Name> <Date>

<Insert Graphic Here>

1

Project 1 - Introduction

Talk about the purpose of the Project 1

Discuss Network Intrusions

Discuss any concerns or critical points related to this security incident

Erase all of the directions provided in this text box when you submit the project

MARS Linux System

Add a screenshot of your Linux IP

Discuss the Linux system that you are using in MARS

in a few bullet points …

Erase all of the directions provided in this text box

MARS Windows System

Add a screenshot of your Windows IP

Discuss the Windows system that you are using in MARS

in a few bullet points …

Erase all of the directions provided in this text box

IIS Setup

The directions for IIS Setup are in section2 of Lab 3

You should be good if you went through the lab. If not, go through section 2 of Lab 3.

Add a screenshot of your connection to 127.0.0.1 on the Windows system.

Discuss what IIS is and its function in a few bullet points …

Erase all of the directions provided in this text box when you submit the project

Security Policy Changes

Right Click on the start button and select Run

In the Run Box, type gpedit.msc and then click ok.

Expand Computer Configuration.

Expand Windows Settings

Expand Security Settings

Expand Account Policies

Under Password Policies, double click Password must meet complexity requirements.

Click the Disabled Radio button and then click ok. Close the Local Group Policy Editor.

Add the screenshot seen here. Do not use the example screenshot.

Finally, Discuss Password Policies and their benefit in a few bullet points.

Erase all of the directions within this PowerPoint Slide to add your bullet points.

Adding an Administrative Account

Run these commands on your system, replacing yourname with your first name

net user yournameadmin yourname /add

Post your screenshot(s) here

Discuss the net user command

net localgroup administrators yourname admin /add

Discuss the net localgroup command

Erase all of the directions provided in this text box when you submit the project

Base64 Lesson

Go to https://gchq.github.io/CyberChef/

Drag Base64 to the Recipe Column

Type yourname (your first name) and click bake

Provide a screenshot of the output

Briefly explain CyberChef and Base64

Erase all of the directions provided in this text box

Copy the Base 64 output into a text file on Windows

Website Misconfiguration

Right Click on the start button and select Run

In the Run Box, type cmd and then click ok.

Type cd c:\inetpub\wwwroot

mkdir hidden

cd hidden

echo > index.htm

notepad index.htm

In this file, type your username of yournameadmin, where yourname is yourname

In this file, paste your base64 encoded password of yourname

Add a screenshot of your index.htm file within the wwwroot folder

erase all of the directions provided in this text box

dirb attack on the Windows Server

Go to the Kali Machin

Open a Terminal

type dirb http://10.138.X.X, using the

IP address of your Windows machine

Post a Screenshot

erase all of the directions provided

Credentials Extracted

Right Click Open Link on the CODE: 200 Link

Notice the username and the password, encoded, in base 64 is exposed.

Erase all of the directions provided in this text box when you submit the project

Post a screenshot of the harvested credentials.

Explain how website misconfigurations can lead to security incidents

Summary

Talk about the Tools and Technologies used

Talk about what happened

Talk about how the attacked got in.

References

<APA Reference Citations>