CST 640 Project 1
Digital Forensics Technology and Practices: Project 1 - A Network Intrusion <Program><Section #> <Student Name> <Date>
<Insert Graphic Here>
1
Project 1 - Introduction
Talk about the purpose of the Project 1
Discuss Network Intrusions
Discuss any concerns or critical points related to this security incident
Erase all of the directions provided in this text box when you submit the project
MARS Linux System
Add a screenshot of your Linux IP
Discuss the Linux system that you are using in MARS
in a few bullet points …
Erase all of the directions provided in this text box
MARS Windows System
Add a screenshot of your Windows IP
Discuss the Windows system that you are using in MARS
in a few bullet points …
Erase all of the directions provided in this text box
IIS Setup
The directions for IIS Setup are in section2 of Lab 3
You should be good if you went through the lab. If not, go through section 2 of Lab 3.
Add a screenshot of your connection to 127.0.0.1 on the Windows system.
Discuss what IIS is and its function in a few bullet points …
Erase all of the directions provided in this text box when you submit the project
Security Policy Changes
Right Click on the start button and select Run
In the Run Box, type gpedit.msc and then click ok.
Expand Computer Configuration.
Expand Windows Settings
Expand Security Settings
Expand Account Policies
Under Password Policies, double click Password must meet complexity requirements.
Click the Disabled Radio button and then click ok. Close the Local Group Policy Editor.
Add the screenshot seen here. Do not use the example screenshot.
Finally, Discuss Password Policies and their benefit in a few bullet points.
Erase all of the directions within this PowerPoint Slide to add your bullet points.
Adding an Administrative Account
Run these commands on your system, replacing yourname with your first name
net user yournameadmin yourname /add
Post your screenshot(s) here
Discuss the net user command
net localgroup administrators yourname admin /add
Discuss the net localgroup command
Erase all of the directions provided in this text box when you submit the project
Base64 Lesson
Go to https://gchq.github.io/CyberChef/
Drag Base64 to the Recipe Column
Type yourname (your first name) and click bake
Provide a screenshot of the output
Briefly explain CyberChef and Base64
Erase all of the directions provided in this text box
Copy the Base 64 output into a text file on Windows
Website Misconfiguration
Right Click on the start button and select Run
In the Run Box, type cmd and then click ok.
Type cd c:\inetpub\wwwroot
mkdir hidden
cd hidden
echo > index.htm
notepad index.htm
In this file, type your username of yournameadmin, where yourname is yourname
In this file, paste your base64 encoded password of yourname
Add a screenshot of your index.htm file within the wwwroot folder
erase all of the directions provided in this text box
dirb attack on the Windows Server
Go to the Kali Machin
Open a Terminal
type dirb http://10.138.X.X, using the
IP address of your Windows machine
Post a Screenshot
erase all of the directions provided
Credentials Extracted
Right Click Open Link on the CODE: 200 Link
Notice the username and the password, encoded, in base 64 is exposed.
Erase all of the directions provided in this text box when you submit the project
Post a screenshot of the harvested credentials.
Explain how website misconfigurations can lead to security incidents
Summary
Talk about the Tools and Technologies used
Talk about what happened
Talk about how the attacked got in.
References
<APA Reference Citations>