Congratulations on recently passing your Certified Ethical Hacker Exam. You have been contracted to perform a LIMITED penetration test on Security Target Incorporated's network. Security Target Inc. wants you to remotely access a system on their network to simulate an attacker who has already completed part of the Attacker Methodology and gained entry to the network.
Your targets will ONLY reside on Security Target Inc.'s network. If you attack ANYTHING outside of this network, there will be academic consequences. Directions on how to access your compromised machine will be given in class. As described in the Student Code of Ethics and the Acceptable Use Agreement, and denoted by me here - you will NOT exercise any of these techniques outside of this exercise without taking on all of the legal responsibilities described in the Acceptable Use Agreement.
You will be required to submit a formal lab report next week including screenshots of you completing the lab. Your formal lab report should include an Abstract, Discussion, Conclusions, and of course References sections. Omission of any of these sections will affect your grade. In each section, you will be graded on:
· The quality of the description in the report
· Your ability to illustrate points using screenshots and interweave the knowledge that you've gained up to this point in the course (i.e. you will need to incorporate descriptions of the Attacker Methodology into your report)
· Your ability to describe the events from the perspective of the attacker (using the Attacker Methodology), and the defender
You will be expected to discuss (in the discussion section) about what you were asked to do in the contract, what methods you used to perform the penetration test, and relate this to the Attacker Methodology. You will also make recommendations in the conclusions section to mitigate the risks represented by the vulnerabilities you found, as well as those which you exploited.
IP address: 100.5.7.100/24
This sentence should be included “Within the time I have be given and the limitation I wasn’t apple to exploits the network but I found these vulnerabilities and this is my recommendations”.
Abstract:
Discussion:
Steps I have done:
· Planning
· Information gathering (OS, running services, Ports, Hosts, IP address, MAC address, System Time, accounts)
· Port Scanning for only IP addresses provided by the organization.
· Manual vulnerability scanning
Conclusions: