This was a University assignment I completed in May this year.
Part A
Task 1: Configure and test penetration testing Environment
a. At the Kali Linux Attacker terminal execute an ICMP command to test whether you can connect to the Windows 2016 Server
Insert a screen shot here showing the command you executed and the response returned
Command executed: Ping 10.10.10.1
No response as not on the same network
a. Sign-in to the Kali Linux Attacker and make changes to its IPv4 configuration that will enable you to connect to the local area network 10.0.0.0/8
Insert a screen shot here showing the Kali Linux Attacker network connections
after you have completed this activity
a. Use an applet in the Windows 2016 Server Control Panel to check whether Ping ICMP requests are allowed to be served. ii) Based on your findings, make any necessary changes to the applet configuration to allow Ping ICMP requests.
Insert sufficient screen shots here to show your testing and configuration steps
a. Repeat Activity 1.a. to test whether you can now ping the Windows 2016 Server
Insert a screen shot here showing the command you executed and any response/s returned
Note: Your submission will not be considered satisfactory unless this screen shot demonstrates connectivity between the Kali Linux VM and the Windows 2016 Server VM by sending an ICMP echo packet and receiving at least one reply.
Ping from Kali to Windows:
Ping from Windows to Kali:
I changed the IPv4 address on the Kali machine to 10.10.10.4 to match the network the Windows machine is on. I ran the following ping command from Kali :
Ping 10.10.10.1
And I ran the following command from Windows Server 2016:
Ping 10.10.10.4
Both VM’s received a reply confirming the VM’s can communicate.
e. Use the Kali Linux Attacker web browser to browse the default website on the WordPress server.
Insert a screen shot here showing the default homepage of the WordPress website from the Kali Linux Attacker web browser
Note: Your screen shot must include sufficient information to demonstrate that it represents the Kali Linux browser.
TASK 2 - RECON
a. List two tools found in Kali Linux that can be used to find the IP addresses of devices on a target network. Justify your choice by briefly describing reconnaissance activities that can be performed with each tool.
ANSWER:
1. Nmap is the go-to scanning tool in Linux and probably one of the most well known tools. Nmap is a powerful network scanning tool that discovers IP addresses, open ports, services, software versions and vulnerabilities. Nmap sends probe packets to network devices to determine information such as version numbers.
2. Recon-ng is a tool that is directed at web-based reconnaissance with specific modules for host, network discovery and subdomain identification. Recon-ng supports plugins that widen its scope and abilities, these include DNS enumeration, search engine information and other WHOIS queries.
b. Using the Kali Linux Attacker in the lab, use tools to scan the target Windows 2k16 server to find which TCP and/or UDP ports are open, and which services are running.
Insert one or more screen shots showing your commands and the results of your scan operation
Sudo nmap -vv -sV -O -p- -A 10.10.10.1
(Verbose output, version detection, OS detection, scan all 65,535 ports, aggressive scan)
Open ports : 21, 80, 5985
Discovered FTP port 21 open with anonymous login allowed
Port 5985 is used for Windows Remote Management.
Second scan for UDP ports
Sudo nmap -sU -v 10.10.10.1
(UDP scan, verbose)
No open UDP ports.
c. Access the target windows 2016 servers’ web page from a Kali Linux Attacker’s web browser and capture network traffic using Wireshark. Highlight the TCP three-way handshake packets in the screenshot of your capture.
Insert a screen shot showing the three way handshake captured by Wireshark. You should use image editing software (e.g. Windows paint) to highlight the packets representing the handshake.
IIS Homepage running on the Windows Server:
Three way handshake captured with Wireshark (indicated by black border below)
Task 3: Explore Hacking Techniques
a. Access the Kali Linux Attacker in the lab and use hping3 to launch a SYN-flood attack against the target Windows 2k16 FTP server.
Insert screen shots showing your commands executed in the Kali Linux Attacker terminal, and the impact of the attack on the Windows side.
1. Testing connection between Kali and Windows machines:
Sudo ping 10.10.10.1
2. Initiate a SYN-Flood attack:
Sudo hping3 -c 10000 -S 10.10.10.1 –flood
This command resulted in a spike of the CPU to 89%
3. Sudo hping3 -c 50000 -S 10.10.10.1 –flood
Results showing the effect on the Windows Server machine, showing a spike in the CPU to 100%: Going to attempt to completely flood the victim and max-out the CPU.
a. Use WPscan in the Kali Linux Attacker to scan hackme.vu and gain access to the WordPress backend. You are required to research and trial attempts until you are successful.
Once access to the WordPress admin back-end has been obtained, insert screen shots showing your commands executed in the Kali Linux Attacker terminal to gain access, and the WordPress admin panel that you signed into.
Username : user22
Passsword : awesome!
Enumerating the username
Sudo wpscan –url hackme.vu -e u
Enumerating the password:
Cd/ usr/share/wordlists
Sudo wpscan –url hackme.vu –passwords rockyou.txt –usernames user22
Accessing the login screen with Firefox on Kali machine
http://10.10.10.2/wp-login.php
Entering username and password:
Accessing the WordPress backend:
c. Use the Admin back-end on the WordPress server to upload an empty file into the “wp-content” directory. You are to name your file “MALWARE_YOUR_NAME.php”
insert a screen shot here showing that your file exists in the wp-content directory Note: The file you upload is a proof-of-concept of what could be malware being added to the website.
Task 4: Automate Penetration Testing with Scripts
a. Using the Kali Linux attacker, create a Python script to scan ports 21 - 443 on the Windows 2016 server by automating the Nmap tool.
Insert a screen shot here showing your script file and a screen shot showing the results of running the script.
Part B
Task 5: Improve Network Security
a. Read the Scenario provided in Appendix 2.
List and explain at least five additional hardware and software you would recommend the company acquire and implement to secure their network from cyber-attack.
ANSWERS
I would recommend the following;
1. Update all workstations, both mobile and desktop, to Windows 11 to ensure the organisation benefits from all the latest and future operating system security patches and updates.
2. I would advise updating any server software to Windows Server 2022 and thus update Active Directory to the latest version to enhance the organisations security posture.
3. Install a RADIUS Server to maintain complete control over the organisations WLAN, ensuring that all devices use WPA3 security protocols.
4. Update Postfix mail server to 3.8.2 and review all settings to ensure maximum protection.
5. Utilize a SIEM system such as Splunk to monitor all network traffic and regulary review.
6. Instigate complete image backups of the Windows Server and AD so that if there is a cyberattack or system failure the Server can be restored quickly.
7. Use a commercial grade VPN for all communications between the two offices and VPN access for all mobile workstations.
8. The organisation may want to also consider implementing network segmentation now before it adds many more users or departments. Network segmentation can improve network performance and will improve cybersecurity.
9. There is no mention of end point security so I would address this by ensuring that all devices have end point malware / virus protection installed, preferably from a vendor that utilizes behavioral based analysis.
10. There is no mention of firewall protection so I would review this setup and ensure that LetUsCount have a next-gen firewall installed along with an IDS and IPS.
10. Going forward one of my main concerns would be allowing customers to submit forms and uploads and the handling of sensitive information such as digital accounts. LetUsCount must design a system that allows for input validation on any forms to prevent SQL injection attacks (or similar) and file upload anti malware protection. Allowing customers to upload files to internal systems carries significant risks, it is crucial that LetUsCount have stringent protections in place to control file types and have malware scanning.