Scribd
Upload
4 views

scs file (2)

The document outlines a traditional penetration testing task involving groups of students using specific virtual machines (VMs) to assess security systems. Each group is assigned a unique VM and must set up a DHCP server, create network topology, and perform various security assessments including passive attacks, network discovery, and vulnerability scanning. The objective is to exploit a target machine, evaluate security risks, and propose measures to improve overall security.

Uploaded by

uzair
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
4 views

scs file (2)

The document outlines a traditional penetration testing task involving groups of students using specific virtual machines (VMs) to assess security systems. Each group is assigned a unique VM and must set up a DHCP server, create network topology, and perform various security assessments including passive attacks, network discovery, and vulnerability scanning. The objective is to exploit a target machine, evaluate security risks, and propose measures to improve overall security.

Uploaded by

uzair
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

 Task

A traditional penetration test has become more commonly used for regularly test
security systems and processes and maintain a policy that addresses information
security for all personnel. In this category of assessments, security analysts have to
go beyond the minimum-security requirements that are designed to actually improve
the overall security of the system.

Each group will use the Metasploitable 2 VM and Windows 10 in the Apporto and
attack machine (Machine being used for the pen testing and vulnerability
assessment) should be the Kali. Every student will be assigned a group.

Each Group will be assigned one extra VM.

VMs for the project


Metasploitable 2
Windows 10
Kali (attack machine)
VM assigned to the group - NB this VM is unique for each group. This
will bring the total number of VMs in the lab to 4.

There is an allocation for each student. This can be seen in the excel sheet on
Teams.

VM Allocation
Group 1 – Brainpan
Group 2 – Kioptrix
Group 3 – NullByte
Group 4 – pWnOS
(We have to use any one of the four)

Setup a DHCP server


Create a lab with a router acting as DHCP server. Use the IP block allocated to your
group.
Example if the Group is 1 then the IP block for the DHCP should be 172.16.1.0 / 24,
if it is group B then 172.16.3.0 /24.

1
4 Groups
1 - 172.16.1.0 / 24
2 - 172.16.2.0 /24
3 - 172.16.3.0 /24
4 - 172.16.4.0 /24

Use the switch and router (c7200) on apporto platform.


The router will also serve as the DHCP server.

The objective is to exploit one target machine and provide proof of exploitation.
Stimulate, what would happen if an internal user is compromised, or identify what
would happen if the system under testing is subject to an attack by a malicious
external party. To achieve that you must complete the following tasks:
• Create the Network Topology based on the network block and configure
DHCP
• Perform a passive attack gathering information.
• Perform Network discovery on the target network.
• Conduct a Port scanning on the target, documenting service that are
running, protocols, application version, identify operating system etc.
• Conduct a vulnerability scanning, analysing the results and identify the
risks.
• Leverage identified issues to uncover the worst-case scenario.
• Follow up with validation of the findings through the use of exploits or tests
to eliminate false positives and detect hidden vulnerabilities or false
negatives. This involves exploiting the vulnerabilities discovered.
• Explore the level of access each exploit provides and use increased access
as leverage for additional attacks. Some of the machines may require
multiple exploitation steps, resulting first in low-level local access, and then
in root or administrative as vertical privilege escalation.
• Be able to evaluate and assess the security of a computer system, by
conducting a security assessment.
• Evaluate vulnerabilities and security risks, by attempting a vulnerability
scanning followed by exploitation techniques to identify false positive and
false negative vulnerabilities, and know-how to assess them.
• Analyse systems for security weaknesses and propose mitigating
measures to improve the overall security.

2
3
4

You might also like