Please show and explain all steps also make a screenshot
Part A: Gathering domain information
Use the following tools to respond to questions in this section:
· MX ToolBox (https:
mxtoolbox.com/domain)
· Whois Lookup (https:
whois.domaintools.com/)
· Recon Cloud (https:
econ.cloud)
1. What is the IP associated with herzing.ca? And its location?
2. What is the DMARC policy for microsoft.com? What does it mean?
3. What two warnings are listed in the email health for cisco.com?
4. How old is the domain fortinet.com?
5. What subdomain is associated with herzing.ca? In which AWS region is it hosted?
Part B: Gathering company information
Use the following tools to respond to questions in this section:
· DnB (https:
www.dnb.com/)
6. What locations outside the US is LinkedIn located?
7. Capture a screenshot of LinkedIn CEO(s).
Part C: Gathering IP addresses information
Use the following tools to respond to questions in this section:
· IP Address Tools (https:
www.ipvoid.com/)
8. What is the reverse IP resolution of XXXXXXXXXX?
9. Is this IP blocklisted? Capture a screenshot of the result.
10. Check the HTTP headers of www.herzing.ca and capture a screenshot or copy the text.
Part D: Fostering your skills
11. You are about to send a phishing email to all employees of Cy
ary. What domain your message should come from? Check if the same domain but in the .xyz TLD is available (add a screenshot).
12. You need to send a spear phishing pretending to come from the Chief Financial Officer of Meetup. Who is that? What other record did you find as CFO at Meetup? What is your opinion?
13. That person turns out to have another role at another organization. Check this out and capture a screenshot of your findings.
14. You need to call an employee at the HQ of Kaspersky. What number would you dial?
15. If this employee received an email from another employee and the headers showed the IP address XXXXXXXXXX, would it be suspicious? Why?
Please show and explain all steps also make a screenshot
Import the VM provided in the file HackingLab.ova into your local Virtual Box lab (select the option “Include all network adapter MAC addresses” when importing). Make sure your own Kali Linux VM can communicate with all the other VM in the lab by means of the internal network (try nmap -sn XXXXXXXXXX/24, because inbound pings are filtered out by default in Windows). Then, answer the questions below, giving an explanation of how or why even if not explicitly asked.
Part A: Checking the environment
1. Perform a TCP SYN scan of just the Windows server. What services and ports did you discover?
2. Open a session in the Windows server as Administrator and change Phil’s password for a random one of your choice. What group does this user belong to?
Part B: SMB enumeration
Reference tutorial for enum4linux: https:
www.hackercoolmagazine.com/smb-enumeration-with-kali-linux-enum4linuxacccheck-smbmap
Getting started with Metasploit: https:
ccom.up
p.edu/~jortiz/cybe
labs/lab-metasploit.html
Reference for Metasploit: https:
www.offensive-security.com/metasploit-unleashed/scanner-smb-auxiliary-modules
3. Install the package enum4linux in your Kali VM. Then, enumerate the network shares of the Windows server using the credentials of Phil. What was the complete command?
4. There is a share with the mapping not denied. Use it to execute the following command, which will open a SMB session. Capture a screenshot of the command “ls” run in the new SMB prompt.
smbclient -U Phil
XXXXXXXXXX/SHARE_NAME
5. Get the only file in the share with the command “get”, then exit. From the Linux shell, use the commands “file” and “strings” to show information about the file and its content.
6. Enumerate the users and groups using the credentials of Phil. What command did you use? What is the SID of the ITDept group? Tip: get help with --help about two different options to enumerate users.
7. To try a different method, execute “msfdb init && msfconsole” to initialize and start the Metasploit Framework, which is an interactive tool accepting commands on the new prompt. To set the module you need to enumerate patches in Windows, execute the command “use auxiliary/scanne
sm
smb_lookupsid”, then “show options”. Capture a screenshot.
8. Set the required variables with “set VARIABLE VALUE” for a enumeration using Phil’s credentials (check the reference tutorial). Then, execute “run”.
Part C: Dictionary attack
Reference tutorial: https:
en.kali.tools/?p=200
9. Using the tool medusa, obtain the password of the user Bob. You will need the password dictionary file rockyou.txt located in /us
share/wordlists, and the parameter -f to stop after the password is found. What is the command you used?
10. What is Bob’s password? Capture a screenshot of the last lines.
Part D: Research
1. What Metasploit Framework module would be useful to perform a TCP port scan?
2. And to search for endpoints with RDP open?
3. What the module auxiliary/scanne
ssl/openssl_heartbleed would be used for? What is the CVE of the vulnerability it exploits?
4. What medusa modules could you use against a mail server?
5. What medusa modules allow to set the user-agent?
Please show and explain all steps also make a screenshot
Import the VM provided in the file HackingLab.ova into your local Virtual Box lab (select the option “Include all network adapter MAC addresses” when importing). Make sure your own Kali Linux VM can communicate with all the other VM in the lab by means of the internal network (try nmap -sn XXXXXXXXXX/24, because inbound pings are filtered out by default in Windows). Then, answer the questions below, giving an explanation of how or why even if not explicitly asked.
Part A: Checking the environment
1. Perform a TCP SYN scan of just the Windows server. What services and ports did you discover?
2. Open a session in the Windows server as Administrator and change Phil’s password for a random one of your choice. What group does this user belong to?
Part B: SMB enumeration
Reference tutorial for enum4linux: https:
www.hackercoolmagazine.com/smb-enumeration-with-kali-linux-enum4linuxacccheck-smbmap
Getting started with Metasploit: https:
ccom.up
p.edu/~jortiz/cybe
labs/lab-metasploit.html
Reference for Metasploit: https:
www.offensive-security.com/metasploit-unleashed/scanner-smb-auxiliary-modules
3. Install the package enum4linux in your Kali VM. Then, enumerate the network shares of the Windows server using the credentials of Phil. What was the complete command?
4. There is a share with the mapping not denied. Use it to execute the following command, which will open a SMB session. Capture a screenshot of the command “ls” run in the new SMB prompt.
smbclient -U Phil
XXXXXXXXXX/SHARE_NAME
5. Get the only file in the share with the command “get”, then exit. From the Linux shell, use the commands “file” and “strings” to show information about the file and its content.
6. Enumerate the users and groups using the credentials of Phil. What command did you use? What is the SID of the ITDept group? Tip: get help with --help about two different options to enumerate users.
7. To try a different method, execute “msfdb init && msfconsole” to initialize and start the Metasploit Framework, which is an interactive tool accepting commands on the new prompt. To set the module you need to enumerate patches in Windows, execute the command “use auxiliary/scanne
sm
smb_lookupsid”, then “show options”. Capture a screenshot.
8. Set the required variables with “set VARIABLE VALUE” for a enumeration using Phil’s credentials (check the reference tutorial). Then, execute “run”.
Part C: Dictionary attack
Reference tutorial: https:
en.kali.tools/?p=200
9. Using the tool medusa, obtain the password of the user Bob. You will need the password dictionary file rockyou.txt located in /us
share/wordlists, and the parameter -f to stop after the password is found. What is the command you used?
10. What is Bob’s password? Capture a screenshot of the last lines.
Part D: Research
1. What Metasploit Framework module would be useful to perform a TCP port scan?
2. And to search for endpoints with RDP open?
3. What the module auxiliary/scanne
ssl/openssl_heartbleed would be used for? What is the CVE of the vulnerability it exploits?
4. What medusa modules could you use against a mail server?
5. What medusa modules allow to set the user-agent?
https:
drive.google.com/file/d/1Mut9_AjeZ8w3ksEFKsyZLilJUx1U7bam/view?usp=sharing