Ethical Hacking and DefenceAssignment 2Assessment Notes: · Kali Linux is available as a virtual...

Question

Ethical Hacking and DefenceAssignment 2Assessment Notes:     · Kali Linux is available as a virtual machine on the Unit Resources section of BlackboardTaskYou are to infiltrate the provided system and attain root level privileges. Additionally there are five flags, these flags are represented as values and are awarded at each point of system compromise. Look for them in home directories, web pages etc.You are to write a report outlining each test / attack run against the system and the result. You must follow a process, which should be defined prior to the commencement of testing. Your report should include the flags as well as any credentials you uncover as part of your hacking endeavours.Note: You must compromise the system over the network, local, physical or other attacks requiring direct interaction with the target system are not valid for the purposes of the assignment.Example flag: chahNaelia9zohlaseiPaich0QuoWoh8ohfaenaiQuaetaebushoakarai6lainohjongoneesoocahdei6guosiethae7uwuu5Kaid9eisah8EChoo4kaiGh2eit2muPostgraduate students: You must also write the following software and include it as part of your submission:· Basic TCP port scanne· Password cracker (of the type required to complete the case study)Submission RequirementsYou must include the following in your submission:· Your report containing:· Cover Page· Table of Contents· Executive Summary· Defined Methodology· Testing Log (should allow repeatability)· Results & Recommendations· Postgraduate Students:· Your source code for tools used· Compilation and usage instructions· Case Study Virtual MachineYou can download the case study virtual machine here: https:cloudstor.aarnet.edu.au/plus/s3wMqazCPkMJT2XNotes:· You can log in with the following credentials. These should only be used to run the ifconfig command and determine the virtual machine's IP address. You may not use this account as part of your compromise for case study purposes.1. username: debug1. password: debug. You can unpack the archive with the 7zip software. You can run the virtual machine with VMWare Workstation or VMWare Fusion which are available for free at the below address3. http:vmap.ssci.ecu.edu.au· Case Study Flag HintsSelect/highlight the text below in order to view the hints.Flag 1) Examine the contents of the web server, what username and password might an admin use?Flag 2) Learn about web shells, how can you disguise one to look like an image?Flag 3) There is a password you can crack near to flag2.Flag 4) A user made a mistake entering their password, see where you can find it!Flag 5) Learn about priv escalation https:log.g0tmi1k.com/2011/08asic-linux-privilege-escalationAre you having trouble finding the IP address of the case study virtual machine? You can log in with the following credentials and run the "ipconfig" command.Username: debugPassword: debug

Meenakshi · Accepted Answer

In this assignment we study and analysis kali linux virtual machine .Kali Linux was created by Mati Aharoni and Devon Kearns of Offensive Security also the creators of BackTrack 5 which was the predecesor to Kali Linux. Digital forensics and penetration testing. the making for several years. As a security distribution overall, Kali Linux is the premiere securitydistribution and I recommend it for social engineering purposes. 
In short, Kali has a number of security tools that can be leveraged to gather information about yourtarget beyond the tools we will discuss next. At the time of this writing, Kali has over 50 toolsdesigned for information gathering purposes.  We will use these tools that depend on the aim of social engineering test. However, there’s a good chance Kali will have the tool you need for the project.   SET is specifically designed to perform some of the most advanced social engineering attacks. It is both an information-gathering tool and an exploitation tool. SET wascreated and written by David Kennedy, of TrustedSec fame. It is an open-source, freely available andwritten in Python. Since its inception, it has become an industry standard with heavy support from theinformation security community.Screenshot of the Social Engineering Toolkit main menuSET comes with an array of social engineering capabilities. These range from spear phishing, mediadrop infection to Arduino based attack vector. it consider the  SET’s spear phishing attacks, infectious media generator and its mass mailer attack  While there are other features of the toolkit that are most valuable, these three features are some of the mostcommonly used
.
Before we go any further, it’s worth mentioning that SET comes integrated with the Metasploit
Framework. This is evident from SET’s main menu of options. The Metasploit Framework is an opensource framework for developing and executing exploit code. We will discuss Metasploit.. The Social Engineering Toolkit comes preinstalled on the Kali Linux distribution.Alternatively, Screenshot of SET’s Social Engineering Attacksub-menuSET features a great set of options all around. What is great about SET is that its modules addcapability for generating payloads and starting listeners with testing. This is in part due to theintegration with Metasploit, which we will get to next. To help get started, SET provides a wizard to assist in thedesign and execution.
Flag 1) Examine the contents of the web server, what username and password might an admin use?
 Kali Linux -> Password Attacks -> Offline Attacks -> hashcat
kali >hashcat options hashfilemask|wordfiles|directories
 open THC-Hydra from Applications -> Kali Linux -> Password Attacks -> Online Attacks -> hydra.

Ethical Hacking and Defence Assignment 2 Assessment Notes: · Kali Linux is available as a virtual machine on the Unit Resources section of Blackboard Task You are to infiltrate the provided system and...

Solution

Answer To This Question Is Available To Download

Related Questions & Answers

Submit New Assignment