Please show and explain all steps also make a screenshot Part A: Gathering domain information Use the following tools to respond to questions in this section: · MX ToolBox...

1 answer below »
I would like to know if you can help me with this assignmet


Please show and explain all steps also make a screenshot Part A: Gathering domain information Use the following tools to respond to questions in this section: · MX ToolBox (https://mxtoolbox.com/domain) · Whois Lookup (https://whois.domaintools.com/) · Recon Cloud (https://recon.cloud) 1. What is the IP associated with herzing.ca? And its location? 2. What is the DMARC policy for microsoft.com? What does it mean? 3. What two warnings are listed in the email health for cisco.com? 4. How old is the domain fortinet.com? 5. What subdomain is associated with herzing.ca? In which AWS region is it hosted? Part B: Gathering company information Use the following tools to respond to questions in this section: · DnB (https://www.dnb.com/) 6. What locations outside the US is LinkedIn located? 7. Capture a screenshot of LinkedIn CEO(s). Part C: Gathering IP addresses information Use the following tools to respond to questions in this section: · IP Address Tools (https://www.ipvoid.com/) 8. What is the reverse IP resolution of 162.159.240.125? 9. Is this IP blocklisted? Capture a screenshot of the result. 10. Check the HTTP headers of www.herzing.ca and capture a screenshot or copy the text. Part D: Fostering your skills 11. You are about to send a phishing email to all employees of Cybrary. What domain your message should come from? Check if the same domain but in the .xyz TLD is available (add a screenshot). 12. You need to send a spear phishing pretending to come from the Chief Financial Officer of Meetup. Who is that? What other record did you find as CFO at Meetup? What is your opinion? 13. That person turns out to have another role at another organization. Check this out and capture a screenshot of your findings. 14. You need to call an employee at the HQ of Kaspersky. What number would you dial? 15. If this employee received an email from another employee and the headers showed the IP address 103.212.98.54, would it be suspicious? Why? Please show and explain all steps also make a screenshot Import the VM provided in the file HackingLab.ova into your local Virtual Box lab (select the option “Include all network adapter MAC addresses” when importing). Make sure your own Kali Linux VM can communicate with all the other VM in the lab by means of the internal network (try nmap -sn 192.168.0.0/24, because inbound pings are filtered out by default in Windows). Then, answer the questions below, giving an explanation of how or why even if not explicitly asked. Part A: Checking the environment 1. Perform a TCP SYN scan of just the Windows server. What services and ports did you discover? 2. Open a session in the Windows server as Administrator and change Phil’s password for a random one of your choice. What group does this user belong to? Part B: SMB enumeration Reference tutorial for enum4linux: https://www.hackercoolmagazine.com/smb-enumeration-with-kali-linux-enum4linuxacccheck-smbmap/ Getting started with Metasploit: https://ccom.uprrp.edu/~jortiz/cyber/labs/lab-metasploit.html Reference for Metasploit: https://www.offensive-security.com/metasploit-unleashed/scanner-smb-auxiliary-modules/ 3. Install the package enum4linux in your Kali VM. Then, enumerate the network shares of the Windows server using the credentials of Phil. What was the complete command? 4. There is a share with the mapping not denied. Use it to execute the following command, which will open a SMB session. Capture a screenshot of the command “ls” run in the new SMB prompt. smbclient -U Phil //192.168.0.31/SHARE_NAME 5. Get the only file in the share with the command “get”, then exit. From the Linux shell, use the commands “file” and “strings” to show information about the file and its content. 6. Enumerate the users and groups using the credentials of Phil. What command did you use? What is the SID of the ITDept group? Tip: get help with --help about two different options to enumerate users. 7. To try a different method, execute “msfdb init && msfconsole” to initialize and start the Metasploit Framework, which is an interactive tool accepting commands on the new prompt. To set the module you need to enumerate patches in Windows, execute the command “use auxiliary/scanner/smb/smb_lookupsid”, then “show options”. Capture a screenshot. 8. Set the required variables with “set VARIABLE VALUE” for a enumeration using Phil’s credentials (check the reference tutorial). Then, execute “run”. Part C: Dictionary attack Reference tutorial: https://en.kali.tools/?p=200 9. Using the tool medusa, obtain the password of the user Bob. You will need the password dictionary file rockyou.txt located in /usr/share/wordlists, and the parameter -f to stop after the password is found. What is the command you used? 10. What is Bob’s password? Capture a screenshot of the last lines. Part D: Research 1. What Metasploit Framework module would be useful to perform a TCP port scan? 2. And to search for endpoints with RDP open? 3. What the module auxiliary/scanner/ssl/openssl_heartbleed would be used for? What is the CVE of the vulnerability it exploits? 4. What medusa modules could you use against a mail server? 5. What medusa modules allow to set the user-agent? Please show and explain all steps also make a screenshot Import the VM provided in the file HackingLab.ova into your local Virtual Box lab (select the option “Include all network adapter MAC addresses” when importing). Make sure your own Kali Linux VM can communicate with all the other VM in the lab by means of the internal network (try nmap -sn 192.168.0.0/24, because inbound pings are filtered out by default in Windows). Then, answer the questions below, giving an explanation of how or why even if not explicitly asked. Part A: Checking the environment 1. Perform a TCP SYN scan of just the Windows server. What services and ports did you discover? 2. Open a session in the Windows server as Administrator and change Phil’s password for a random one of your choice. What group does this user belong to? Part B: SMB enumeration Reference tutorial for enum4linux: https://www.hackercoolmagazine.com/smb-enumeration-with-kali-linux-enum4linuxacccheck-smbmap/ Getting started with Metasploit: https://ccom.uprrp.edu/~jortiz/cyber/labs/lab-metasploit.html Reference for Metasploit: https://www.offensive-security.com/metasploit-unleashed/scanner-smb-auxiliary-modules/ 3. Install the package enum4linux in your Kali VM. Then, enumerate the network shares of the Windows server using the credentials of Phil. What was the complete command? 4. There is a share with the mapping not denied. Use it to execute the following command, which will open a SMB session. Capture a screenshot of the command “ls” run in the new SMB prompt. smbclient -U Phil //192.168.0.31/SHARE_NAME 5. Get the only file in the share with the command “get”, then exit. From the Linux shell, use the commands “file” and “strings” to show information about the file and its content. 6. Enumerate the users and groups using the credentials of Phil. What command did you use? What is the SID of the ITDept group? Tip: get help with --help about two different options to enumerate users. 7. To try a different method, execute “msfdb init && msfconsole” to initialize and start the Metasploit Framework, which is an interactive tool accepting commands on the new prompt. To set the module you need to enumerate patches in Windows, execute the command “use auxiliary/scanner/smb/smb_lookupsid”, then “show options”. Capture a screenshot. 8. Set the required variables with “set VARIABLE VALUE” for a enumeration using Phil’s credentials (check the reference tutorial). Then, execute “run”. Part C: Dictionary attack Reference tutorial: https://en.kali.tools/?p=200 9. Using the tool medusa, obtain the password of the user Bob. You will need the password dictionary file rockyou.txt located in /usr/share/wordlists, and the parameter -f to stop after the password is found. What is the command you used? 10. What is Bob’s password? Capture a screenshot of the last lines. Part D: Research 1. What Metasploit Framework module would be useful to perform a TCP port scan? 2. And to search for endpoints with RDP open? 3. What the module auxiliary/scanner/ssl/openssl_heartbleed would be used for? What is the CVE of the vulnerability it exploits? 4. What medusa modules could you use against a mail server? 5. What medusa modules allow to set the user-agent? https://drive.google.com/file/d/1Mut9_AjeZ8w3ksEFKsyZLilJUx1U7bam/view?usp=sharing
Answered 10 days AfterSep 17, 2022

Answer To: Please show and explain all steps also make a screenshot Part A: Gathering domain information Use...

Naveen Kumar answered on Sep 27 2022
25 Votes
Part A: Gathering domain information
1. What is the IP associated with herzing.ca? And its location?
Ans: 104.47.75.164, Canada Toronto
2. What is the DMARC policy for microsoft.com? What does it mean?
Ans: Domain-based Message Authentication, Repo
rting, and Conformance (DMARC) works with Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to authenticate mail senders.
It’s an email validation system designed to protect your organization email exchange from being used for email malicious activities.
3. What two warnings are listed in the email health for cisco.com?
Ans: Status of device, sting values, represent the health monitor.
4. How old is the domain fortinet.com?
Ans: 7,892 days old , Created on 2001-02-16, Expires on 2032-02-14, Updated on 2022-02-14.
5. What subdomain is associated with herzing.ca? In which AWS region is it hosted?
Ans:     
DNS13.DOMAINCONTROL.COM
PDNS14.DOMAINCONTROL.COM
AWS region is it hosted: Canada Montreal Amazon Data Services Canada
Part B: Gathering company information
Use the following tools to respond to questions in this section:
· DnB (https:
www.dnb.com/)
6. What locations outside the US is LinkedIn located?
International LinkedIn offices are located in Amsterdam, Bangalore, Beijing, Berlin, Dubai, Dublin, Graz, Gurgaon, Hong Kong, Kuala Lumpur, London, Madrid, Melbourne, Mexico City, Milan, Mumbai, Munich, New Delhi, Paris, São Paulo, Shanghai, Singapore, Stockholm, Sydney, Tokyo, and Toronto.
7. Capture a screenshot of LinkedIn CEO(s).
Part C: Gathering IP addresses information
Use the following tools to respond to questions in this section:
· IP Address Tools (https:
www.ipvoid.com/)
8. What is the reverse IP resolution of 162.159.240.125?
No record found
9. Is this IP blocklisted? Capture a screenshot of the result.
IP Not black listed any of the site
10. Check the HTTP headers of www.herzing.ca and capture a screenshot or copy the text.
Part D: Fostering your skills
11. You are about to send a phishing email to all employees of Cy
ary. What domain your message should come from? Check if the same domain but in the .xyz TLD is available (add a screenshot).
Ans:
12. You need to send a spear phishing pretending to come from the Chief Financial Officer of Meetup. Who is that? What other record did you find as CFO at Meetup? What is your opinion?
Ans: I try to act as the CFO and mail content should look like meetup. First I would like to start with
13. That person turns out to have another role at another...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here