Kindly I am looking for help to do this project as attached.It is a project-related ethical hacking course, Could you find an expert to do this project as attached in word documents (template) with...

1 answer below »
Kindly I am looking for help to do this project as attached.It is a project-related ethical hacking course, Could you find an expert to do this project as attached in word documents (template) with the below-detailed description. In this project, we need to create 3 VM ( Kali, Metespolitable, CTF.ova). Also, I will attach all material which including in this course that helps you to build the project.



Project Description:


Create a vulnerability assessment & penetration testing report




  • PART A



    • Base your testing on Metasploitable 2


      • 5 OS vulnerabilities


      • 2 Web application vulnerabilities







  • PART B




    • Download and Import the CTF.ova VM


    • Hack into the machine and capture the flag (3 flags)


    • Include a screenshot of the flag (with your name beside it) - once you find them. screenshot.






Notes1-please, verify that an expert can complete a project with all breakdowns of each screenshot for each step and write my name as a command in the KALI console terminal for each screenshot. I attached the example draft for my solution that I did for PART A in the project and also find all below comments that I received from the instructor about this draft. Maybe this will help you build this project.
-Please upload all os for Kale andMtespolitableand CTF through the below link(google drive)
(https://drive.google.com/file/d/1ZTPxnDcAY3jbs4aHBMABm4xEDVCsVqtg/view?usp=sharing)




2-(You have to follow the project template as attached and the attached draft just for some explanation of how to do this project).3-The deadline for this project on 10 April.
-Instructor Comments on the attached draft for my solution.


  • "Nikto Vulnerability Scanner" is not a name of vulnerability - for title please clearly indicate the vulnerability/weakness - check this throughout your report


  • Some of your descriptions do not describe what the weakness is and what is causing that weakness


  • For each vulnerability to be "counted" make sure you are able to exploit those vulnerabilities and showing that you have logged in and make sure you have the steps to exploit written in detail for - For example, you be counted as a full mark, you have to show me that you are able to log in via VNC service using the identified credential. This goes with all of your other findings -- you must be able to identify and exploit the vulnerabilities.


report-template-cyt130-firstname-lastname-student-id-coxxezca.docx draft-solution-for-part-a-vtc1ionj.docx
Answered 8 days AfterApr 01, 2021

Answer To: Kindly I am looking for help to do this project as attached.It is a project-related ethical hacking...

Ali Asgar answered on Apr 10 2021
139 Votes
Report on Pentesting and Vulnerability Assessment
(
Wesam
Hijazi
AB Corp

Report on Pentesting and Vulnerability Assessment
A
Detailed
report on the
exploits available in
Metasploitable 2 Server
)
Table of Contents
Executive Summary    2
Assessment Overview    2
Part A Summary    3
Observation Summary    9
Observation List    10
Metasploitable 2    10
MS 2 Detailed Observation    11
Metasploitable 2    11
Web Vulnerabilites    11
OS Vulnerabilites    15
Appendix    23
Metasploitable 2 Basic Network Scan    23
Metasploitable 2 WEB Application Scan    23
Executive Summary
Eng. Wesam Hijazi has been hired by AB Corp. as an information security analyst and penetration tester. He has been tasked to discover vulnerabilities on the server running multiple applications and asses at least 2 web application vulnerabilities and 5 Operating system vulnerabilities. Also, he should provide recommendations to patch those Vulnerabilities, so that any malicious user cannot exploit it. He can also try to gain access in a CTF machine and capture 3 flags hidden in the system.
This project consists of two parts. Part A consists of a Metasploitable 2 server that can be accessed by the simulated hacker system, a kali linux based system. This is like a white box testing where we are aware of system vulnerabilities and have access to the system also. Our objective is to find atleast 5 OS vulnerabilities and 2 web application vulnerabilities and show how an attacker can exploit these vulnerabilities, their severity as per the CVE database and the remedy action that can be taken to patch these risks.
The Part B is a CTF (Capture the flag) machine. Here the objective is simply to find 3 flags hidden in the machine and collect them. No access is provided to the machine and we are not aware of the OS or the web server running on this system. It is like a black box testing where we don’t know of the system vulnerabilities (if any) and do not have access to the system. Our Objective is to gain access to the system and find the flags hidden in the system.
We will only be working on Part A for this report.
Assessment Overview
We are provided access to 3 systems.
· Our Metasploitable 2 server machine is having IP address 10.10.10.4. This is used in Part A.
· Our hacker machine is simulated on a Kali Linux machine having IP 10.10.10.5
· A CTF machine is present on the network whose IP is not known. It is required for Part B
Part A Summary
We have used multiple vulnerability scanning tools like Nessus, Nmap and Nikto.
After analysis we have found that Metasploitable 2 server is very highly vulnerable server. It has numerous vulnerabilities that are available to be exploited by any attacker.
Using Nmap scan we see that there are 27 ports open on the server. Of the open ports includes ftp, http, domain and mysql.
Screenshot: A.1
In nmap scan we have used -sV command to get the version details of the services. The output has been written to “nmap_hijazi.txt”
Nikto scan can reveal a lot of vulnerabilities present in the system. It shows the server is exploitable by a lot of ways like cross side scripting (XSS) attacks. There are some vulnerabilities with the PHP and apache servers also. It also reveals that there might be some traversable directories also available.
Screenshot: A.2
Using Nessus scanner, we have found a whole bunch of vulnerabilities within the system.
Nessus is not available by default in Kali Linux and thus we need to download and install it.
Screenshot A.3
We have to use dpkg -i command to install the Nessus 8.14.0 package.
Once it is installed, we have to create admin username and password and register the nessus as essential. Once registered, then we have to wait for the plugins to download. Once the plugins are downloaded, the login screen appears. Here we need to enter the admin username and password.
After login, have to create a new scan. Select basic scan for our project. And fill in all details.
We then saved the scan configurations, and clicked the play Icon.
We also create a web application scan to better find the web application vulnerabilities.
The scan starts and takes sometime to complete. We can then download the report either in executive summary format or in full custom format. Screenshots A.4 to A.9
Screenshot A.4
Screenshot A.5
Screenshot A.6
Screenshot A.7
Screenshot A.8
Screenshot A.9
Screenshot A.10
We have found 12 Critical CVSS vulnerabilities and 10 high CVSS vulnerabilities as well as many other totalling with nessus scan.
We also performed Web Application Scan on this host.
Both the Scan Reports are attached in the Appendix.
Observation Summary
During this entire activity of vulnerability testing and assessment we have found some highly critical vulnerabilities related to web application and the Operating System. These vulnerabilities are classified according to OWASP’s TOP 10 Vulnerability list
The Top 10 OWASP vulnerabilities in 2020 are:
A1:2020 Injection
In this attack an attacker tries to execute or tricks the server or user to execute malicious commands inside the webserver’s backend database.
· MS2 -1 finding: The remote web server hosts a PHP application that is affected by SQL injection vulnerability.
A2:2020 Broken Authentication
Authentication functions of application are sometimes wrongly implemented leading the attacker to compromise passwords, keys or session tokens or even gain backdoor entry into the system.
· MS2 -2 finding: Bind Shell Backdoor Detection
· MS2 -3 finding: NFS Exported Share Information Disclosure
A6:2020 Security misconfigurations
Sometimes security misconfigurations created by developer to be able to access the system during development are left open. It so happens that they either forget to close or leave open to be able to attach another module of code at a later stage. Such security misconfigurations can be exploited by the attackers.
· MS2 -4 finding: VNC Server 'password' Password
· MS2 -5 finding: rexecd Service Detection
A7:2002 Cross Site Scripting (XSS)
An attacker can make use of APIs or user forms to send malicious code to the server and execute it. It can enable the attacker to hijack user sessions and access to confidential information.
· MS2 -6 finding: The remote web server is prone to cross-site scripting attacks
A9:2020 Using Components with known vulnerabilities
A hacker might try to exploit a known vulnerability with a third-party tool or software. It may be because you are using an older version of the software or may be vulnerability is not yet patched by the vendor.
· MS2 -7 finding: Debian OpenSSH/OpenSSL Package Random Number Generator Weakness
Observation List
Metasploitable 2
    Observation ID
    Description
    Inherent Risk
    MS 2-1
    As per the reported PHP version, it is vulnerable to SQL injection Attacks. An attacker might use this to execute and SQL query in the backend DB
    HIGH
    MS 2-2
    A shell is configured to listen on a non-default port without any login details being required. An attacker may use it to connect to the remote port.
    HIGH
    MS 2-3
    Access to Exposed NFS Shares on the remote host is possible
    CRITICAL
    MS 2-4
    A VNC server running on the server using default password for authentication.
    CRITICAL
    MS 2-5
    rexecd service, a remote command execution service is running on the host.
    CRITICAL
    MS 2-6
    The remote web server is prone to cross-site scripting attacks.
    MEDIUM
    MS 2-7
    The remote host SSH keys generated are weak and easily decipherable using brute force.
    CRITICAL
MS 2 Detailed Observation
Metasploitable 2
Web Vulnerabilites
    Observation ID
    MS2-1
    Title
    phpMyAdmin prior to 4.8.6 SQLi vulnerability (PMASA-2019-3)
    Affected Asset
    http://10.10.10.4/dvwa/vunerabilities/sqli
    Description
    A webserver on the remote host is having PHP application that is exploitable using SQL Injection. This vulnerability exists due to the designer feature of phpMyAdmin.
    Impact
    A malicious remote attacker can use this to inject rouge SQL or modify SQL queries in the underlaying Database, leading to disclosure or deletion of confidential information.
    Recommendation
    Apply Patches in refrerenced by the vendor advisory.
Update phpMyAdmin to 4.8.6 or later
We accessed DVWA web application @ http://10.10.10.4/dvwa/vunerabilities
We then selected SQL injection from the menu as shown in screenshot B.1 to B.3
On the login page we use the single quote ‘ to inject a vulnerable query.
We used admin’or’a’=’a as username and password that made the query always true and gave us details of other users.
Screenshot B.1
Screenshot B.2
Screenshot B.3
    Observation ID
    MS2-6
    Title
    CGI Generic XSS
    Affected Asset
    http://10.10.10.4/dvwa/vunerabilities/xss_r/
    Description
    The web server is prone to Cross-Site Scrpting (XSS) attacks.
    Impact
    By using this issue, an attacker be able to run HTML and script code and execute it in the user’s browser in the security of the website
    Recommendation
    Restrict access to vulnerable applications.
In this exploit use the text box and inserted a malicious script in the website that makes an alert pop up stating “You have been hacked by Wesam”. This is reflective exploit and thus this popup will show only in the current session. Screenshots B.4 to B.6
Screenshot B.4
Screenshot B.5
Screenshot B.6
OS Vulnerabilites
    Observation ID
    MS2-2
    Title
    Bind Shell Backdoor Detection
    Affected Asset
    10.10.10.4 [tcp/1524]
    Description
    The host is configured to listen to a non-default port for SSH without any authentication. It appears as though the host has been compromised.
    Impact
    This can act as a backdoor entry for attacker try to gain access into the server.
    Recommendation
    Check for signs of hacking. If so, reinstall the system if necessary.
    
We have used netcat to connect to the remote host 10.10.10.4 on the vulnerable port 1524
The command used is “nc -v 10.10.10.4 1524” and were given access into the server without any credentials. We could easily traverse to home directory.
Screenshots B.9
    Observation ID
    MS2-3
    Title
    NFS Exported Share Information Disclosure
    Affected Asset
    10.10.10.4 [upd/2049]
    Description
    A scanning host can mount the NFS share of the remote host
    Impact
    The attacker can gain directory access and write his own private key file and gain access to the remote system. Or may be he can read the private key file on the remote system.
    Recommendation
    Configure NFS so that...
SOLUTION.PDF
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here
Have files?