Skip to content

tomdixonn/Homework_16

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
README.md
README.md
 
 
enum.JPG
enum.JPG
 
 
recon-ng.JPG
recon-ng.JPG
 
 
report.JPG
report.JPG
 
 
scan3.JPG
scan3.JPG
 
 

Repository files navigation

Week 16 Homework Submission File: Penetration Testing 1

Step 1: Google Dorking

  • Using Google, can you identify who the Chief Executive Officer of Altoro Mutual is: site:altoromutual.com intext:Chief Executive Officer Karl Fitzgerald is the Chief Executive Officer.

  • How can this information be helpful to an attacker: The google dorking techniques help find potential targets alot quicker and further enumaration on this target could be useful in planning a attack.

Step 2: DNS and Domain Discovery

Enter the IP address for demo.testfire.net into Domain Dossier and answer the following questions based on the results:

  1. Where is the company located: Sunnyvale, CA 94085 US

  2. What is the NetRange IP address: 65.61.137.64 - 65.61.137.127

  3. What is the company they use to store their infrastructure: Rackspace Backbone Engineering

  4. What is the IP address of the DNS server: 23.211.61.64

Step 3: Shodan

  • What open ports and running services did Shodan find: 53

Step 4: Recon-ng

  • Install the Recon module xssed.
  • Set the source to demo.testfire.net.
  • Run the module.

alt text

  • Is Altoro Mutual vulnerable to XSS: Yes

alt text

Step 5: Zenmap

Your client has asked that you help identify any vulnerabilities with their file-sharing server. Using the Metasploitable machine to act as your client's server, complete the following:

  • Command for Zenmap to run a service scan against the Metasploitable machine: nmap -sV 192.168.0.10 -oX scan3.xml

  • Bonus command to output results into a new text file named zenmapscan.txt: I made a html report instead.

alt text

  • Zenmap vulnerability script command: nmap -p 139,445 -oX enum2.xml --script samba-vuln-cve-2012-1182,smb-enum-shares --script-args vulns.showall 192.168.0.10

alt text

  • Once you have identified this vulnerability, answer the following questions for your client:

    1. What is the vulnerability: I could not find any vulnerabilty based on an exploit but I did find that some samba shares have Anonymous access: READ/WRITE.

    2. Why is it dangerous: This is dangerous because it allows attackers to potentially access sensitive information. Also files could be edited/added to contain malicious conten.t

    3. What mitigation strategies can you recommendations for the client to protect their server: All shares should be secured with stricter access controls such as making them only available to users with a username and password.

© 2020 Trilogy Education Services, a 2U, Inc. brand. All Rights Reserved.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published