Discuss how the vulnerability can be exploited

Project: Penetration Testing Report
SCENARIO
You have been hired as a junior security consultant and have been tasked with performing an in-house
penetration test to demonstrate your readiness to support the audit of a large corporate client that has
employed your firm’s services. Conducting a penetration test consists of 1) planning the test, 2)
preparing your test tools, 3) performing the test, 4) analyzing the data, and 5) writing up and  communicating your findings. The project will document your notional penetration test.

PROJECT OVERVIEW

Your project will be submitted in four sections. The final deliverable will include all combined sections:
 Pre-Test: Deployment of attack tools and victim host.
 Testing (Mapping and Scanning): Mapping the target environment and conducting a
vulnerability scan.
 Testing (Exploitation): Gaining Access through a vulnerability identified during the vulnerability
scan.
 Analysis and Reporting: Communicating findings and providing mitigation recommendation.
SUPPORTING DETAILS
The purpose of this project is to evaluate the student’s ability to:
 Build and deploy an attack OS (Kali Linux or other similar operating system (OS))
 Configure and deploy a victim host (Metasploitable, Broken Web Apps, Mutillidae, other
exploitable OS or virtual machine (VM))
 Conduct a vulnerability scan
 Research a hardware or software vulnerability
 Discuss how the vulnerability can be exploited
 Exploit the vulnerability
 Evaluate the risk posed by this vulnerability
 Provide a recommended compensating control to mitigate the vulnerability
Students may choose to submit the project using one of two options – each option has pros and cons
that students should evaluate before making their decision.
A) Local Lab: Requires access to a dedicated computer in which students have sufficient:
o access (continued access to the same machine for the duration of the course)
o permissions (administrative permissions to install software)
o storage (minimum of 30 GB available to the student for VM storage)
o memory (minimum of 8 GBs)
o bandwidth (downloading large VMs can take considerable time even with high-speed Internet connections)
B) Remote Lab: Utilizes the online lab environment used to complete the weekly course labs
Project: Penetration Testing Report

PART 1 – PRE-TEST: DEPLOYMENT OF ATTACK TOOLS AND VICTIM HOST (WEEK 2) PROJECT SECTION 1 DETAILS:

The first part of your  project consists of preparing and deploying
your testing tools (the attack OS) and the vulnerable host that will serve as your attack target.
Instead of requiring the use of two physical machines, we will utilize one physical machine and
we will leverage virtualization software to install a hypervisor (VirtualBox, VMware, etc.) along
with two (2) “guest” operating systems. For those new to virtualization, we are simply using
our “host OS” (Window, Mac, Linux) and installing a virtualization “software application” that
then allows us to run multiple OS’es on our “host OS” very quickly and easily. Many options
exist that provide virtualized solutions, e.g., cloud-based (Amazon Web Services, Microsoft
Azure, DigitalOcean, and many, many others) or local instances on our machines. Some
hypervisors run as the “host OS” (‘bare metal’ like VMware ESXi – common in enterprise
environments) or as hosted applications like VMware Fusion/Workstation, or Oracle VirtualBox.
First you decide which “free” virtualization software you want to install (VMware or Oracle) –
some may already have a preference, feel free to explore both options. If you are undecided,
go with VMware.
As mentioned earlier, you have two options to choose from:

OPTION 1 – LOCAL LAB

\1. Virtualization Software. Choose your virtualization software (either works fine and they are both
free):
 VirtualBox:
o
 VMware Workstation Player:
o
evaluation.html
2. Attack OS/VM. Once your virtualization software is chosen, choose an attack OS to download. You
will use Kali Linux in the lab environment and would likely be the most comfortable with that.
However, you may download any “attack OS.” Other options include: Parrot OS, BackBox, BlackArch
(advanced only – save yourself the pain and skip this one), and many others. Note: It will be much
easier to download a pre-built VM instead of the .iso image option. Additionally, the pre-built images
are specific to the virtualization software that you are using so choose accordingly.

3. Vulnerable Target OS/VM. You will need a victim machine to target and exploit. Download a virtual
machine that you can attack. There are many options that are designed to help students practice
their skills and learn to exploit vulnerabilities in an approved, educational manner. Keep in mind that
these are inherently vulnerable and designed to be relatively easy to exploit. A recommended best
practice is to not allow other machines outside of your “virtual network” to be able to communicate
with them. There is a “NAT” network setting within your virtualization software that helps to isolate
Project: Penetration Testing Report
your “lab” systems from the other devices on your local area network. Many options exist, but here
are a few:
 Metasploitable (also includes many of the ones below – the same as what is in the InfoSec labs).
There are a few versions out there – go with “Metasploitable2” – it can be downloaded from:
or

 OWASP’s Broken Web Apps (includes WebGoat):

 DVWA (Web Application): .
 Bad Store (Web Application):
 VulnHub: Many options exist here – somewhat like a “capture the flag” with near limitless
possibilities with new ones being added all of the time (Note: I would save these for after the
class project – more for fun)
4. If you need additional help installing Kali, please review Kali Linux Revealed for step-by-step
instructions. There is also a course video during Week 2 that is very helpful

OPTION 2 – REMOTE LAB

The previous option is definitely a lot of fun and helps develop a better understanding of the
underlying architecture but, unfortunately, may not be a viable option for you depending on
your circumstances. Option 2 can be done without having to install any software and consists
of the student logging in to the InfoSec Learning labs to complete the project for the remainder
of the project sections. In lieu of downloading , installing and configuring software, Option 2
Part 1, requires research into an online cloud hosting provider and the deployment of a virtual
private server. This option also has some flexibility.
 Option 2A: Research and choose a cloud hosting provider and deploy a virtual private server
that you can remotely access and configure. Install any “free” operating system on the cloud
server. Typically, any Linux OS can be freely deployed without charge. Most, if not all, of the
cloud hosting providers will require a credit card or PayPal account to verify identity and may
charge a nominal fee ($1 or more). The submission requirement for this option is to take a
screenshot of your newly created VPS with an open terminal window echoing (printing to
screen) your name and date simply to show that you created it.
 Option 2B: Research three cloud hosting providers and compare and contrast their offerings in
terms of a solution that you could use if you were to conduct your penetration testing from their
cloud services. Consider costs for computing time, storage, access, security, etc. The research
paper should be 1.5 – 2 pages in length with a minimum word count of 750 words.
Project: Penetration Testing Report
PART 2 – TESTING (MAPPING AND SCANNING): MAPPING THE TARGET
ENVIRONMENT AND CONDUCTING A VULNERABILITY SCAN (WEEK 4)
PROJECT SECTION 2 DETAILS: The second part of your project has two parts. You may choose either
Project Lab Option (“Local Lab” or “Remote Lab”) below to complete the following requirements:
 Part A: Identifying the target system through network discovery using at least two network
discovery/mapping tools (e.g., Nmap, Netdiscover, Arp-scan, etc.) to identify networks and
targets. Identify what ports, services, and versions of software are running in the network
environment.
 Part B: Additionally, you will need to complete a vulnerability scan against your target host to
identify vulnerabilities that you can then use to exploit to gain administrative/root access in the
following project section
OPTION 1 – LOCAL LAB
Choose any of the tools within your chosen Attack VM (Kali, Parrot OS, etc.) to map your network
following the Part A requirements
Choose any vulnerability scanning software to download, install and configure (Open VAS, Nessus, etc.)
complete Part B. You should be able to find free “personal/home use versions).” Configure a scan to
run against your target host. If your target host is a deliberately vulnerable machine, you should find
plenty of “critical/high” vulnerabilities to choose for your attack in the following project section.
OPTION 2 – REMOTE LAB
You may choose to complete this portion of the project using the NOVA VirtualStudent VDI. If
your instructor incorporated the VA Cyber Range, feel free to use what’s available to you in the
range. Follow the requirements in the Project Section 2 Details.
Project: Penetration Testing Report
PART 3 – EXPLOITATION: GAINING ACCESS THROUGH A VULNERABILITY
IDENTIFIED DURING THE VULN SCAN (WEEK 6)
PROJECT SECTION 3 DETAILS: The third part of your project requires you to exploit a vulnerability of
your choosing based on the previous section’s scanning. The exploit should be through a Metasploit
Module or other open-source/commercial tool or custom scriipt/code. Select your vulnerability
carefully. You should thoroughly research your vulnerability before you start to exploit it – which is the
same process you would use in a professional capacity. The vulnerability MUST RESULT IN GAINING
SYSTEM/ROOT ACCESS on the target host. Compromised credentials (including no password or weak
password) is not a sufficient vulnerability to exploit.
During the course labs, you will have completed labs that require you to exploit a vulnerability. You
must choose an exploit that we have not done in class. I suggest doing a web search on “Metasploitable
Walkthrough” for additional ideas on Metasploit modules that could be used (if you have selected
Metasploitable as your vulnerable target), or research vulnerabilities specific to your vulnerable
framework. Keep in mind that your vulnerability should have been flagged during the vulnerability
scanning portion.

Last Completed Projects

topic title academic level Writer delivered