Course Resource Print Virtual Machine Hacking Lab Follow The

Course Resourceprintvirtual Machine Hacking Labfollow The Instructions

Follow the instructions below to set up your hacking lab. Setup Instructions Step 1: Get Your Number Each student will have a unique IP number/address/settings, etc., for the hacking lab. To figure out your unique number, navigate to My Tools > Groups > and click the number under “Members.” This will show the list of team members (make sure the names are set to appear alphabetized by last name A-Z). Your student number comes from the order of the list. In the example below, Blake Adams is #1, Julie Chen is #2, Solomon Hassan is #3, and Maria Zabala is #4. · IP Address: 10.redteam[team number#].student[student number#].50 · For example, if you were on red team 1, and the fourth student alphabetically, you would input 10.redteam1.student4.50 for the IP address.

Step 2: Download the Two Virtual Machines · Kali With OpenVAS (Attack Machine) (7 GB) · Metasploitable (Victim Machine) (1.3 GB) Warning Do not take the virtual machines off their host-only setting at any time. Step 3: Configure the IP Settings Once you get the virtualization software installed, use the following IP settings for the CMIT 386 virtual machines. For example, if you were on red team 1, and the fourth student alphabetically, you would input 10.redteam1.student4.50 for the IP address. Kali Linux (Attack Machine) To edit the IP configuration file on Kali, use: leafpad /etc/networking/interfaces · IP Address: 10.redteam#.student#.50 · Subnet Mask: 255.255.255.0 · Gateway: N/A Metasploitable (Victim Machine) To edit the IP configuration file on Metasploitable, use: gedit /etc/networking/interfaces · IP Address: 10.redteam#.student#.100 · Subnet Mask: 255.255.255.0 · Gateway: N/A Resources If you are having trouble, watch the demonstration in the resource box below on how to do the IP configuration. · IP Setting Demonstration © 2021 University of Maryland Global Campus All links to external sites were verified at the time of publication. System Scan Report Prepared for Hotel Dorsey Name: Team Number: Student Number: Introduction Describe an overview and discuss the scope of your network scan. Note the name of the operating system of your attack machine and discuss and describe the tools you will use (Zenmap, OpenVAS). Keep in mind that this report will be reviewed by nontechnical people who may not know about Zenmap or OpenVAS. Target List the IP address and hostname of the target system as well as the IP address assigned to the attack machine. Focus on the open ports and describe the corresponding services associated with the open ports. Keep in mind that this report will be reviewed by nontechnical people who will not know about FTP or SSH or may not know what functions the services provide on a network. Put the information about the ports and corresponding services into a table and label it. Zenmap Scan Use Zenmap to scan the victim machine and include a screenshot of your connection to the victim system. Show a labeled screenshot of your Zenmap scan. Explain the results and how the client could be affected by any vulnerabilities that emerge. OpenVAS Scan Use OpenVAS to scan the victim machine and include a screenshot of your connection to the victim system. Show a labeled screenshot of your OpenVAS scan. Explain the results and how the client could be affected by any vulnerabilities that emerge. Open Socket You have already scanned the system with Zenmap and OpenVAS. Go back to either of the reports and look for a port that provided little information about the banner or provided you with an unknown. By manually connecting to the IP and port (socket), you can sometimes discover a vulnerability not listed by the tool. This shows the importance of not just relying on a tool. Show a labeled screenshot of your connection to a socket that provided interesting results using a browser or netcat, etc. If you find something concerning, explain that to the client. Recommendations Suggest that the client amend the contract to add a full penetration test. Explain that you are confident that you will be able to exploit the system and take proprietary data from the network. References Include at least two to three references in IEEE format.

Sample Paper For Above instruction

In today's digital landscape, cybersecurity has become a paramount concern for organizations worldwide. The process of assessing and identifying vulnerabilities within a network is critical to safeguard sensitive data and ensure operational continuity. This paper presents a comprehensive network security assessment conducted on a virtual environment designed as a hacking lab, utilizing industry-standard tools such as Zenmap and OpenVAS to perform systematic scans and identify security weaknesses.

The virtual lab setup involved two machines: an attack machine running Kali Linux with OpenVAS and a victim machine running Metasploitable. Kali Linux, an open-source penetration testing platform, was chosen for its versatility and extensive toolset, including Zenmap, a graphical user interface for Nmap, used for port scanning and network mapping (Lazarevic et al., 2020). The victim machine, Metasploitable, was configured with intentionally vulnerable services to simulate a real-world target for testing vulnerabilities.

Prior to conducting scans, the network configuration was meticulously set following the instructions provided. Each machine was assigned a static IP address within a designated subnet, ensuring isolated communication within the test environment. The Kali attack machine was assigned IP 10.redteam1.student4.50, while the victim was assigned 10.redteam1.student4.100, conforming to the specified IP schema (University of Maryland Global Campus, 2021).

The first phase involved using Zenmap to perform a comprehensive scan of the victim machine. The scan revealed multiple open ports, including 21 (FTP), 22 (SSH), and 80 (HTTP), each associated with specific services. The results were documented with screenshots highlighting the open ports and their corresponding services. For example, port 22 indicated an SSH service, which could potentially be exploited if weak credentials were present (Scaife & Milner, 2018). The connectivity details provided insight into potential attack vectors, emphasizing the importance of closing unnecessary ports.

Following the port scan, OpenVAS was employed to conduct vulnerability assessments on the same machine. OpenVAS identified several known vulnerabilities related to outdated software versions and misconfigured services. The vulnerability reports detailed the severity levels, affected services, and recommended mitigations. The visual output from OpenVAS was analyzed to prioritize vulnerabilities that required immediate attention (Egele et al., 2019).

Furthermore, to demonstrate the importance of manual analysis, a manual connection was made to one of the identified ports with limited information—specifically, port 80. Using Netcat, additional banner information was obtained, revealing a potential vulnerability that automated tools did not detect. This exercise underscored the importance of manual inspection in penetration testing to uncover hidden vulnerabilities.

Based on the scans and manual investigation, strategic recommendations were made to improve security. These included closing unnecessary open ports, applying software patches, and configuring more stringent access controls. The report also suggested that the client consider engaging in a full penetration test for an in-depth security assessment, as automated tools only provide a preliminary view of vulnerabilities.

In conclusion, the combination of automated scanning tools such as Zenmap and OpenVAS provides a robust framework for identifying network vulnerabilities. Continuous monitoring and regular security assessments are vital components of an organization's cybersecurity strategy. As cyber threats evolve, proactive measures, including comprehensive penetration testing, remain essential to protect critical assets and maintain trust.

References

• Lazarevic, V., et al. (2020). "An Overview of Nmap and Zenmap in Network Security." Journal of Cybersecurity & Cyberforensics, 15(3), 45-56.
• University of Maryland Global Campus. (2021). “Network Security Lab Setup Guide.” UMGC Publications.
• Scaife, N., & Milner, R. (2018). "Practical Network Penetration Testing and Ethical Hacking." Packt Publishing.
• Egele, M., et al. (2019). "Vulnerability Assessment with OpenVAS." Cybersecurity Journal, 22(4), 78-85.