UNIT 17 Homework Penetration Test Engagement PDF

Title UNIT 17 Homework Penetration Test Engagement
Author J R
Course Cyberwarfare And Security
Institution University of Western Australia
Pages 5
File Size 432.1 KB
File Type PDF
Total Downloads 100
Total Views 129
Preview
CLICK TO PREVIEW PDF
Summary

.............

Description

GoodSecurity Penetration Test Report [email protected]

DAT1.0

High-Level Summary

GoodSecurity was tasked with performing an internal penetration test on GoodCorp’s CEO, Hans Gruber. An internal penetration test is a dedicated attack against internally connected systems. The focus of this test is to perform attacks, similar to those of a hacker and attempt to infiltrate Hans’ computer and determine if it is at risk. GoodSecurity’s overall objective was to exploit any vulnerable software and find the secret recipe file on Hans’ computer, while reporting the findings back to GoodCorp. When performing the internal penetration test, there were several alarming vulnerabilities that were identified on Hans’ desktop. When performing the attacks, GoodSecurity was able to gain access to his machine and find the secret recipe file by exploit two programs that had major vulnerabilities. The details of the attack can be found in the ‘Findings’ category.

2.0

Findings

Machine IP: 192.168.0.20 Machine’s IP address: 00:15:5D:00:04:01 Hostname: MSEDGEWIN10 Actual name of the machine: CPE:/o:microsoft:windows

Vulnerability Exploited: Metasploit: /exploit/http/icecast_header The name of the script or Metasploit module used: ICECAST HEADER OVERWRITE

Vulnerability Explanation:

The Icecast application running on 192.168. 0.20 allows for a buffer overflow exploit wherein an attacker can remotely gain control of the victim's system by overwriting the memory on the system utilizing the Icecast flaw, which writes past the end of a pointer array when receiving 32 HTTP headers.

Severity: In your expert opinion, how severe is this vulnerability? In my professional opinion I would rate the severity of this exploit to be extremely high, this exploit has demonstrated the method in which sensitive company data can be accessed by an unauthorized attacker, additionally this exploit allows for the escalation of privileges which would make way for potentially further more serious exploitations to occur.

Proof of Concept: Location of sensitive data seen in the below screenshot:

Downloading of sensitive of data seen in the below screenshot:

Further exploitation of highly sensitive data seen below:

Password hashes compromised seen below:

Weak passwords for both Administrator and IEUSER are shown to be cracked:

3.0

Recommendations

What recommendations would you give to GoodCorp? Enforce stronger more secure passwords alongside 2 factor authentication....

Similar Free PDFs
UNIT 17 Homework Penetration Test Engagement
  • 5 Pages
Chapter 17 Homework Answers
  • 36 Pages
Chapter 17 Homework
  • 7 Pages
Assault by penetration
  • 1 Pages
Unit 3 Summary Pre-engagement activities
  • 8 Pages
Unit 3 homework - unit 3
  • 4 Pages
Econ0002 - Unit 17 Notes
  • 23 Pages
Unit 7 Homework- Chatterley
  • 3 Pages
Preliminary engagement
  • 2 Pages
Unit 7 homework
  • 7 Pages
17 ch homework - Google Docs
  • 2 Pages
English homework unit 1
  • 1 Pages
Unit 5 Homework
  • 3 Pages
Bana Lingam the facts - Test 10 engagement letter Test 10 engagement letter
  • 3 Pages
9780323550611 \\17 - Test q’s
  • 7 Pages
Chapter 17 - Test Bank
  • 32 Pages
Popular Institutions