• caglararli@hotmail.com
  • 05386281520

Penetration Test [closed]

Çağlar Arlı      -    10 Views

Penetration Test [closed]

You were recently hired for a Penetration Tester position. You are responsible for penetration testing information systems located in the Local Area Network (LAN) and the Demilitarized Zone (DMZ). A new web server was recently installed in the DMZ and you are tasked with attempting to compromise this server as a simulated external (WAN/Internet) threat. For the purposes of this exercise you have access to a Kali Linux virtual machine. The IP address of the external router is 198.51.100.254/24. The IP address of the corporate web server resides somewhere on the 120.38.48.0/24 network.

There are 8 steps

Use the Kali Linux virtual machine to enumerate the network and discover any potential misconfigurations and/or vulnerable information systems.

Based on your vulnerability discovery(ies), exploit the system(s) using the Kali Linux virtual machine.

Use a method available to you on the Kali Linux virtual machine to recover any credentials from the compromised system.

Use your newly acquired network access to create a pass-through capability (PIVOT) onto other networks of opportunity.

Use the built-in functions of Metasploit on the Kali Linux virtual machine to conduct a portscan on the LAN network. Discover any potential misconfigurations and/or vulnerable information systems.

Use the previously stolen credentials to access the domain controller.

Leverage xfreerdp on the Kali Linux virtual machine to RDP onto the Windows 8 VM.

Deface the webpage hosted on the web server by modifying the webpage index.html file.