Normal 0 false false false EN-CA X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Calibri","sans-serif";}

 

Normal 0 false false false EN-CA X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Calibri","sans-serif";}

Final Project

Overview

ACME Ltd. is a provider of network security solutions. The company has a private network accessible only by the employees. To prevent security breaches, which could be very damaging for the company’s brand, your pentest company has been hired to perform a test on ACME's internal network and recommend appropriate mitigation solutions.  Your contact person at the company and pentest project liaison is Ms. Alice Sandhu, IT Director. Her email address is asandhu@acme.com.

Part I: Penetration Testing

Only two machines in the ACME’s network will be targeted in the attack. It is assumed in this phase of the project, that you have only remote access to the target machines, i.e., all access should be done through Kali as attack machines.  In other words, you cannot login locally into the machines and attack them. However, local access is allowed in the Part 2 of the project.

The project will be performed using Kali as attack machine and a virtual image that mirrors as much as possible the target network. You must download the image at the following link:
https://drive.google.com/file/d/0B1xnRxT-Y8DMdHRkNmZUWDdXdm8/view?usp=sharing

Install it on your own machine. The installation guidelines are provided in a separate file available on D2L.

1.1 Using a network scanner (e.g. zenmap), extract the topology information of the company's private network. Identify available hosts, and for each host, find the IP address, Operating System, running services and open ports. Ensure that you specify the exact versions.

1.2 Identify vulnerable services (using e.g. nessus); briefly explain why you think these services are vulnerable.

1.3 Try to gain access to the private network by attacking the account of Ms. Alice Sandhu on machine UB12 using a password cracking tool (e.g. ncrack or hydra or medusa or any other tools).  You can use as dictionary the file phpbb.pwd (under /usr/share/ncrack) and target one of the running services (e.g. FTP, SSH, etc.).

1.4 After gaining access to the private network, locate and exfiltrate one of the source code files of the company’s new mobile application (from the GIT code server), which is among the most valuable trade secrets of the company, and is supposed to remain confidential.

 

Part 2: Defense Strategies

In the second part of the project, you will use the attack intelligence obtained in Part 1 to implement adequate defense strategy to prevent or detect similar attacks in the future. The protection scope will be limited to machine UB12. As part of the protection mechanisms, you’ll run snort on machine UB16C.  

 

By reviewing the nessus scans, select one of the high severity vulnerabilities on UB12 (other than password cracking), for which you can identify an exploit in Metasploit.

A straightforward solution to prevent attacks based on these vulnerabilities could simply be to install more recent versions of the services. But the goal here is to go beyond such obvious solution, as variations on the attack patterns may still be successful (even after installing the upgrades).

 

1.    Explain briefly the generic attack scenario associated with the selected vulnerability; a graphical sketch (in addition of the explanations) is required. Do not copy and paste paragraphs and figures from the Internet. You can search for such information online; but make sure the explanation is reworded using your own terms, and the graph is your own.

2.    Execute the attack against machine UB12 by exploiting the selected vulnerability using Metasploit. Capture sample attack packets using wireshark (you can start wireshark, just before typing the “run” or “exploit” command in Metasploit; and stop it after the attack has completed).

3.    Analyze the sample attack packets, and define new Snort rules (as many as you think are necessary) to detect the attack, and add these rules to the snort rule set in UB16C. Justify the rationale for the rules. Make sure your Snort rules do not over-fit the attack scenario.

4.    Configure Snort (on the UB16C machine) and run it in intrusion detection mode. Re-execute the attack against UB12 using your attack machine (i.e. Kali), and collect the Snort alerts log generated after the attack.

5.    Define new IPTables rules to mitigate the impact of the attack (against UB12). Test the rules by running once again the attack. Justify the rationale for those rules. Since you may not have root access to UB12, you can test the rules by deploying them on your Kali machine (note that such configuration is valid only for testing purpose; ideally you would deploy the IPTables rules on UB12 and perform the test).

6.    By reviewing the scan results (obtained in project – Part 1), suggest and describe any additional defense strategy required to protect the target systems.