THE FOLLOWING GIVE DETAILS OF WHAT IS EXPECTED TO COMPLETE THE EXPLOITATION TESTING PROGRAM. WILL GIVE A FULL BRIEF LATER ON..
You will need is to exploit the three target machines and provide a proof of enumeration/vulnerability assessment, scanning, exploit development, exploitation, and vulnerability fixes. You will also need to explain all steps . You will be provided with three OVF/OVA Virtual Machine files with instructions on how to import the files and start each Virtual Machine using VMware. You will also be provided with the Linux Virtual Machine to attack the targets.
Each target machine contains at least one proof file, which you must retrieve, and include with your documentation.
So to get started,,,,,,,,,,,,,
1- Enumeration and vulnerability scanning (this step may have a minimum of 4 screen shots )
- use Linux terminal commands to find local machine IP address then scan for available live pcs/systems using may be netdiscover command.
- we also need to include a GUI method of discovering an enumeration of the network around us.
- we should also use the terminal command to check for vulnerabilities on target machines found on the previous step (enumeration)
- for this we repeat the same thing just like before but now we use a GUI tool such as openVAS
2- Exploitation development (this step may have a minimum of 2 screen shots )
- This need to show what commands need to be used for the exploitation strategy and what GUI tools could be used
3- the exploitation itself. (this step may have a minimum of 2 screen shots )
Having established an exploitation strategy, now using command lines and GUI we should complete the exploitation. examples such as MSFconsole > exploit > payload. We need to use a GUI tool for snapshots, reports etc.
So basically explain how you managed to get to the proof file and how you retrieved it using the above example. The brief says at least one proof file meaning that you can go the extra mile and may be retrieve more than one to show better success.
The proof file is mentioned in the full brief (will be provided later)
4- fixing vulnerabilities. (this step may have a minimum of 2 screen shots, reports, graphs etc)
OpenVAS for example could find all available vulnerabilities and could also be used to fix them. This could also generate reports, graphs, tables etc. This data could be added to our main report too. (put them in an appropriate place - may be in appendices if too much)
- REMEMBER WE NEED TO HAVE VERY CLEAR SCREEN SHOTS + DESCRIPTION OF HOW WE HAVE DONE IT
- ALSO THE USE OF COMMANDS NEED TO BE DESCRIBED
- THERE ARE 2 RECOMMENDED HACKING BOOKS - (CHECK IF THEY MAY HELP) AS FOLLOWS:
Penetration Testing (also available in E-book)
A Hands-On Introduction to Hacking
by Georgia Weidman
June 2014, 528 pp.
The Hacker Playbook 3: Practical Guide to Penetration Testing
Paperback by Peter Kim (Author)
Paperback: 289 pages
- ALL THE TOOLS WE MENTIONED ABOVE ARE JUST EXAMPLES. YOU CAN USE DIFFERENT TOOLS IF NECESSARY.
- WE COULD HAVE A MINIMUM OF 30 SCREENS SHOTS IN TOTAL.
THANKS AND REGARDS
THE REQUIRED VM WARE FILES WILL BE PROVIDED LATER
12 freelancers estão ofertando em média £207 para esse trabalho
Hey there, I have been in the Information Security arena for years. I had conducted tons of Penetrations Tests. I'm a former black hat hacker as well. Would you share more details? Regards.