You are working for a security company that is going to run a pentest on a new company with new computers. It is a small office with 10
employees and no more than 20 devices connected to a managed Cisco switch with the default configuration of all the interfaces up
plus any link aggregation.
In this exercise, you have to penetrate a full patched Windows 10 system with all service packs and security updates as of the date of the assignment. The system will have the default configuration for the operating system with all telemetry and Windows Defender enabled and
up-to-date.
Successful penetration means you are able to gain administrative access to the system, leave a backdoor and cover your tracks. You are going to perform the pentest in two scenarios starting from information gathering all the way up to covering tracks.:
1. you have physical access to the system.
2. you are trying to access the network from outside the organization which is connected to the Internet via a router with a firewall.
a) Describe in detail the plan of attack. Justify the planned method of attack for each scenario.
b) In the second part of this question, you will have to execute the outlined plan with the tools and command used to gather the information that will provide you useful clues on your next course of action. Include the snapshots highlighting the important finding in each step and action taken.
You may use Practice Lab to perform this task.
Consider following scenarios to come up with the plan.
This is the info for you to plan. You will have to determine what information is relevant and what is irrelevant.
1. The computer to be attacked
Laptops that have been given to the employees. Employees have a choice of connecting to the network via Ethernet cable or wirelessly.
a) Clean installation of Windows 10 Pro, fully patched with all service packs and security updates as of the date of the assignment. (please specify build number and patches installed in your report).
b) All default settings enabled (e.g. telemetry, MS Defender, Firewall, etc.) and all default software installed.
c) No domain controllers. Workgroup only.
d) Two users: “superuser” (Administrator group) and a normal user with the username of the user’s name (User group).
Guest is disabled. Details are as follows:
i. Adminitrator:
A. Username: “superuser”
B. Password: Self-generated. Password policy: 10-character alphanumeric, upper and lower case alphabets, minimum of four (4) special characters.
C. Two factor authentication enabled using the Microsoft Authenticator mobile application.
ii. User:
A. Username: the person’s name (they will sign on to their own personal account)
B. Password: Self-generated. Password policy: 8-character alphanumeric, upper and lower case alphabets, minimum of two (2) special characters.
C. Two factor authentication enabled using the Microsoft Authenticator mobile
2. The wired network
a) A network of 10 computers on a single subnet.
b) Managed Cisco L3 24-port Gigabit switch with the default configurations and all ports (or interfaces) up. Port aggregation is configured as needed.
c) SSH on the switch is enabled.
d) Media: Cat6a. For expansion purposes, 20 ports have been patched to outlets.
e) Single Cisco router with an SPI firewall enabled. Router will act as the gateway and provide DNS and DHCP services. Single interface WAN with an aggregated link to the switch.
3. The wireless network
a) Cisco access point - centrally managed.
b) On a seperate VLAN and subnet.
c) Authentication using WPA2-Enterprise using an local or internal RADIUS server (on the device itself).
d) Only the 10 employees are allowed to use the wireless system. No guest network.
e) Typical business security features include: ARP spoofing prevention and MAC address filtering.
4. Others
a) A networked multifunction device connected via wired Ethernet to the network.
b) Do not assume other servers are present on the system except for those already mentioned. If you want to assume that there are other machines on the network, provide a justification.
Download the image of VM hosted on the following link: https://bit.ly/3xsw1oR
This image is of a vulnerable machine. Your goal is to acquire root level access to the vulnerable machine. There may be more than one way possible, however, you are required to document only one possible solution. You are accessing the system from outside the organization.
a) In the first part of this question, you will outline the process of hacking the downloaded machine. Starting from scanning up to covering tracks. Justify the planned method of attack for each scenario. (10 marks)
b) In the second part of this question, you will have to execute the outlined plan with the tools and command used to gather the information that will provide you useful clues on your next course of action. Include the snapshots highlighting the important finding in each step and action taken. (25 marks)
c) Write a summary of your finding (e.g. countermeasure that can be taken to fix the exploited vulnerability). (5 marks)