8455

M5A1: Final Project: Penetration Test Planning and Reporting
Lab Objectives
This activity will address module outcomes 2 and 3. Upon completion of this activity, you will be able to:
• Utilize and recognize basic programming and scripting technologies to assist in cyber attacks and defense. (005) • Differentiate encryption and decryption as they apply to cryptography. (CO5)
For this assignment, we will research and become familiar with different approaches to complete a penetration testing engagement, using the instructor as your client. You are hired to complete a penetration test of the “target” VM. Some specifics about the assessment:
nesaNivoiliriatiegow
tiganwsiVashar Fh. 02.4 W.f.., orecta,i401.6.9CLIANCli…5.24 44 Off. ‘St /1 any WW1, *WI twatriwestUde and l.•ea Suwon 1.bernmsentiorigth:
Image Source: www.istockphoto.com
• Purpose/business objective: ? To assess the security posture of the Metasploitable VM • Proactively identify, prioritize, and report existing vulnerabilities and successful exploits • Gain root access to the system using any of the discovered vulnerabilities • Crack the passwords of any existing system, app, database user • Provide synthesized action plan for the IT operations team to address the findings • Provide a comprehensive findings report • Include a table with results that need to line up
IP Address FQDN OS Port Protocol Service Name Version Additional Nmap Script Information (To be Added Manually) Vulnerability CVE CVSS Exploit Success? If yes, which exploit?
• The scope of the assessment is: • Only the Linux Target, Metasploitable, VM, no other IPs should be included • All Metasploitable ports, services/applications, and databases that are open or running need to be evaluated • The assessment is system, application, database level

Attachments:

Final-Project….pdf