Chat with us, powered by LiveChat Summarize what you did as an attacker, what kind of vulnerabilities did you exploit, what might have prevented these attacks. Mention the attackers and all of the targets in your summar | WriteDen

Summarize what you did as an attacker, what kind of vulnerabilities did you exploit, what might have prevented these attacks. Mention the attackers and all of the targets in your summar

 Write this reflection for the lab: 

  

In two to three paragraphs (i.e., sentences, not bullet lists) using APA style citations if needed, summarize, and interact with the content covered in this lab. Summarize what you did as an attacker, what kind of vulnerabilities did you exploit, what might have prevented these attacks. Mention the attackers and all of the targets in your summary. You can provide topologies, sketches, graphics if you want. In particular, highlight what surprised, enlightened, or otherwise engaged you. You should think and write critically, not just about what was presented but also what you have learned through the session. You can ask questions for the things you're confused about. Questions asked here will be summarized and answered anonymously in the next class.

Lab-7: Attacking

There are many different kinds of cyberattacks, such as exploitation of a vulnerability by using a piece of malicious code, launching denial of service attack, password cracking, and social engineering attacks.

In this lab, you will launch three brute force password cracking attacks against three different protocols, 1) SMB, 2) HTTP, 3) Telnet.

Section-1: Brute Force Password Attack against a Remote Windows SMB Service (By using Hydra tool)

In this section, you will crack the password of the Administrator account of the Windows 7 Target computer (192.168.2.13) by using the Hydra tool on Kali Linux. Hydra is a brute force password cracker. You will use another tool named crunch to create a dictionary to be used by Hydra.

Assume that you did shoulder surfing and learned that the Administrator account on Windows 7 Target has "a", "1", "2", "3", "4", and "5" characters. However, you couldn't find the password with manual tries; you decided to use a brute force password cracker.

1) Log in to Kali Linux on the Netlab environment. Remember that the password of the root account was toor.

2) Open a terminal window.

3) You want to create a wordlist from the letters you learned in shoulder surfing. Use the crunch tool and type crunch 6 7 aA12345 > my_word_list.txt in the terminal window. You included both lower and uppercase versions of "a" as you are not sure of which one is included in the password. You also indicated the minimum password length as 6 and the maximum length as 7. Crunch tool will generate a wordlist consisting of 941192 different possibilities of passwords that match the condition.

4) Now open the generated wordlist file by typing vi my_word_list.txt in the terminal window.

5) Press the page down button to see the list. Press Shift-gg to go to the end of the file.

6) Type colon character in vi and then type "set nu". This command will show the line numbers at the beginning of each line.

7) Now search for aA12345, which is the password of the Windows 7 Administrator account. To search for aA12345, type /aA12345

Note the line number of aA12345, which is 140525.

SMB protocol does not like parallel connections; therefore, the Hydra tool does not perform parallel processing and tries one password at a given time. On average, Hydra will check for 5800 passwords per minute. Therefore, it will take 24 minutes to find the password of the Administrator account. At this point, you will perform a trick and insert the password to the 6000th line.

8) In order to do that, press the Esc key and then type 6000 in vi, and then press Shift-g.

9) Press i and then press the Enter key. An empty line will be opened for you to type the password. Type in aA12345 here. Press Esc. Type :wq to save and quit.

10) Now, it is time to use Hydra to launch a brute force attack against the SMB service on Windows 7 Target computer. Type in hydra -l administrator -P my_word_list.txt smb://192.168.2.13

Take a screenshot of the brute force attack result screen once Hydra completed processing. (It should take no more than 5 minutes to complete)

Section-2: Brute Force Password Attack against a Remote Windows SMB Service (By using Metasploit Framework)

Metasploit Framework is a must-have tool for every pentester. You will use Metasploit frequently in the ISEC670 labs. Metasploit is included in Kali Linux.

1) Open a terminal window on Kali Linux on the Netlab environment.

2) Type in msfconsole to open Metasploit Framework

3) Type in search smb_login to find the path of the smb_login module.

4) Select the smb_login module by typing use auxiliary/scanner/smb/smb_login (This is the path you learned in the previous step)

5) Type in show options command to see the required parameters for the module.

Note: You can use view>shrink font to decrease the font size in the terminal window.

6) Set the target by typing set RHOSTS 192.168.2.13

7) Set the username by typing set SMBUSER administrator

8) Set the wordlist by typing set PASS_FILE /root/my_word_list.txt

9) Discard showing the detailed results by typing set VERBOSE false

10) Set the number of parallel process to 8 by typing set THREADS 8

Note: Do not set it to numbers higher than 8 as it may cause SMB service to crash

11) Run the brute force attack. It will take 1-2 minutes for Metasploit Framework to try the correct password in the wordlist.

Take a screenshot of the Metasploit result showing the username/password pair.

Section-3: Brute Force Password Attack against a Web Login Form

In this section, you will use the Burp Suite to perform a brute force attack against a web login form. Burp Suite has been used by application security testers to automate and control the web application security testing.

1) Stay in the Kali Linux on the Netlab environment.

2) Click on the Kali icon on the bottom left corner and type Firefox.

3) Click on the Firefox ESR icon on the start menu.

4) Configure the Proxy Settings of Firefox to have the web traffic directed to the Burp Suite.

Click the Firefox menu and then click Preferences

Scroll down to the bottom of the page and click the Settings button in the Network Settings section.

Select the Manual proxy configuration and type in the IP address as 127.0.0.1 and port number as 8080. (Burp Suite listens on 127.0.0.1:8080 by default). Click OK.

5) Open Burp Suite by clicking the Kali Linux icon at the bottom left corner, typing burp, and clicking the burp suite icon on the start menu.

6) Click Next while Temporary Project was selected.

7) Click Start Burp while Use Burp defaults was selected.

8) Switch to Firefox window. Visit the login page hosted at http://192.168.2.15/dvwa/login.php

9) Switch to Burp Suite, click on the Proxy tab, and click on the Forward button.

10) Switch to Firefox window. You will see the login window below. This is the "Damn Vulnerable Web Application" hosted on the OWASP BWA machine on Netlab.

11) At the login page, type admin as the username and type incorrect as the password. Click on the Login button.

12) Switch to Burp Suite, verify that the HTTP request is captured and also confirm that the Burp Suite has captured the username and password you typed.

13) Right-click anywhere at the bottom section and click on “Send to Intruder”

14) Click on Intruder Tab (1), and then click on the Positions Tab (2), and finally click on the Clear button (3).

15) Highlight the password value (1) and click on the Add button (2).

16) Click on Payloads Tab (1), and then Load button (2).

17) Navigate to /usr/share/wordlists/metasploit and click on http_default_pass.txt, and click Open (3)

18) Click on the Start Attack button on the top right. Click on OK for the message box about Community edition limitations.

19) Burp Suite tries all passwords in the dictionary file. The brute force attack will last around 15 seconds as there is a limited number of passwords in the file. Click on the Response tab, as shown in the figure below. All failed login attempts will be redirected to the login.php page. Successful logins will be redirected to the index.php page, as shown in the figure below.

Switch to the Request tab and take a screenshot of the Raw section where you see the username and password pair in the request traffic.

Section-4: Brute Force Password Attack against Telnet Protocol

In this lab, you will use the dictionary file you used in Section-3 to launch a brute force attack against Telnet service on Windows 7 Target computer.

1) Open a terminal window on Kali Linux on Netlab

2) Go to the path where word list is store by typing cd /usr/share/wordlists/metasploit

3) Type hydra -l admin -P http_default_pass.txt telnet://192.168.2.13

4) Take a screenshot of the terminal window.

Weekly Learning and Reflection 

In two to three paragraphs (i.e., sentences, not bullet lists) using APA style citations if needed, summarize, and interact with the content covered in this lab. Summarize what you did as an attacker, what kind of vulnerabilities did you exploit, what might have prevented these attacks. Mention the attackers and all of the targets in your summary. You can provide topologies, sketches, graphics if you want. In particular, highlight what surprised, enlightened, or otherwise engaged you. You should think and write critically, not just about what was presented but also what you have learned through the session. You can ask questions for the things you're confused about. Questions asked here will be summarized and answered anonymously in the next class.

image4.png

image5.png

image6.png

image7.png

image8.png

image9.png

image10.png

image11.png

image12.png

image13.png

image14.png

image15.png

image16.png

image17.png

image18.png

image19.png

image20.png

image1.png

image2.png

image3.png

HOW OUR WEBSITE WORKS

Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of 
HIGH QUALITY & PLAGIARISM FREE.

Step 1

To make an Order you only need to click ORDER NOW and we will direct you to our Order Page at WriteDen. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
 Deadline range from 6 hours to 30 days.

Step 2

Once done with writing your paper we will upload it to your account on our website and also forward a copy to your email.

Step 3
Upon receiving your paper, review it and if any changes are needed contact us immediately. We offer unlimited revisions at no extra cost.

Is it Safe to use our services?
We never resell papers on this site. Meaning after your purchase you will get an original copy of your assignment and you have all the rights to use the paper.

Discounts

Our price ranges from $8-$14 per page. If you are short of Budget, contact our Live Support for a Discount Code. All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.

Please note we do not have prewritten answers. We need some time to prepare a perfect essay for you.