Preview

Lab 1

Satisfactory Essays
Open Document
Open Document
749 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Lab 1
Attack and Penetration Test Plan

Table of Contents
Scope –Production e-commerce Web application server and Cisco network.
Goals and Objectives – Penetration Test on company’s e-commerce Web Application Server and its Cisco Network. Identify any potential entry point and test user input for injections.
Tasks – Manipulate HTTP requests and observe HTTP responses.
Tamper with user input
Test for SQL injections
Test for XSS
Test code for injections
Test for command injections.
Reporting - Jennifer Le
Schedule Between 2:00 am – 6:00 am. Saturdays only EST.
Unanswered Questions – How many employees are in this company? - Will the employees be aware of this test?
Authorization Letter – From John Smith, CEO of E-Commerce Sales stating that I have permission to do this test.

Lab Assessment Questions and Answers

1. Provide a brief summary of the activities in each of the hacking steps listed below:
1.
Reconnaissance—The initial stage of collecting information on your target network
2.
Enumeration—The process of querying active systems to grab information on network shares, users, groups, and specific applications
3.
Gaining access—The actual penetration
4.
Maintaining access—Allowing the tester a backdoor into the exploited system for future attacks
5.
Covering tracks—The process of deleting log file entries to make it appear that you were never on the exploited system
2. To exploit or attack the targeted systems, what can you do as an initial first step to collect as much information as possible about the targets prior to devising an attack and penetration test plan?
The first step I would take would be from the 5 steps to hacking, which is the reconnaissance. I would use passive reconnaissance as this pertains to information gathering.
3. What applications and tools can be used to perform this initial reconnaissance and probing step?
Google is a major tool in most hackers initial first step. But you can use Nmap,

You May Also Find These Documents Helpful

  • Satisfactory Essays

    IS3220 Final Exam

    • 700 Words
    • 4 Pages

    7. Personnel should be authenticated and authorized prior to being granted access to company’s information resources. This statement is an example of ________________?…

    • 700 Words
    • 4 Pages
    Satisfactory Essays
  • Powerful Essays

    IS3110 U5L1

    • 912 Words
    • 4 Pages

    One of the most important first steps to risk management and implementing a security strategy is to identify all resources and hosts within the IT infrastructure. Once you identify the workstations and servers, you now must then find the threats and vulnerabilities found on these workstations and servers. Servers that support mission critical applications require security operations and management procedures to ensure C-I-A throughout. Servers that house customer privacy data or intellectual property require additional security controls to ensure the C-I-A of that data. This lab requires the students to identify threats and vulnerabilities found within the Workstation, LAN, and Systems/Applications Domains.…

    • 912 Words
    • 4 Pages
    Powerful Essays
  • Good Essays

    Cjs250 Wk 5 D 7

    • 948 Words
    • 4 Pages

    Contact a security manager and conduct the interview listed in Part I (space has been provided for extra questions, should you ask any). Once the interview has been completed, answer the questions in Part II.…

    • 948 Words
    • 4 Pages
    Good Essays
  • Better Essays

    Oriyano, S.-P., & Gregg, M. (2011). Hacking Techniques, Tools, and Incident Handeling . Burlington: Jones & Bartelle Learning .…

    • 1902 Words
    • 8 Pages
    Better Essays
  • Good Essays

    21.) What do you call an attempted hacking, where every possible every possible combination is used?…

    • 641 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    Lab #2

    • 402 Words
    • 2 Pages

    This lab demonstrated the first three steps in the hacking process that is typically performed when conducting ethical hacking or penetration testing. The first step in the hacking process is to perform an IP host discovery and port/services scan (Step 1: Reconnaissance and Probing) on a targeted IP subnetwork using Zenmap GUI (Nmap) security scanning software. The second step in the hacking process is to perform a vulnerability assessment scan (Step 2: Scanning) on the targeted IP subnetwork using Nessus vulnerability assessment scanning software. Finally, the third step in the hacking process (Step 3: Enumeration) is to identify information pertinent to the vulnerabilities found to exploit the vulnerability.…

    • 402 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    6) Your company’s computers have been taken over by an attacker and used to attack another organization’s information systems. Your problem is which of the following?…

    • 946 Words
    • 4 Pages
    Good Essays
  • Good Essays

    3. What must you obtain before you begin the ethical hacking process or penetration test on a live…

    • 652 Words
    • 4 Pages
    Good Essays
  • Satisfactory Essays

    Lab 1

    • 567 Words
    • 3 Pages

    Attacker would avoid detection by covering tracks step of the hacking process where they cover up their tracks in the system they hacked into.…

    • 567 Words
    • 3 Pages
    Satisfactory Essays
  • Good Essays

    Csia 301 - Syllabus

    • 4678 Words
    • 19 Pages

    Welcome to Foundations of Cybersecurity CSIA 301, a hybrid course. My name is Professor Nancy M. Landreville and I have been teaching here at the University of Maryland, University College since February 2007. My phone number is (301) 401-0144. You may contact me by phone any evening during the week (Monday - Friday) from 7:00pm - 9:00pm. You may email me at any time at nancy.landreville@faculty.umuc.edu . I encourage you to use the private messaging area rather than the faculty email address. This will facilitate faster response to your course questions. I will respond to your email within 24 hours from receipt of your email. Please place the name of the course in the subject line so I know the email is from one of my students. I check email every day from my students. I encourage you to contact me with any questions about the course, require that you contact me for extenuating circumstances for late work, and meet with me online for any required conferences that are held during the course. We will meet in the online chat room at least once this semester to discuss the midterm and once this semester to discuss your final assignment. This is in addition to your required face-to-face attendance each week for eight weeks.…

    • 4678 Words
    • 19 Pages
    Good Essays
  • Satisfactory Essays

    1. Discuss common forms of attack on Microsoft systems using the text Internet, and/or your job as reference for full credit.…

    • 488 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    Lab 7

    • 928 Words
    • 3 Pages

    1. What are some common risks, threats, and vulnerabilities commonly found in the LAN-to-WAN Domain that must be mitigated through a layered security strategy?…

    • 928 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    Lab 1

    • 414 Words
    • 2 Pages

    Answer: Computer Name, OS, Security Settings for Windows Firewall, Drives, Running Programs, and Installed Programs and Versions.…

    • 414 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    5. Refers to scanning a system for vulnerabilities and reveals information about the target that is needed to access it.…

    • 263 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Lab 1

    • 251 Words
    • 2 Pages

    PuTTY to connect to a Linux machine and ran several Cisco commands to display statistics for…

    • 251 Words
    • 2 Pages
    Satisfactory Essays