Performing security assessment using various tools

Introduction

Welcome to the Performing Security Assessment using Various Tools Practice Lab. In this module you will be provided with the instructions and devices needed to develop your hands-on skills.

Learning Outcomes

In this module, you will complete the following exercises:

• Connect to Kali
• Identify Live Hosts using nmap
• Identify Live Hosts using hping3

After completing this lab, you will be able to:

• Connect to Kali
• Identify Live Hosts using nmap
• Identify Live Hosts using hping3
• Connect to Windows 10 and Kali
• Use Nslookup to Perform Zone Transfer
• Use the DIG Tool to Perform Zone Transfer
• Use PsInfo Command-line Tool
• Use the Finger Command
• Log into MyBook
• Explore and Gather Information
• Connect to Windows 10 and Kali
• Create an Exploit
• Setup the FTP Server
• Download the Payload
• Exploit the Victim’s System
• Using the Netstat command-line tool
• Using the Route command line tool

Exam Objectives

The following exam objectives are covered in this lab:

• CAS-003 3.1 Given a scenario, conduct a security assessment using the appropriate methods.

Lab Duration

It will take approximately 1 hour to complete this lab.

Exercise 1 - Identifying Live Systems

The basic and foremost step in studying the physical connectivity of networks is scanning. Scanning, also known as probing, is a process of leading the target machines to reveal useful information about them. A network scanner is a tool that will aid in scanning networks. Some of the popularly used network scanner tools are nmap and hping3. Both nmap and hping3 have several features that give complete control over the scans that you perform. You can download the appropriate nmap and hping3 tools for your operating system from the following respective links:

• http://nmap.org
• http://www.hping.org

For this demonstration, nmap & hping3 are bundled with the default installation of Kali Linux.

In this exercise, you will learn to identify live systems using nmap and hping3.

Learning Outcomes

After completing this exercise, you will be able to:

• Connect to Kali
• Identify Live Hosts using nmap
• Identify Live Hosts using hping3

Exercise 2 - Performing Zone Transfers

The DNS (Domain Name System) server service provides three types of zones such as primary, secondary, and stub zones. Zone transfer is a mechanism in which the changes that are made to the zone on a master server are replicated on all the secondary servers for that particular zone.

In this exercise, you will learn to perform zone transfers using command-line tools such as nslookup and dig.

Learning Outcomes

After completing this exercise, you will be able to:

• Connect to Kali
• Use Nslookup to Perform Zone Transfer
• Use the DIG Tool to Perform Zone Transfer

Exercise 3 - Working with Remote Targets

PsInfo is a command-line tool that comes bundled with Microsoft Sysinternals suite. By default, this tool provides local system information. However, you can use this tool to retrieve information about remote systems in the network.

In this exercise, you will use the PsInfo command-line tool.

Learning Outcomes

After completing this exercise, you will be able to:

• Use PsInfo Command-line Tool

Exercise 4 - Working with Finger Command

In Unix/Linux, you can use the finger command to retrieve information about the system users in the network.

In this exercise, you will work with the finger command.

Learning Outcomes

After completing this exercise, you will be able to:

• Use the Finger Command

Exercise 5 - Social Engineering Reconnaissance

Often a compromise in a company begins by attackers searching through social media for personal information that might aid them in gaining legitimate details or by impersonating that person to business.

The aim usually is to get access to the initial system that the person either owns or has access to, from here the attacker will try to escalate and move through a building or network gaining access to more interesting areas.

Learning Outcomes

After completing this exercise, you will be able to:

• Log into MyBook
• Explore and gather information

Exercise 6 - Use the Social Engineering Toolkit (SET) in Kali Linux

With a little skillset, you can always break someone’s password using various methods, such as brute-force or dictionary attack. However, it is much easier to trick someone to simply share the password with you without them even knowing that they have shared it. You can also control their system without letting them know, but you should trick them to install something or open a file, which contains a specific payload. When you perform such tricks with people, to share their confidential information or run a malicious file or payload, you are performing a social engineering attack, which is an art of manipulating people to perform a task that allows you to gain their confidential information or even control their system.

Learning Outcomes

After completing this exercise, you will be able to:

• Connect to Windows 10 and Kali
• Create an Exploit
• Setup the FTP Server
• Download the Payload
• Exploit the Victim’s System

Exercise 7 - Perform Routing Table Verification

There are various tools that can be used for routing table verification. Two of such tools are netstat and route.

Learning Outcomes

After completing this exercise, you will be able to:

• Use the Netstat command-line tool
• Use the Route command line tool