Outcomes addressed in this activity:
Unit Outcomes:
Outline the steps of the information gathering process.
Describe common social engineering techniques.
Describe common information, networking, and physical security attacks.
Use appropriate reconnaissance tools and techniques.
Course Outcome:
IT542-1: Analyze the methods ethical hackers use to perform reconnaissance and social engineering.
Purpose
In the first part of the lab, you will perform reconnaissance from the wide area network. The purpose of this lab is to show you how you can use Nmap to identify open ports and Netcat and telnet for banner grabbing. You will then learn how to use an exploit framework like Metasploit® to get access to the password file and use a password cracking tool like John the Ripper® to crack the password, and then login using admin access. In the second part of the lab you will use Kali Linux to scan a local area network and then use Metasploit and Armitage to exploit vulnerabilities.
Lab Instructions
Part 1:
Complete the labs “Performing Reconnaissance from the WAN” and “Scanning the network on the LAN.” In the lab environment, you will find step-by-step instructions. As you work through the labs, there will be capture-the-flag challenges.
Lab Requirements
Prepare the written portion into a Microsoft Word document. Support any assertions made with credible sources using APA style formatting.
For more information on APA style formatting, go to Academic Writer in the Academic Tools area of this course.
Also review the university policy on plagiarism. If you have any questions, please contact your professor.
Plagiarism
Plagiarism is an act of academic dishonesty. It violates the University Honor Code, and the offense is subject to disciplinary action. You are expected to be the sole author of your work. Use of another person’s work or ideas must be accompanied by specific citations and references. Whether the action is intentional or not, it still constitutes plagiarism.
www.lab.infoseclearning.com/course/GQZVVNPJGR/lab/SQFAQLDIBL?check_logged_in=1
www.lab.infoseclearning.com/course/GQZVVNPJGR/lab/UWUENTBWQA?check_logged_in=1
Or Logged in the school website: www.purdueglobal.brightspace.com/d2l/loginh/
Username: DonaldNkamdjeu
Password: HomeworkDue!4
Category: Network defense
Unit 1 Lab: Performing a Denial of Service Attack from the WAN and Crafting and Deploying Malware Using a Remote Access Trojan (RAT)
Outcomes addressed in this activity:
Unit Outcomes:
Discuss the concept of ethical hacking.
Describe the TCP/IP protocol and numbering systems.
Document an attack and penetration test plan.
Select appropriate cryptographic algorithms to achieve data protection in different contexts.
Course Outcome:
IT542-1: Analyze the methods ethical hackers use to perform reconnaissance and social engineering.
Purpose
In the first part of the lab, you will perform a denial of service attack on a Wide Area Network. You will be using Low Orbit Ion Cannon, an open source application, to conduct a TCP, UDP, and HTTP flood attack against a pfSense firewall in a virtual environment. In the second lab you will use nmap to scan a network and create and deploy malware on the system using a remote access trojan, a dictionary based password attack and a Remote Desktop Protocol session.
Lab Instructions
Part 1:
Complete the labs “Performing a Denial of Service Attack from the WAN” and “Crafting and Deploying Malware Using a Remote Access Trojan (RAT).” In the lab environment, you will find step-by-step instructions. As you work through the labs, there will be capture-the-flag challenges.
Part 2:
After completing the labs, answer the following questions. Conduct research and cite supporting sources in APA format where it is appropriate.
Describe the different capabilities of Low Orbit Ion Cannon. Search and identify at least one other product that allows you to conduct denial of service attacks and identify two differences between LOIC and the product that you have identified. Provide appropriate citations.
In this lab, you performed TCP, UDP, and HTTP flood attacks. Research and describe three different ways that an organization can prepare against denial of service attacks. Describe how the defense strategies against denial of service attacks differ based on TCP, HTTP and UDP attacks. Provide appropriate citations.
While using tcpdump in step 9 of the lab, search and identify what –nntttt, -s 0 and –w options are supposed to do.
Describe how you can prevent, detect, and mitigate against Remote Access Trojan attacks. Provide citations for your answer.
Describe the different types of rootkits. Describe how you would detect and prevent rootkit attacks?
Review the sources below and write out three questions that you would need to answer in your pen test plan. For each of the questions identify which of the sources below was used for the question. Select the appropriate sentence or paragraph from the source and include it in your answer for each question.
Korpela, K., & Weatherhead, P. (2016). Planning for Information Security Testing—A Practical Approach. ISACA Journal, 5, 1-10. https://www.isaca.org/resources/isaca-journal/issues/2016/volume-5/planning-for-information-security-testinga-practical-approach
Pre-engagement. (n.d.). http://www.pentest-standard.org/index.php/Pre-engagement
Lab Requirements
Prepare the written portion into a Microsoft® Word® document. Support any assertions made with credible sources using APA style formatting.
For more information on APA style formatting, go to Academic Writer in the Academic Tools area of this course.
Also review the university policy on plagiarism. If you have any questions, please contact your professor.
Plagiarism
Plagiarism is an act of academic dishonesty. It violates the University Honor Code, and the offense is subject to disciplinary action. You are expected to be the sole author of your work. Use of another person’s work or ideas must be accompanied by specific citations and references. Whether the action is intentional or not, it still constitutes plagiarism.
For more information on University’s Plagiarism policy, refer to the current University Catalog.
Directions for Submitting Your Labs
Part 1 of your lab work will be automatically graded in the gradebook.
Website to have access to lab: https://signin.purdueglobal.edu/Account/Login?ReturnUrl=%2Fsso%2Flms%3Fresume%3D%2Fidp%2FzBg2M%2FresumeSAML20%2Fidp%2FSSO.ping%26spentity%3Dhttps%3A%2F%2Fb3e7eea6-f2a5-4baa-8fea-9cb27ef359c8.tenants.brightspace.com%2FsamlLogin
Username: DonaldNkamdjeu
Password: HomeworkDue!4