Project Task
Each group will use the Metasploitable 2 VM and Windows 10 in the Apporto and
attack machine (Machine being used for the pen testing and vulnerability
assessment) should be the Kali. Every student will be assigned a group.
Each Group will be assigned one extra VM.
VMs for the project
Metasploitable 2
Windows 10
Kali (attack machine)
VM assigned to the group - NB this VM is unique for each group. This
will bring the total number of VMs in the lab to 4.
There is an allocation for each person.
VM Allocation
Group 1 – Brainpan
Group 2 – Kioptrix
Group 3 – NullByte
Group 4 – pWnOS
Setup a DHCP server
Create a lab with a router acting as DHCP server. Use the IP block allocated to your
group.
Example if the Group is 1 then the IP block for the DHCP should be [Link] / 24,
if it is group B then [Link] /24.
4 Groups
1 - [Link] / 24
2 - [Link] /24
3 - [Link] /24
4 - [Link] /24
1
� Use the switch and router (c7200) on apporto platform.
The router will also serve as the DHCP server.
The objective is to exploit one target machine and provide proof of exploitation.
Stimulate, what would happen if an internal user is compromised, or identify what
would happen if the system under testing is subject to an attack by a malicious
external party. To achieve that you must complete the following tasks:
• Create the Network Topology based on the network block and configure
DHCP
• Perform a passive attack gathering information.
• Perform Network discovery on the target network.
• Conduct a Port scanning on the target, documenting service that are
running, protocols, application version, identify operating system etc.
• Conduct a vulnerability scanning, analysing the results and identify the
risks.
• Leverage identified issues to uncover the worst-case scenario.
• Follow up with validation of the findings through the use of exploits or tests
to eliminate false positives and detect hidden vulnerabilities or false
negatives. This involves exploiting the vulnerabilities discovered.
• Explore the level of access each exploit provides and use increased access
as leverage for additional attacks. Some of the machines may require
multiple exploitation steps, resulting first in low-level local access, and then
in root or administrative as vertical privilege escalation.
• Be able to evaluate and assess the security of a computer system, by
conducting a security assessment.
• Evaluate vulnerabilities and security risks, by attempting a vulnerability
scanning followed by exploitation techniques to identify false positive and
false negative vulnerabilities, and know-how to assess them.
• Analyse systems for security weaknesses and propose mitigating
measures to improve the overall security.
Report Criteria
1. Report structure and readability
2. Introduction
3. Summary and Recommendation
4. Information Gathering
5. Scanning and mapping
6. Enumeration
2
�Type: Project Report
Word Count: A minimum of 2000 words is recommended with 2500
words maximum limit.
The following texts will be excluded from the word
counts.
• Footnotes for reference purpose only.
• Bibliography.
• List of tables, Figures and Table of Contents.
• Source code and scripts.
• Everything that is included in the Appendix
section.
You might append source codes, development
environments, and any additional resources at the
appendix section. However, these will be excluded from
the marking scope. Please note in case that you
develop you own tool or code; the complete source
code must be submitted as a separate script for
evaluation and correctness as supporting materials.
Document Structure ▪ The document MUST follow the format of the given
and Readability: template
▪ The report must be divided appropriately into
sections with the several stages of the pentest
methodology
▪ Work must be cited through appropriate
bibliography.
▪ Work must be submitted as a Word document
(.doc/docx) (not exceeding 100MB)
▪ Project document must follow a
consistenttemplate, using a single font and font
size (e.g., Arial 11 or larger if you need to for the
headings), with a recommended 1.5 line spacing.
▪ Any code analysis or command execution must be
complete and concise, with proper commenting to
explain the logic, attributes, options, flags, and
input parameters. To present the Source Code
snippets, command execution, bash scripts, or
configuration files, you need to use a fixed-width
font and clearly readable (no screenshots),
recommended Monospaced fonts (Consolas,
Courier New, etc.). You might split the code by
module and present it through a table (1x1) used
3
� as a code-box, that will clearly separate from the
narrative.
Screenshots ▪ Each student before starting any penetration testing,
Requirements need to create a new user in their Kali-Linux_VM
(attacking) machine with their username along with
their last two digits of their student-ID. The
username could be your first-name, your surname or
a combination from the first letters of both, for
example “georgeb80”. (Example at the end of this
document)
▪ The screenshots need to include your user on
eachcommand that is being executed in your
KaliLinux machine, unless if the command requires
the ‘root’ user and cannot be executed with “sudo”,
or if you are logged into the target machine.
(Example at the end of this document)
▪ Screenshots must have a captioned, cross-
referenced and should be used mostly to provide
evidence of: o Output or results of a program/tool
execution (any command that has been executed as
an input must be provided also by text).
o Designs, such as Information on the network
environment, IP addresses, activity
diagrams/flowcharts etc.
o Present a software interface (GUI/CLI), or tools.
o Graphical Analysis may include a
representation of the results or similar type of
comparative plots. o Any other relevant evidence
that can be used as a proof of concept (e.g.,
[Link]), which may include usernames,
attacker IP address, target IP address etc.
Note: Screenshots which do not satisfy the
abovementioned requirements will not be considered
and the report will be penalised accordingly!
Walk-throughs: The use of walk-through(s) for target machines it is
allowed. However, in case that you will follow a
walkthrough, be aware of the following guidelines:
You must provide a reference with citation inside
4
� the text of the walk-through(s) that has been
used and refer to those even in the beginning of
the
• The contribution and your work on the report
needs to be clear comparing with the
walkthrough(s).
• You cannot copy/paste any of the content,
screenshots, or any other evidence from the
walk-though(s) in your report. You need to
write the report based in your own experience
and create your own evidence. Otherwise,
may be a subject of plag1arism.
• Walk-through(s) usually do not follow any
specific pentest methodology. You need to
organize the content of your report into sections
based in the penetration testing methodology
discussed in the class.
• Walk-through(s) start from active attacks (stage
2 or higher). Make sure that you will include
Information gathering and other stages that
might be missing of the methodology.
• Be advised : Content included into wrong
sections will not be considered for marking (e.g.
brute force attack in information gathering
section).
• Walk-through(s) may include several gaps of
information they provide, as the authors often
consider those information as “known”. You
need
to fill-in those gaps in your report. (e.g., how a
password has been found)
5
� • Vulnerability scanning is rarely included, authors
may directly provide a way(s) to attempt the
exploit, by skipping vulnerability scanning, or
security assessment in general. Vulnerability
analysis and Enumeration stage must be
included
in the report, identifying key threats and
vulnerabilities that are about to be exploited,
along with a reasonable flow of narrative with
justifications.
• Do not blindly follow a walk-through, as it may
include outdated tools and methods.
The references must include at least two (or more) of
following types of sources:
• (Mandatory) A reference with a link of victim
machine and its origin, along with the name of the
machine (if applicable).
• (Mandatory/Optional) References of any
walkthrough(s) or guides that has been used.
Note, it’s not a must for a walk-through to be used
as a resource, however, it is recommended. If a
walkthrough has been used, it is a must to use a
reference.
• (Optional) References of any forums, or links that
have been followed, along with access date and
title.
• (Optional) Books and other resources studied to
accomplish this tasks.
Note: Inappropriate reference formats or mixed
referencing will be penalised as stated in the
assessment rubric’s report structure and readability
criteria!
The Content: • The final report must document all the steps,
commands issued, and console output in the form
of a scientific format.
• The documentation should be thorough enough
that the pentest can be replicated step-by-step by
a technically incompetent reader.
6
�Note: Your report should be narrative in style, with
human explanation and commentary. A "report" that is
merely a collection of screenshots and data dumps will
be graded very poorly.
7
��Screenshot Requirements Example
The commands to add a new user in a Linux machine are the following:
root@kali:~# useradd -s /bin/bash -m
georgeb80 root@kali:~# usedmod -aG sudo
georgeb80 root@kali:~# passwd georgeb80
New password: Retype new password: passwd:
password updated successfully
root@kali:~# su georgeb80
georgeb80@kali:~$
Clearly show the IP address of your machine that you are making the attack by
using ‘ifconfig’, for example:
As a proof of concept, for each ‘[Link]’ or any other evidence found must
be shown in a screenshot that includes the entire contents of the file, along
with the IP address of the target by using “ifconfig” or “ipconfig”. For example:
9
� This way we make sure to include screenshots as evidence for proof of concept
that include at least the following information:
✓ The person’s username after executing CLI command.
✓ The remote system user in the attacker’s machine. ✓ Attacker IP
address ✓ Target IP address
Resources
All the module’s lectures, tutorial handouts, and references are recommended in
the module guide. Some links that may be found useful:
Kali-Linux Tools list: Link
Kali-Linux Revealed (Online free course): Link
Nmap Reference Guide: Link
Nessus Documentation (by Tenable): Link
OpenVas Guide: Link
Metasploit Unleased (Online free course): Link
Exploit-DB (by Offensive-Security): Link
JohnTheReaper Cheat Sheet: Link
HashCat Guide: Link
Timeline: 10 Days
Budget: 60$
10
�11