Danyon Dupie Cyber-Security Project Website
Project C: Ethical Hacking
Project C consisted of upgrading a network for a company's client and also performing various cybersecurity tasks. I scanned and determined the vulnerabilities of a newly installed production server and of the Web server as well. I also provided specific examples as shown above in slides, of how any vulnerabilities could be exploited.
Scenario
After Successfully Installing a Network Upgrade for your memory for your company's client, you have been asked to perform another cybersecurity service for that client. The client hired a consolation to install and configure a new server in their internal network to support production and operations. You are tasked with determining the vulnerabilities of the new production server and provide specific examples of how any vulnerabilities could be exploited. You are also tasked to perform the same service on the Webserver in the DMZ
First what I did was that I ran an nmap scan on the Web Server and found some Known Vulnerabilities Such as Backdoor Attack on the FTP server, DoS Attack, SQL injection, Man-In-The-Middle Attack
Next I ran a nmap scan on the Production server and found some known such as a Backdoor Attack on the FTP server, as well as Man-in -the-middle attack
First what I did was that I ran an nmap scan on the Web Server and found some Known Vulnerabilities Such as Backdoor Attack on the FTP server, DoS Attack, SQL injection, Man-In-The-Middle Attack
For this Project it introduces the Production Server as well as the Web server and the Kali Trusted Machine. The Steps I did to create this project:
Step1: I ran an nmap scan using Kali Trusted VM on the Web server's IP Address which is 10.200.0.12 using this command: (nmap 10.200.0.12 --script-vuln). I also used the same command on the Production server IP Address which was 192.168.0.21 (nmap 192.168.0.21 --script-vuln). Found out that on the Production Server and Web Server that there were some Well known Vulnerabilities
Step 2: In Kali Trusted, I ran the Metasploit Framework. Metasploit is a powerful tool that cyber security criminals use to exploit multiple vulnerabilities to the target host PC as well as Ethical hackers use Metasploit to not only know how hackers run exploit on target machines but also how to prevent a target machine from being hacked as well. To sign into the Metasploit Framework I used: sudo msfdb run command which allowed me to sign into Metasploit
Step3: Once getting into Metasploit this is where the fun begins; I ran an Backdoor Attack on both the Production Server and the Webserver. In order for me to successfully I had to search VSFTP which gave me a Matching Module. Next what I did was that I typed in use 0 since it was the only number that was in the matching module, had to set the RHOST for the Webserver IP Address and then run the exploit. When the exploit ran for the Webserver it found a shell which made the exploit successful. I also created a user for the Webserver to give that user administrative rights to the production server only
Step4:I ran Ettercap on the Production server. Ettercap is a software that is on Kali Linux and Windows that both CyberSecurity Criminals and Ethical Hackers use for Man-in-the-middle attacks on LAN. Once running the Man-in-the-middle Attack on the production server I also ran Wireshark as well