ASSIGNMENT
IP Address: 10.redteam[team number#].student[student number#].50
For example, if you were on red team 1, and the fourth student alphabetically, you would input 10.redteam1.student4.50 for the IP address.
Step 2: Download the Two Virtual Machines
Kali With OpenVAS (Attack Machine) (7 GB) (login root, pass tour),
Metasploitable (Victim Machine) (1.3 GB)( login msfadmin, pass msfadmin)
Warning
Do not take the virtual machines off their host-only setting at any time.
Step 3: Configure the IP Settings
Once you get the virtualization software installed, use the following IP settings for the CMIT 386 virtual machines. For example, if you were on red team 1, and the fourth student alphabetically, you would input 10.redteam1.student4.50 for the IP address.
Kali Linux (Attack Machine)
To edit the IP configuration file on Kali, use: leafpad /etc/networking/interfaces
IP Address: 10.5.4.50
Subnet Mask: 255.255.255.0
Gateway: N/A
Metasploitable (Victim Machine)
To edit the IP configuration file on Metasploitable, use: gedit /etc/networking/interfaces
IP Address: 10.5.4.100
Subnet Mask: 255.255.255.0
Gateway: N/A
the System Scan Report. Your report should include the following:
Introduction
Target System
Zenmap Scan
OpenVAS Scan
Open Socket Connection
Recommendations
References
TASK
1.2.1: Identify the target audience, the context, and the goal of the communication.
Provide a brief introduction explaining the services performed and a summary at the end with the important findings of the scan. Validate your recommendations using industry-standard techniques. Include at least two to three references in IEEE format.
1.4.2: Use vocabulary appropriate for the discipline, genre, and intended audience.
Make sure the report to the client contains grammatically correct language without any spelling or typographical errors. Explain industry acronyms when they are introduced since they may be unfamiliar to the client.
10.1.2: Gather project requirements to meet stakeholder needs.
The client has asked for a Zenmap scan, an OpenVAS vulnerability scan, and to use other accepted industry practices for the systems scan. You will need to include screenshots and note the application versions that are listed and displayed in the scan results.
12.2.1: Identify systems for the risk assessment.
During any scan report, it is critical that you list the IP address of the system you are using to connect to the client’s corporate network (for auditing purposes) as well as the IP address of the system(s) that you are scanning. Discuss the scope of engagement and the limitations of your actions to stay within the parameters of the test.
12.2.2: Perform a risk analysis.
Explain to the client the security issues that are present on the Linux system. Discuss critical vulnerabilities that need to be addressed and the measures that may need to be taken to deal with the underlying security issues (additional staff, equipment, billable hours, etc.).
13.1.1: Create documentation appropriate to the stakeholder.
In this section, recommend that you and your contractors perform a full penetration test on the target system. Mention the implications (ransomware, exfiltration, credential harvesting, etc.) that might occur if the security issues are not addressed.