Sunday, December 11, 2016

Completed Project Part I

Here are some screenshots from my final project and documentation of everything that I worked on. My project was divided into two parts. The first part was building a virtual network and the second part was using Kali Linux to try to penetration test the network and look for vulnerabilities.

Project Goals: 
My main goal this semester was to learn more about security and different ways that hackers attack systems or social engineer users. I chose to work with Kali Linux because it is a free operating system built specifically for penetration testing and security auditing. Kali has over 600 penetration testing tools included and continues to be updated. More information can be found here: http://docs.kali.org/introduction/what-is-kali-linux. Security is always a concern and as a future network engineer or system administrator I wanted to spend some time "thinking like a hacker". A network administrator and system administrator both need to be right 100% of the time when it comes to security. A hacker on the other hand, only need to be right once before they can compromise an entire system.

Project Functionality: 

  • Simulate a typical network setup for a business 
  • Perform vulnerability scanning on a network
  • Research WiFi and attempt to break WEP encryption
  • Control a computer remotely through Metasploit
  • Attempt a brute force or dictionary password attack on a machine.
  • Learn more about Man in the Middle attacks



Part 1: 
The first part of my project consisted of a simple network.

Network Diagram: 

I set the project up at my house for convenience and because it was easier to test on my own network. I hosted all my virtual machines on my laptop in VirtualBox and also setup a wireless network to see if it was possible to break WEP encryption.


I used the Belkin router to separate my house LAN from my testing network so that I wouldn't interfere with my own devices.







VirtualBox Config: 
Below is a screenshot of my VirtualBox config. All the machines were placed on an internal network and pfSense did the routing between the machines and out to the Internet.



I used the book Metasploit: The Penetration Tester's Guide for reference.
Their recommended setup:

  • Unpatched Windows XP Service Pack 2 
  • Ubuntu 9.0.4
  • Metasploitable
  • Back|Track
My setup:


  • pfSense
  • Windows Server 2012 R2 
  • Windows 8.1
  • Windows 8.1
  • Kali Linux (4.3.0)
I decided to use more current operating systems because I wanted to see if there were any know vulnerabilities and because most businesses have moved away from Windows XP. I also wanted my setup to be similar to a business so that was another reason to use more current operating systems.

pfSense Config:
  • Default username and password (admin/pfsense) 
  • SSH enabled
  • No LAN firewall rules 
  • DHCP server enabled


Windows Server Setup:
  • Domain
  • Active Directory
  • DNS server
  • File Server
  • Remote Desktop Services
  • IIS server
  • Credentials (administrator/test)
No updates were installed and I tried to leave as many defaults as possible. 


I also allowed Telnet (p23) and Web (p80) through the firewall for inbound and outbound traffic.



I also created three user accounts so that I could join my client machines to the domain. 


Client Machines: 
  • Windows 8.1 Pro
  • Firewall Disabled 
  • Antivirus Disabled
  • Username: project1
  • Password: P@ssw0rd1

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)