1.4Performance Assessment 1_Session Hijacking and Evading IDS and Firewall

docx

School

ECPI University, Manassas *

*We aren’t endorsed by this school

Course

225

Subject

Information Systems

Date

Jan 9, 2024

Type

docx

Pages

5

Uploaded by sidorelakollcaku

Report
Performance Assessment: Session Hijacking and IDS and Firewall Evasion Techniques In this Performance Assessment, you will perform the tasks you have been taught in the Guided Practices (iLabs content from EC-Council). You may use the book and any notes you have. You may look at your prior labs. You may not give or receive help from other students. You may ask your instructor for assistance, but it is likely to cost points. How does this practical lab apply in the real world? Most important communications that occur on the web take place within a session. These sessions are usually authenticated and encrypted. As a penetration tester, you will need to know how to test for and exploit the vulnerabilities in these sessions to determine the risk to an organization. Most all organizations will use both firewalls and IDS/IPS systems to protect their networks. This makes it imperative that you, as a penetration tester, test these systems and know the common methods used to evade or circumvent them. In this activity, you will be assessed on your ability to use common tools to hijack a session and evade IDS and firewalls. Document your findings thoroughly, through screenshots and well- written paragraphs that describe the purpose of the tools you used, options you set as well as interpretation of the results. Resources Needed This lab assessment covers Modules 11 and 12 from your EC-council lab content. Thus, all resources you will need will be from your labs, your text, and any research that you might have. Level of Difficulty Moderate Important Please note the following guidance : This Assessment should be performed in the VCastle POD using the Parrot Linux virtual machine. All screenshots should reflect your own work and should have the date, time, and user information (name, student ID) clearly displayed All takeaways/inferences you can make about your target based on the reconnaissance should be clearly expressed (full sentences without excessive use of bullet points) and should be in your own words and result from you doing the work.
Instructions Tasks: 1. Using any of the tools available on the ParrotOS virtual machine, perform a session hijacking attack using the Windows 10 machine as a target. a. Login to the Windows 10 machine open a browser and login to the firewall using the web interface. Use the following credentials: ( Note : these will not work, they are used so that you can see the authentication attempt in your hijacked session) i. fwadmin ii. Password1 b. Provide documentation of the following: i. Any commands or tools and settings used to hijack the session Bettercap Net.probe on Net.recon on set http.proxy.sslstrip true set arp.spoof.internal true set arp.spoof.targets 172.31.0.3 http.proxy on arp.spoof on net.sniff on set net.sniff.regexp ‘.*password=.+’ ii. A screenshot of any user authentication information captured. 2. For the exploit in the previous question, explain how the exploit worked and what controls could be used to minimize or eliminate this vulnerability. Answer : Bettercap can be used to capture and analyze network packets, potentially leading to the exposure of sensitive data. Here's how it might work and how to mitigate it:
Exploit: An attacker uses Bettercap to capture unencrypted network traffic, which could contain login credentials, personal information, or other sensitive data. Mitigation: Encryption: Encourage or enforce the use of encryption protocols to protect data in transit. Network Monitoring: Employ network monitoring solutions that can detect and alert on unusual packet capture activities. Use Strong Authentication: Implement strong authentication mechanisms to reduce the risk of credential theft. 3. From the ParrotOS virtual machine, use nmap to perform an Idle scan of a host on the network. a. Provide the following documentation: i. IP address of the idle (zombie) host: 172.31.0.6 172.31.0.3 ii. Screenshot showing the command used to perform the Idle scan and its output.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
4. Explain, in your own words, how the TCP Idle scan works. Answer: TCP Idle scan is a stealthy port scanning technique where an attacker uses a third-party "zombie" host to indirectly determine if ports on a target system are open or closed. It works by sending spoofed packets to the zombie host and analyzing the responses to infer the port states. RST responses indicate closed ports, while no responses or ICMP errors suggest open ports. It's a covert method, but also depends on finding the right zombie host and network conditions.

Related Documents

CYB 200 Assignment 5.pdf
Document9.docx
Homework 3.docx
SITHCCC041 Student Assessment Tasks.docx
SITHKOP009 Student Assessment Tasks.docx
1.3Project Remediation Plan W1 - Risk and Compliance.docx
W2.7 Guided Practice DHCP.docx
W1 Performance Assessment- Multiple Routers.docx
W1 Guided Practice Networking Review.docx
SITXHRM002 Roster Staff Written assessment STUDENT v2.2 30 May 2021.docx
Week 3 Case Study Essay Questions.docx
CIS 552 Week 8 Discussion.docx