Lab 4

Lab 4

This lab was about using the different command line scanning tools in Kali Linux and the Zenmap GIU for Nmap. These tools are useful for finding out lots of information on devices on the network. The information ranges from understanding what devices are connected to the network, what ports are open, closed, or filtered, and other detailed information about the connected devices

Exercise 1

Kali commands, no issues here.

Exercise 2

More Kali commands.

Exercise 3

Even more Kali commands

Exercise 4

Using Zenmap, a GUI for Nmap. Features like the topology viewer are great for visualising network, and the 'Host Details' tab gives lots of details about hosts on the network.

Conclusions

This was a pretty quick lab to complete. I didn't have any issues completing the tasks, and the information reported by the tools seemed pretty logical and understandable. Although I haven't personally used most of these tools much, I can see how they would be useful for both network security and network hacking because of the details they give about the network. The tools used in this lab are great for passively identifying what is on a network.

Lab 3

In this blog I will be covering Lab 3/ Using Vulnerability Assessment Tools.

Exercise 1

For this exercise I had to get the Kali VM running with OpenVAS.

This was pretty easy, I just had to add the machine to my LAN port group, refresh DHCP on the machine, and start the OpenVAS service.

DHCP going with the correct address

OpenVAS started successfully (note I accidentally did the command twice haha)

Exercise 2

This exercise was basically just setting up all the OpenVAS stuff. Here's some screenshots of the successful additions of various things in OpenVAS

Adding Credentials


Adding Target

Looking at Scan Configs

Setting a schedule

Looking at schedule (Note the scan is Requested which means I told it to start)

Exercise 3 

This exercise looked at using Microsoft Baseline Security Analyser 2.

As you can see below, I got the scans to run, though not without a little misspelling in the commands

Here we can see the results for WIN2016-MS

And the DC. 

Exercise 4

This exercise just covered looking at the scan results for the scan I started earlier in OpenVAS

Conclusions

This lab showed me some cool tools for monitoring a network for vulnerabilities. I especially like the simple and powerful interface of OpenVAS and I will keep it in mind for future networking projects.

Again, this lab didn't present any major issues to me and ran nice and smoothly. Some common small issues to watch out for seem to be things like misspelling commands, or not configuring things properly. Diligently looking out for errors and making sure everything is set up exactly as required makes life much easier.

Lab 2 (First Lab)

This blog covers our first lab 'Lab 2 / Malware Types'

Exercise 1

For this exercise, we had to install our malware onto the WIN10-WS machine. It is disguised as Minesweeper, but as I noticed, there was a process I didn't recognise in the Task Manager called 'nc.exe' 

This exercise highlighted the importance of minimum privilege and knowledge of what looks suspicious.

Exercise 2

In this exercise, I learned how to exploit the trojan using the port open to Netcat. As the scan below shows, port 4450 is open on the WIN10-WS machine. This port will be used to access the machine's terminal with PuTTy.

With PuTTY, I ran some commands to allow me to remote into the Windows 10 machine

As I went through the steps, I had some issues getting remote access to work.

For the command: "reg add “HKLM\SYSTEM\CurentControlSet\Control\Terminal Server” /v fDenyTSConnections /t REG_DWORD /d 0 /f" I forgot to add the space between "Terminal" and "Server" when writing out the command. There was also misspelling where "Curent" should be "Current" which I noticed as I typed.

Here we can see I successfully got remote access:

I also got the keylogger installed and hidden, then restarted the machine:

Exercise 3

In this exercise, I had to take measures against the malware. As is seen in the screenshot, the firewall rules that were allowing the PuTTY connection are no longer enabled, the .ini file that was auto configuring the malware is deleted, and nc.exe is stopped. This is ok as a temporary fix because the computer is now safe from remote access, but we now need to stop further issues.

Exercise 4

In this exercise, I changed some GPOs that don't allow Windows Defender to be turned off, and some of its features cannot be disabled either. This should mean that Windows defender is always on so it can stop malware such as the one we installed from getting through.

Exercise 5

In this exercise, I first looked using the Window Defender antivirus. With the group policy forcing it to not be closed, it now works. When I try reinstalling the malware, it picks up an inserted virus signature in the the malware. It doesn't pick up the Netcat exploit though.

Because Defender didn't pick up the Netcat exploit, I can still PuTTY in, so I now had to make a firewall rule that would stop any inbound connections to Netcat.

Here is the rule in the firewall, and PuTTY failing to connect with the rule blocking it.

Reflection

This lab didn't present any major blocks to me luckily. I know that many other students had lots of issues getting their machines to communicate over the port groups, but I was fortunate enough to have zero issues in that area :) (And yes, I rubbed it in their faces)