Your Perfect Assignment is Just a Click Away

We Write Custom Academic Papers

100% Original, Plagiarism Free, Customized to your instructions!

How It Works
Order Now
glass
pen
clip
papers
heaphones

Lewis University Attack Defense & Analysis of a Vulnerable Network Presentation

Computer Science, Lewis University

Computer Science, Lewis University

Lewis University Attack Defense & Analysis of a Vulnerable Network Presentation

Activity File: Alert and Attacking Target 1

Overview

You are working as a Security Engineer for X-CORP, supporting the SOC infrastructure. The SOC analysts have noticed some discrepancies with alerting in the Kibana system and the manager has asked the Security Engineering team to investigate.

To start, your team needs to confirm that newly created alerts are working. Once the alerts are verified to be working, you will monitor live traffic on the wire to detect any abnormalities that aren’t reflected in the alerting system.

You will then report back all your findings to both the SOC manager and the Engineering Manager with appropriate analysis.

You have two class days to complete this activity.

Instructions

Start by configuring new alerts in Kibana. Once configured, you will test them by attacking a system.

Open the Defensive Report Template and complete it as you progress through the activity.

Configuring Alerts

Complete the following to configure alerts in Kibana:

  1. Access Kibana at 192.168.1.100:5601
  2. Click on Management > License Management and enable the Kibana Premium Free Trial.
  3. Click Management > Watcher > Create Alert > Create Threshold Alert
  4. Implement three of the alerts you designed at the end of Project 2.

You are free to configure any alerts you’d like, but you are recommended to start with the following:

  • Excessive HTTP Errors

WHEN count() GROUPED OVER top 5 ‘http.response.status_code’ IS ABOVE 400 FOR THE LAST 5 minutes

  • HTTP Request Size Monitor

WHEN sum() of http.request.bytes OVER all documents IS ABOVE 3500 FOR THE LAST 1 minute

  • CPU Usage Monitor

WHEN max() OF system.process.cpu.total.pct OVER all documents IS ABOVE 0.5 FOR THE LAST 5 minutes

Note: There are a few way to to view these log messages and their associated data. options.

  • First, you can see when alerts are firing directly from the Watcher screen.
  • As you attack Target 1, keep the watcher page open to view your alerts fire in real time.

  • To view network traffic associated with these messages, we need to create a new ‘Index Pattern’:
  • Click on Management > Index Patterns and click on the button for ‘Create Index Pattern’.

  • Make sure to turn on the toggle button labeled ‘Include System Indices’ on the top right corner.

  • Create the pattern .watcher-history-*
  • After you have this new index pattern, you can search through it using the ‘Discovery’ page.
  • Enter result.condition.met in as search filter and you can see all the traffic from your alerts.

Attacking Target 1

Open the Offensive Report Template and complete it while you progress this activity.

You will need to run a few commands on Target 1 in order to ensure it forwards logs to Kibana. Follow the steps below:

  • Open the Hyper-V Manager.
  • Connect to Target 1.
  • Log in with username vagrant and password tnargav.
  • Escalate to root with sudo -s.
  • Run /opt/setup.

This enables Filebeat, Metricbeat, and Packetbeat on the Target VM if they are not running already.

Now that you’ve configured alerts, you’ll attack a vulnerable VM on the network: Target 1.

Ignore the Target 2 machine at this time. If you complete the entire project with time to spare, ask your instructor for directions on attacking Target 2 and integrating it into your project.

Complete the following high-level steps:

  1. Scan the network to identify the IP addresses of Target 1.
  2. Document all exposed ports and services.
  3. Enumerate the WordPress site. One flag is discoverable after this step.
    • Hint: Look for the Users section in the output.
  4. Use SSH to gain a user shell. Two flags can be discovered at this step.
    • Hint: Guess michael’s password. What’s the most obvious possible guess?
  5. Find the MySQL database password.
    • Hint: Look for a wp-config.php file in /var/www/html.
  6. Use the credentials to log into MySQL and dump WordPress user password hashes.
  7. Crack password hashes with john.
    • Hint: Start by creating a wp_hashes.txt with Steven and Michael’s hashes, formatted as follows
  • user1:$P$hashvalu3

user2:$P$hashvalu3

  1. Secure a user shell as the user whose password you cracked.
  2. Escalate to root. One flag can be discovered after this step.
    • Hint: Check sudo privileges. Is there a python command you can use to escalate to sudo?

Try to complete all of these steps. However, you may move on after capturing only two of the four flags if you run out of time.

Order Solution Now

Our Service Charter

1. Professional & Expert Writers: Fox Writers only hires the best. Our writers are specially selected and recruited, after which they undergo further training to perfect their skills for specialization purposes. Moreover, our writers are holders of masters and Ph.D. degrees. They have impressive academic records, besides being native English speakers.

2. Top Quality Papers: Our customers are always guaranteed of papers that exceed their expectations. All our writers have +5 years of experience. This implies that all papers are written by individuals who are experts in their fields. In addition, the quality team reviews all the papers before sending them to the customers.

3. Plagiarism-Free Papers: All papers provided by Fox Writers are written from scratch. Appropriate referencing and citation of key information are followed. Plagiarism checkers are used by the Quality assurance team and our editors just to double-check that there are no instances of plagiarism.

4. Timely Delivery: Time wasted is equivalent to a failed dedication and commitment. Fox Writers is known for timely delivery of any pending customer orders. Customers are well informed of the progress of their papers to ensure they keep track of what the writer is providing before the final draft is sent for grading.

5. Affordable Prices: Our prices are fairly structured to fit in all groups. Any customer willing to place their assignments with us can do so at very affordable prices. In addition, our customers enjoy regular discounts and bonuses.

6. 24/7 Customer Support: At Fox Writers, we have put in place a team of experts who answer to all customer inquiries promptly. The best part is the ever-availability of the team. Customers can make inquiries anytime.

Menu
Free resources
 
Dissertation help
 
Email
support@writeship.com  
Foxwriters.org ©2023 All rights reserved. Terms of use | Privacy Policy