Cybersecurity Skill Overview
Cybersecurity is the skill of protecting systems and data from cyber incidents. Having the proper cybersecurity technical skills and foundational knowledge is necessary to be able to understand and complete relevant cybersecurity tasks which is fundamental to excelling in the field of cybersecurity.
Artifact #1
Artifact 1 is a cybersecurity lab that focuses on techniques and processes related to ethical hacking and tasks the student with working through the lab step by step.
OLD DOMINION UNIVERSITY
CYSE 301 CYBERSECURITY TECHNIQUES AND OPERATIONS
Assignment #4 Ethical Hacking
Parker Fitch
01163582
Task A
1.
Ran an nmap scan against the Windows XP machine by using the proper ip address which listed the open ports and services.
2.
Identify the SMB port is open, 444 which is shown as open in the nmap scan above.
3.
Type in msfconsole and use the search command to find the ms08_067_netapi exploit.
4.
Use the exploit found with the search command and set the proper payload.
5.
Set the proper LPORT for the exploit.
6.
Load espia and use the screengrab command.
7.
Use the localtime command to get the timestamp.
8.
Use the getuid command to get the User ID.
9.
Use the getpid command to get the process ID.
10.
Use the sysinfo command to get the system information.
Task B
1.
Launch msfconsole, search for the eternalblue exploit, use it, set the proper parameters, and run the exploit, the result ended up not being successful and displayed that the target was not found to be vulnerable.
Task C
1.
Create a payload with the proper parameters using msfvenom, move the payload to the html location, start an apache http server, open the apache webserver from the windows machine, type in the payload name to download it, set up msfconsole multi handler with the appropriate parameters and run it, and then run the payload on the windows machine and it will create a session.
2.
Load espia and use the screengrab command.
3.
Create a properly named text file containing the current timestamp and use the upload command with the desktop pathfile as the destination and the text file as the target to upload.
4.
Background the current session, use the bypassuac windows exploit and insert the proper parameters including the previous session and run it.
5.
Use the net user add and net localgroup add commands to create an administrator profile with the proper parameters, remote into the account that was just created and browse to the Window 7 files.
Artifact #2
Artifact 2 is a cybersecurity lab that focuses on techniques and processes related to password cracking and tasks the student with working through the lab step by step.
OLD DOMINION UNIVERSITY
CYSE 301 CYBERSECURITY TECHNIQUES AND OPERATIONS
Assignment #5 Password Cracking
Parker Fitch
01163582
Part 1
Task A
1.
This task shows the two proper groups being created and then displaying the id information of them.
2.
This task shows three users being created and added to their respective groups as well as displaying the relevant id information of them.
3.
user1 = apple
user2 = applebanana1
user3 = aPpLeBaNaNa123
user4 = banana
user5 = bananaapple1
user6 = bAnAnAaPpLe123
This task shows each of the three users on the groups being assigned a new password.
4.
This task shows the users password hashes being placed in the proper file and then using john to perform a dictionary attack and crack the hashes to retrieve the passwords.
Task B
user1 = apple
user2 = banana
user3 = applebanana
1.
This task shows the hashdump being displayed on meterpreter and placed in the proper file.
2.
This task shows john being used to crack the hash and find the passwords for the account after saving the hashes to the proper file and using the rockyou list.
Part 2
Task C
1.
This file was decrypted by using the aircrack and airdecap commands and the detailed network analysis shows it is primarily arp protocol traffic from alfa source trying to find the mac of a specific ip by broadcasting.
2.
This file was decrypted by using the aircrack and airdecap commands and the detailed network analysis shows it is primarily ipv4 tcp traffic attempting handshakes.
Task D
1.
This specific file was determined based on the appropriate hash and the key was found by launching a dictionary attack with aircrack and the rockyou list.
2.
The traffic is decrypted by using the airdecap ng command with the proper configurations for file, id, and the key discovered previously. This traffic is primarily over the 802.11 protocol and is almost entirely traffic from and to various networking organizations such as netgear, xiaomi communications, cisco, huawei technologies, and the like.
Artifact #3
Artifact 3 is a cybersecurity lab that focuses on techniques and processes related to offensive and defensive cybersecurity and tasks the student with working through the lab step by step.
OLD DOMINION UNIVERSITY
CYSE 301 CYBERSECURITY TECHNIQUES AND OPERATIONS
Assignment #3 Sword vs. Shield
Parker Fitch
01163582
Sword vs. Shield
Task A
1.
This result was obtained by entering in the proper nmap command specifying the v A and sV modifiers in order to get the proper information as well as the proper target being that of the subnet.
2.
This result was obtained by opening wireshark and enabling it to listen for traffic while the above nmap scan was running. The traffic pattern observed through what the wireshark picked up was that there were a large number of packets being sent to all the devices and ports on the subnet attempting to probe the network by verifying what devices and services were available and then taking it a step further to deduce what version of those services or devices were being reached if at all. Some more specific patterns are that there were a large number of packets compared to normal traffic which would alert network administrators if present and taking the necessary precautions. Specifically, there was a large influx of tcp, http, and tls traffic flowing to each of the devices and ports on the subnet attempting to retrieve this information and probe for the device running the nmap scan. The packets are predominantly containing the source IP of the device that ran the nmap scan and the destination is the current device that it was probing, although if the services were running there would typically be subsequent packets with the reverse source and destination ip values instead.
Task B
1.
| Rule # | Interface | Action | Source IP | Destination IP | Protocol |
| 1 | WAN | Block | 192.168.217.3 | 192.168.10.18 | ICMP |
This result was obtained by adding a firewall rule blocking ICMP traffic from the external kali to ubuntu on the wan.
2.
| Rule # | Interface | Action | Source IP | Destination IP | Protocol |
| 1 | WAN | Block | 192.168.217.3 | Any | ICMP |
This result was obtained by adding a firewall rule to block all ICMP traffic from external kali.
3.
| Rule # | Interface | Action | Source IP | Destination IP | Protocol |
| 1 | WAN | Block | 192.168.217.3 | Any | Any |
| 2 | WAN | Pass | 192.168.217.3 | 192.168.10.18 | FTP |
This result was obtained by adding a firewall rule to block all traffic from external kali into lan except for FTP traffic to specifically ubuntu.
4.
This result was obtained by using the same previous nmap scan command after applying the new firewall rule. The main difference is that this nmap scan returned little to no information since the new firewall rule was blocking all traffic from the external kali machine except FTP traffic, which explains why the nmap scan received 0 responses back which is significantly less than before the firewall rule was applied.