BIT354 : Network Vulnerability and Penetration Testing Assessment 2022
Added on 2022-10-01
15 Pages1747 Words17 Views
BIT354
Network Vulnerability and Penetration
Testing
Network Vulnerability and Penetration
Testing
Introduction
Here, I will perform some Network-based Vulnerability Assessment and
Penetration Testing, as per the given provided vulnerable machine. So, I
use the different virtual images to found the network-based vulnerability
and then try to exploit it. I download the machine given from the link in
the assignment docs file. And while open the website I got to know about
the Cybersecurity hacking CTF challenges in that Virtual Machine. And I
try to resolve those challenges to understand the different network
vulnerability challenges and it provides wide challenges on different
platforms like website vulnerability, network vulnerability, forensic part,
network sniffing and many more. So, I have taken the network-related
challenges to create a report of VAPT on networking challenges.
Here, I will perform some Network-based Vulnerability Assessment and
Penetration Testing, as per the given provided vulnerable machine. So, I
use the different virtual images to found the network-based vulnerability
and then try to exploit it. I download the machine given from the link in
the assignment docs file. And while open the website I got to know about
the Cybersecurity hacking CTF challenges in that Virtual Machine. And I
try to resolve those challenges to understand the different network
vulnerability challenges and it provides wide challenges on different
platforms like website vulnerability, network vulnerability, forensic part,
network sniffing and many more. So, I have taken the network-related
challenges to create a report of VAPT on networking challenges.
Analysis
So here I open the virtual machine of the CYSCA 2018, the company
domain is given is bob.cysca and the DNS main server is hosting on IP
address is 192.168.5.53.
Vulnerability – 1 DNS zone transfer vulnerability (Not configured
properly)
So, here the first challenge name is ZONINGV6 which is related to DNS
ZONE transfer configuration on the machine. And if it is not properly
configured, we can fetch the main server information only from domain
name or IP address only using different techniques.
So, here I use the “dig” tool, to fetch some info
After that, we can check the get some more info about the company.
Then, I try one more tool “DNS recon” comes in Kali Linux to fetch more
info about the domain.
From here I get the IPv6 and IPv4 address, now I use the “dig” tool, to hit
the server name on IPv6 now, to get the flag and complete the challenge.
Then I get the result see below;
So here I open the virtual machine of the CYSCA 2018, the company
domain is given is bob.cysca and the DNS main server is hosting on IP
address is 192.168.5.53.
Vulnerability – 1 DNS zone transfer vulnerability (Not configured
properly)
So, here the first challenge name is ZONINGV6 which is related to DNS
ZONE transfer configuration on the machine. And if it is not properly
configured, we can fetch the main server information only from domain
name or IP address only using different techniques.
So, here I use the “dig” tool, to fetch some info
After that, we can check the get some more info about the company.
Then, I try one more tool “DNS recon” comes in Kali Linux to fetch more
info about the domain.
From here I get the IPv6 and IPv4 address, now I use the “dig” tool, to hit
the server name on IPv6 now, to get the flag and complete the challenge.
Then I get the result see below;
Here, we try with different port number combinations from result we get
using the dig tool, and get the “Netcat” tool to have the flag at last.
using the dig tool, and get the “Netcat” tool to have the flag at last.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
In this assignment, the following configurations applies, Ubuntulg...
|14
|482
|50