Pen Testing | Questions and Answers

Verified

Added on 2022/07/28

AI Summary

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: PEN TESTING
Pen Testing
Name of the Student
Name of the University
Author’s Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1
PEN TESTING
Task 2
Part 1 – Group Exercise
Answer to Question 1:
The old web-server or website was not decommissioned due to negligence of the IT staffs
and it was reused for hosting the new website of the company.
Answer to Question 2:
No the privileges was not assigned according to the job requirement to each of the
employees. The assigning of privilege based on the job role would cause the employee to limit
access to reach the web server and restrict them to exploit the vulnerability.
Answer to Question 3:
No vulnerability assessment or pen testing was performed on the hosted web server and
this caused the system to become vulnerable. Performing the penetration testing on the system
would help the IT staff to identify the weakness and eliminate the issue related with the
vulnerability with the application of updates, patches and removal of the old vulnerable web
page.
Answer to Question 4:
No accounts of the ex-employees has been deleted from the old defaced website and they
have the privilege of getting access of the organizational information. The attacker intruded into
the system with the account of an old employee and compromised the security system of the web
server.

2
PEN TESTING
Answer to Question 5:
The IT staff or the server admin was notified about the attack automatically during the time of
critical changes made in the server since there was no intrusion detection system used and the
server was installed outside the DMZ zone. The hacker also modified the system log files for
covering the track and not getting traced.
Answer to Question 6:
No IPS or IDS and web application firewall was installed for restricting the outside users
to access the server and thus the server was vulnerable to different types of attack from the
internal or the external threats.
Answer to Question 7:
There was no backup plan created for performing a regular backup of the file system and
information residing in the web server. The attacker had sufficient time to take backup of the
defaced website and thus relied that the attacker has already taken backup.
Answer to Question 8:
The lack of installation of the intrusion prevention system and monitoring application
/device resulted in not configuration of automatic configuration. Thus when the attacker deleted
the log files no notification is generated and the attacker performed the exploit without getting
detected. The rc.d file in Linux is used for controlling the starting of the different services on the
server.
Answer to Question 9:

3
PEN TESTING
Access was allowed to the servers from the external networks for the users having
privilege as root or admin. The server is configured with web services and the remote user can
access the server using http and ssl ports.
Part 2 – Information Gathering Script
1. List of unique people are obtained in alphabetic order and placed them is a separate file:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4
PEN TESTING
2. List of itenums that are obtained in ascending numerical order and placed them is a
separate file:

5
PEN TESTING

6
PEN TESTING
3. List of unique netnames are obtained in alphabetic order and placed them is a separate
file:
Bonus Extension
Dynamically creation of file with format:
option_YYYY_mm_dd_HH_MM_ss.txt

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7
PEN TESTING
Bibliography
Fisher, C., 2017. Linux filesystem events with inotify. Linux Journal, 2017(280), p.2.
Flynt, C., Lakshman, S. and Tushar, S., 2017. Linux Shell Scripting Cookbook. Packt Publishing
Ltd.

1 out of 8

+13062052269

info@desklib.com

Pen Testing | Questions and Answers

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

The main reason for not decommissioning the older

Vulnerability in Microsoft Data Access Components (MDAC)

Microsoft MDAC Vulnerability Analysis

Network Security Vulnerability Analysis

Penetration Testing Penetration Testing

Design of System Components and User Interfaces