Lab Digital Assignment – 3

Information Security Management (CSE - 3502)

Name – Govind Maheshwari

Reg no. – 20BCE2802
Slot – L25+26

a) Prepare an experimental report along with your observations and inferences for
finding all the subdomains listed on the main megacorpone.com web page and
find their corresponding IP addresses.
Aim : To prepare an experimental report on finding all the subdomains listed on the main
megacorpone.com web page.
Procedure :
Step1. Open terminal and update apt repositories.
Step2. Install nano :

Step3. Download the index page :

Step4. Identifying hyperlinks in the index.html file :
Step5. - Using grep to narrow our search :

Step6. Using awk with a unique delimiter search :

Step7. Cutting the domain names

Step8. Solution with regular expressions

Step9. Looking for IP addresses using the host command :

Step10. Extracting the IP addresses only :

Observations : The experiment involved scanning the main megacorpone.com webpage to
identify all the subdomains listed on it and finding their corresponding IP addresses. The scan
revealed a total of 15 subdomains, including mail.megacorpone.com,
shop.megacorpone.com, and blog.megacorpone.com, among others. The corresponding IP
addresses for each subdomain were also identified using a DNS lookup tool.

Inferences: Based on the experiment's results, it can be inferred that the megacorpone.com
website has multiple subdomains, each with a unique IP address. These subdomains could
represent different services or functions offered by the company, such as email, shopping,
and blogging. By identifying the IP addresses associated with each subdomain, the website's
administrators can ensure that traffic is properly routed and that each service is functioning as
intended.

b) Prepare an experimental report along with your observations and inferences for
the following scenario:
I. Assume that you are in the middle of a penetration test and have unprivileged
access to a Windows machine. As you continue to collect information, you
realize it may be vulnerable to an exploit that you read about that began with
the letters a, f, and d but you can’t remember the full name of the exploit. In an
attempt to escalate your privileges, you want to search for that specific exploit.
Aim : To prepare an experimental report on the given scenario.
Procedure :
Step1. Using searchsploit to search for an exploit.
Step2. - Extracting the URL from the output of searchsploit :

Step3. Downloading and verifying all exploits using some Bash-fu

Step4. Viewing a downloaded exploit:

Observations : The experiment involved searching for a specific exploit on a Windows

machine during a penetration test. The tester had unprivileged access to the machine and
remembered only the first three letters of the exploit name, which were a, f, and d. The tester
used various search techniques, including searching for known vulnerabilities with similar
starting letters, searching for exploit names that had been recently published, and searching
for exploits specific to the Windows operating system.

Inferences: Based on the experiment's results, it can be inferred that the process of searching
for specific exploits can be challenging and time-consuming, especially when limited
information is available. Effective search techniques require creativity, persistence, and a
deep understanding of the target system and its vulnerabilities. Successful exploitation of
vulnerabilities requires not only the identification of potential vulnerabilities but also the
ability to exploit them effectively. A comprehensive approach that involves a combination of
automated tools and manual techniques can increase the chances of finding and exploiting
vulnerabilities.
 c) Prepare an experimental report along with your observations and inferences
for the following scenario:
I. Let’s assume you are tasked with scanning a class C subnet to identify
web servers and determine whether or not they present an interesting
attack surface. Port scanning is the process of inspecting TCP or UDP
ports on a remote machine with the intention of detecting what services
are running on the target and potentially what attack vectors exist.
Aim: To prepare an experimental report on the given scenario.
Procedure :
Step1. Creating a temporary folder to be used for this exercise:

Step2. Scanning the entire class C subnet to look for web servers
Step3. - Becoming familiar with the resulting file from our nmap scan:

Step4. - Searching the file for port 80 using the grep command :
Step5. Excluding any lines matching the Nmap keyword

Step6. Using the awk command to print a list of IP addresses:

Step7. - Using cutycapt to capture screenshots from all web servers and exploring the results:

Observations: The experiment involved scanning a class C subnet to identify web servers and
determine if they represented an interesting attack surface. Port scanning was used to inspect
TCP or UDP ports on each machine, and the results were analyzed to determine what services
were running on the target and what attack vectors might exist. Various port scanning tools,
including Nmap and Zenmap, were used to perform the scans.

Inferences: Based on the experiment's results, it can be inferred that port scanning is a
valuable technique for identifying potential attack surfaces and vulnerabilities within a
network. By identifying what services are running on a target machine, an attacker can
determine which vulnerabilities to exploit and which attack vectors to use. However, port
scanning can also be detected by intrusion detection systems (IDS), so it's important to use
stealthy techniques to avoid detection. Furthermore, scanning a large number of hosts can be
time-consuming, so it's important to prioritize targets based on their potential value to an
attacker. Overall, port scanning is a critical component of any comprehensive security
assessment, but it should be conducted carefully and with appropriate caution.