Professional Documents
Culture Documents
Lab Digital Assignment
Lab Digital Assignment
a) Prepare an experimental report along with your observations and inferences for
finding all the subdomains listed on the main megacorpone.com web page and
find their corresponding IP addresses.
Aim : To prepare an experimental report on finding all the subdomains listed on the main
megacorpone.com web page.
Procedure :
Step1. Open terminal and update apt repositories.
Step2. Install nano :
Inferences: Based on the experiment's results, it can be inferred that the megacorpone.com
website has multiple subdomains, each with a unique IP address. These subdomains could
represent different services or functions offered by the company, such as email, shopping,
and blogging. By identifying the IP addresses associated with each subdomain, the website's
administrators can ensure that traffic is properly routed and that each service is functioning as
intended.
b) Prepare an experimental report along with your observations and inferences for
the following scenario:
I. Assume that you are in the middle of a penetration test and have unprivileged
access to a Windows machine. As you continue to collect information, you
realize it may be vulnerable to an exploit that you read about that began with
the letters a, f, and d but you can’t remember the full name of the exploit. In an
attempt to escalate your privileges, you want to search for that specific exploit.
Aim : To prepare an experimental report on the given scenario.
Procedure :
Step1. Using searchsploit to search for an exploit.
Step2. - Extracting the URL from the output of searchsploit :
Inferences: Based on the experiment's results, it can be inferred that the process of searching
for specific exploits can be challenging and time-consuming, especially when limited
information is available. Effective search techniques require creativity, persistence, and a
deep understanding of the target system and its vulnerabilities. Successful exploitation of
vulnerabilities requires not only the identification of potential vulnerabilities but also the
ability to exploit them effectively. A comprehensive approach that involves a combination of
automated tools and manual techniques can increase the chances of finding and exploiting
vulnerabilities.
c) Prepare an experimental report along with your observations and inferences
for the following scenario:
I. Let’s assume you are tasked with scanning a class C subnet to identify
web servers and determine whether or not they present an interesting
attack surface. Port scanning is the process of inspecting TCP or UDP
ports on a remote machine with the intention of detecting what services
are running on the target and potentially what attack vectors exist.
Aim: To prepare an experimental report on the given scenario.
Procedure :
Step1. Creating a temporary folder to be used for this exercise:
Step2. Scanning the entire class C subnet to look for web servers
Step3. - Becoming familiar with the resulting file from our nmap scan:
Step4. - Searching the file for port 80 using the grep command :
Step5. Excluding any lines matching the Nmap keyword
Observations: The experiment involved scanning a class C subnet to identify web servers and
determine if they represented an interesting attack surface. Port scanning was used to inspect
TCP or UDP ports on each machine, and the results were analyzed to determine what services
were running on the target and what attack vectors might exist. Various port scanning tools,
including Nmap and Zenmap, were used to perform the scans.
Inferences: Based on the experiment's results, it can be inferred that port scanning is a
valuable technique for identifying potential attack surfaces and vulnerabilities within a
network. By identifying what services are running on a target machine, an attacker can
determine which vulnerabilities to exploit and which attack vectors to use. However, port
scanning can also be detected by intrusion detection systems (IDS), so it's important to use
stealthy techniques to avoid detection. Furthermore, scanning a large number of hosts can be
time-consuming, so it's important to prioritize targets based on their potential value to an
attacker. Overall, port scanning is a critical component of any comprehensive security
assessment, but it should be conducted carefully and with appropriate caution.