Lab Assignment Number Module 3 Lab Assignment 2

Lab Assignment Name Module 3 Lab Assignment 2

Screenshots (Paste at least 5 screenshots here):
Target selected: rightlink.mx, udem.edu.mx
Lab Observations/Information Gathered:

Responder: We were able to do some poisoning the NBT-NS requests and were able to
obtain the administrators hash; we then saved the hash into a notepad in desktop and ran a
john the ripper brute forcing the most common password list, as we see in the screenshot
we were able to successfully obtain the password from the machine using the rockyou.txt
file.

L0PHTCrack: L0phtCrack is an auditing tool we used to recover all the existing passwords on
the machine, it helps administrators assess the security of password policies and identify
weak passwords used on the system, it uses brute force attacks and leverage precomputed
hash tables to accelerate the password cracking process. By auditing the existing passwords
we can determine which accounts are most vulnerable to password attacks and mitigate
potential security breaches by requesting the user to change his/her password.

VNC Session: We were able to search in metasploit for MS11. The MS11-003 Microsoft
Internet Explorer (IE) recursive import vulnerability is an exploit that targets a specific
security flaw in older versions of Internet Explorer. The vulnerability allows an attacker to
execute arbitrary code on a victim's machine and potentially gain unauthorized access.

The exploit works by exploiting a memory corruption issue in Internet Explorer's handling of
cascading style sheets (CSS) that involve recursive import statements. When a victim visits a
malicious website or opens a specially crafted HTML page, the attacker can trigger the
vulnerability by exploiting the way IE processes these recursive CSS import statements.
We launched a virtual machine using windows 7 and were able to obtain a VNC established
connection by just inputting the victims IP.

Armitage – We ran a full Armitage scan on the entire existing network and successfully
mapped out the connected windows/Linux machines, and was able to determine open ports.
However, the querying exploits function was stuck for hours on end without advance and
not even restarting the machine worked, but the main point was taken, this tool helps scan
which vulnerabilities apply to which local targets and helps you semi-automate an attack
execution using metasploit in the background.
 Thefatrat – After exploring the fat rat a bit, I was able to generate a meterpreter .exe
payload and then embedded this payload into a word document with the same function
within the fat rat to generate word documents, ran it in my virtual windows 7 machine and
got a meterpreter session back, however the .exe payload crashed but the objective to get a
response in the meterpreter window was successful, I learned how to launch these type of
malware attacks and how to secure them using the correct macro settings within office and a
anti malware solution.

Lab Assignment Submission Template

References:

EC-Council (2020). Certified Ethical Hacker (CEH) Version 11 w/ iLabs (Volumes 1 through 4).
International Council of E-Commerce Consultants (EC
Council). https://bookshelf.vitalsource.com/books/9781635675160