ETHICAL NETWORK HACKING (ENH811S)

Individual Assignment [100 Marks]

Date of Submission: 03 May 2024

Objective

The assignment aims to equip students with the necessary skills to identify vulnerabilities in
IT systems and provide a detailed report of vulnerabilities and recommendations to address
such vulnerabilities. Additionally, to demonstrate skills in securing misconfigured systems and
services of any given organization.

Tools Required: Available on ISNOTES

 NEC Victim Machine

 Kali Linux
 Webserver Machine

Task 1: System Security Assessment - NEC Victim Server [60]

A Penetration test is done to establish the security posture of an organization. Companies

hire Penetration testers or Ethical hackers to do just that. It helps companies identify
vulnerabilities and address them before such vulnerabilities are exploited by the bad guys.
You’ve been hired to do a Penetration Test for a company called Namibia E-Commence Pty
Ltd (NEC). NEC has many servers that host critical business applications and services, however,
the scope of this test limits you only to a system that is on the same network as your
designated Kali machine. You are required to do a thorough penetration test on the given
server and write a Penetration Test Report for NEC where you present any vulnerabilities
identified during the penetration test.

Task 2: Securing Apache Webserver – NEC Webserver [40]

Namibia E-Commence Pty Ltd has an Apache web server that they have envisioned to host
their company's official websites. Currently, the system administrator has set up the server
and installed the required Apache webserver services. Before installing WordPress Content
Management System that will run their official website, the Company would like you to assess
the current Apache configuration, discover the misconfiguration/vulnerabilities and harden
the Server. Compile a report that documents all the misconfigurations found and details all
the steps you followed to harden the Apache server. Include all the commands used and the
screenshot as evidence.
 Guidelines Assessment of the Report

None Some with little Some with added effort Average Above average Commendable Outstanding
effort
Scope Scope not Some effort on Added effort on Scope somehow Outlined Above-average effort Some commendable Exceptional outline
(10 Marks) identified or outline the scope, outlining the scope. and somehow adhered to on outlining and effort on the of the scope and
defined but not adhered to (3-4) (5-6) adhering to the scope. presentation of the assignment was
(0) (1-2) (7-8) scope, and adherence done according to
to the scope. (9) the scope.
(10)
Structure The structure is Some information Added information is Moderate information Added information Commendable The structure
(20 Marks) not relevant. was included but included in the report, was presented. presented in the information was resembles a modern
(0-3) poorly done. but still lacks adequate (10-11) structure of the presented. Penetration Test
(4-6) information. report. (15-17) Report and features
(7-9) (12-14) all relevant
information.
(18-20)
Presentation of No vulnerabilities Some vulnerabilities Vulnerabilities are Vulnerabilities presented Vulnerabilities Vulnerabilities Vulnerabilities
vulnerabilities presented. are presented, but presented according to according to instructions, Presented according presented according presented according
(30 Marks) (0) out of scope. or instructions, some average effort on proof of to instructions, above to instructions, a to instructions,
failed to provide effort to provide proof exploit, plus added average effort in commendable effort outstanding
proof of exploit. of exploit, and recommendations. providing proof of in providing proof of presentation on
(1-6) recommendations. (13-18) exploit, and exploit, and proof of exploits as
(7-12) recommendations. recommendations. well as
(19-24) (25-28) recommendations.
(29-30)
Presentation of No, Little Little misconfiguration Average misconfiguration Above average All misconfiguration All misconfiguration
all steps taken misconfiguration misconfiguration identified, some identified, some misconfiguration identified, Hardening identified,
to secure the was identified, identified, some hardening done but not hardening done, sufficient identified, Hardening done sufficient Hardening done all
Webserver and no hardening hardening done but sufficient commands commands and done sufficient commands and the commands and
(40 Marks) was presented not all commands and screenshot screenshot presented commands and screenshot presented, screenshots
(0) and screenshots presented (19-25) screenshot presented, report properly presented, report
presented (11-18) report well structured structured exceptionally
(1-10) (26-28) (30-35) structured
(30-35)