Study Guides: Ethical Learning. Better Understanding

CTCH 690 9040: Unit 8 Assignment: Project 4 Part B: Grey Box Approach Hands-on Exercises

CTCH 690 9040: Unit 8 Assignment: Project 4 Part B: Grey Box Approach Hands-on Exercises

Unit 8 Assignment: Project 4 Part B: Grey Box Approach Hands-on Exercises

Overview

The objective of this task for the City of Gotham is to perform penetration testing on Gotham city server. Leveraging a grey box approach, you will be able to effectively identify and exploit vulnerabilities within the target environment.

A grey box penetration test can be a valuable tool in assessing and improving the security of Gotham City server. This type of penetration test combines elements of both black box testing and white box testing. Grey box testing can provide a more realistic simulation of how an actual attacker might approach the Gotham City server. It allows you to mimic the level of information an attacker might have, which helps in identifying vulnerabilities and weaknesses that an external attacker could exploit. Grey box testing assesses the effectiveness of Gotham City server’s security controls.

By the end of these hands-on exercises, you will have practice experience conducting successful penetration tests and secure systems against potential cyber threats.

Exercise 1: Banner Grabbing

Objective: Perform banner grabbing on a target machine using Nmap from your Kali Linux machine.

Instructions

  1. Open a terminal on your Kali Linux machine.
  2. Execute the following command to perform an Nmap scan on the target IP address (10.11.14.84) and retrieve service version information:
    nmap -sC -sV 10.11.14.87
  3. Once the Nmap scan is complete, analyze the output to identify the services running on the target machine.
  4. Perform banner grabbing on each identified service to extract additional information, such as service banners or headers.
  5. Submit the content of the flag found during banner grabbing.

Note: Ensure that you document your process and observations during the exercise.

Green terminal output displays results from an Nmap scan of a host, listing open ports such as FTP, HTTP, RPC, NetBIOS, and Microsoft Terminal Services along with their associated service versions and configuration details.
Green terminal output from an Nmap scan lists host information for a Windows server, including DNS details, SSL certificate dates, SMB service settings, and MAC address data.

 

Connect to the ftp port as follows:

nc 10.11.14.87 21

Green terminal output displays results from an Nmap scan of a host, listing open ports such as FTP, HTTP, RPC, NetBIOS, and Microsoft Terminal Services along with their associated service versions and configuration details.

Exercise 2: Anonymous FTP Login

Objective: Connect to an FTP server anonymously and retrieve a flag file.

Instructions

  1. Based on the Nmap output from the previous exercise, identify that the FTP service is enabled and supports anonymous login.
  2. Open a terminal on your Kali Linux machine.
  3. Connect to the FTP port of the target IP address (10.11.14.84) using the following command:
    ftp 10.11.14.84
  4. When prompted for the username, type “anonymous” and press “Enter”.
  5. When prompted for the password, press Enter (leave it blank) and press Enter again.
  6. After successful login, type “dir” to list the contents of the FTP server.
  7. Identify the flag1.txt file in the directory listing.
  8. Use the “get” command to download the flag1.txt file:
    get flag1.txt.
  9. Once the file is downloaded, exit from the FTP session:
    exit
  10. Finally, display the content of the flag1.txt file using the following command:
    cat flag1.txt.

Note: Ensure that you document your process and observations during the exercise.

Terminal text displays an anonymous FTP login session showing directory contents, file retrieval of “Flag1.txt,” and successful data transfer messages.
Terminal output
(root💀KALI)-[~]
# cat Flag1.txt
Flag1{FTP_IS_INSECURE}

Exercise 3: Source Code Review

Objective: Review the source code of a web page to find a hidden flag.

Instructions

  1. Based on the Nmap output from the previous exercises, identify that the HTTP port is open on the target IP address (10.11.14.87).
  2. Open a web browser or use a tool like curl to navigate to the target web server by entering the following URL in the address bar: http://10.11.14.87
  3. Once the webpage loads, press Ctrl+U to view the page source code.
  4. Analyze the source code to find flag3.
  5. The flag may be hidden within HTML comments, JavaScript code, or other elements of the webpage source.
  6. Once you’ve found the flag, make a note of it for submission.

Note: Ensure that you document your process and observations during the exercise.

A web browser displays the default Microsoft IIS welcome page with a blue background and a grid of multilingual “Welcome” tiles.
HTML source code for the IIS welcome page appears in a browser window, showing the document structure, CSS styling, and a linked image file. A commented line near the bottom contains the hidden text “Flag2{Always_Read_The_Source_Code}.”

Exercise 4: Decoding

Objective: Decode an encoded file using an online Base64 decoder.

Instructions

  1. Connect to WINSERVERTGT.
  2. Locate the file named “Flag4.txt” on the desktop.
  3. Open the “Flag4.txt” file and copy its content.
  4. Open a web browser and navigate to https://www.base64decode.org/.
  5. Paste the copied content into the provided text area on the website.
  6. Click the “Decode” button to decode the content.
  7. Once the decoding process is complete, the original text will be displayed.
  8. Review the decoded content to find flag4.
  9. Make a note of the flag for submission.

Note: Ensure that you document your process and observations during the exercise.

A Windows desktop with a red background displays a Notepad window containing a message that reads “Decode me” followed by a long encoded string. A file labeled “Flag4” sits on the desktop alongside the Recycle Bin icon.
  1. Paste the encoded text and click “Decode” and submit the Flag4.
A Base64 decoding webpage displays the encoded string in a text box with the “Decode” button highlighted below it. The decoded output appears at the bottom of the page as “Flag4{Encoding_Is_Not_Encryption}.”

Tutorial for Grey Box Approach Hands-on Exercises

Grey Box Approach Hands-on Exercises

$22.00

Posted

in

by

Tags:

Biology CMIT 495 Course Syllabus ITT-116 Syllabus