Questions and Topics We Can Help You To Answer:
Paper Instructions:

Congratulations on recently passing your Certified Ethical Hacker Exam. You have been contracted to perform a LIMITED penetration test on Security Target Incorporated′s network. Security Target Inc. wants you to remotely access a system on their network to simulate an attacker who has already completed part of the Attacker Methodology and gained entry to the network. Your assignment is to discover FTP servers on the network, document your findings, and make recommendations based on any vulnerabilities you find. Security Target, Inc. has recently grown to offer their services online. They have added a web server allowing for web developers to update the website design and application code on an FTP server. Security Target, Inc. realizes that putting this proprietary information on the internet can represent a security risk. They have decided to hire you to assess their FTP server for weaknesses. You have been hired to assess whether their FTP server and service is secure. The target is ftp.cit40600-test.com. You should NOT assess services other than FTP. Remember from the lecture which port FTP listens on. Use nmap to scan that port and only that port (remember, your contract says that you should only test FTP). Scan FTP on the server. You will find information telling you that the port associated with FTP is open. Perform an Aggressive scan against ONLY the FTP port. An example of a command which will work for this purpose with some modification for this exercise: nmap -p FTPPORT TARGET The above command will scan just FTP on the server, nmap -p FTPPORT TARGET The above command will scan FTP aggressively giving you a bit more information about the service as well as the server OS and other information. You must scan the target (detailed below) only on the FTP port. Do NOT run an aggressive scan on the fully qualified domain name without supplying the ″-p″ and port number of FTP. Scanning a particular port on a server was demonstrated in the FTP recorded demo in Module 4. For this lab, you should only use nmap, and an FTP client to exploit the insecure configuration of the FTP server. Do NOT use metasploit or other tools to take advantage of the server. An example of an FTP client would be one which you used when taking the CIT212 class something like WinSCP (winscp.net), FileZilla (filezilla-project.org). You should find the following on the target ftp.cit40600-test.com: You should find that there is an FTP service running. You should find using nmap that the FTP server allows for anonymous login. Anonymous login allows anyone who can see the IP address to be able to login to view the data chosen by the organization to allow FTP access to. Some things to remember: FTP is a plaintext protocol which does not encrypt any of the data which you send to the server, or the server sends to you! Is this a concern for the client? There are fixes to FTP which were discussed previously in the lectures which encrypt the data between the client and the server, but it they don′t protect the data on the server from outside access. There must be some other controls implemented on the server. Research ways to protect data on the server specifically relating to anonymous login FTP servers. Usually this means that you enable authentication. Anonymous means that there is no authentication. Document all of the files which you find on the FTP server, there will be several. You can download the files. You will not be able to see all of the files directly from the FTP client which you use. You will be using an FTP client only to access the files on the FTP server. In your report document the following: 1. A screenshot showing the username that nmap used to login to the FTP server when using the ″-A″ flag for the Aggressive scan. 2. A screenshot showing the client count at session startup. This shows you how many users were connected when you ran the nmap scan. 3. Give all of the scan results shown between PORT STATE SERVICE VERSION and STAT (Give me all of the text information printed here). The details of this will show you some of the insecurities built-in to network services. Especially when authentication is not implemented. 4. A screenshot showing the operating system and version running on the server. You will be required to submit a formal lab report including screenshots of you completing the lab. More screenshots than the ones specifically highlighted above will help you to write the report. Your formal lab report should follow the approved lab format here (Approved Lab Format.docxPreview the document). In each section, you will be graded on: The quality of the desсrіption in the report Your ability to illustrate points using screenshots and interweave the knowledge that you′ve gained up to this point in the course (i.e. you will need to incorporate desсrіptions of the Attacker Methodology and demonstrate the use of terminology learned in class) Your ability to describe the events from the perspective of the attacker (using the Attacker Methodology) You will be expected to discuss about what you were asked to do in the contract, what methods you used to perform the penetration test, and relate this to the Attacker Methodology. You will also make recommendations in the conclusions section to mitigate the risks represented by the vulnerabilities you found, as well as those which you exploited.