CSC8101 Penetration Testing Assignment 2 :
Full mark for this assignment is 40 marks (40% of the total course mark)
You have learnt a number of Windows based Pen Testing tools and will be learning another lot of Linux based Pen Testing tools. It is time to put your knowledge into practice.
You will use the Microsoft Azure Platform for this assignment. The platform provides a Window server VM, a Kali VM and a Metaploitable VM. You should access Metasploitable VM using Firefox or other tools from Kali VM or from Windows VM within the Virtualization Platform. Do not access Metasploitable directly.
Task 1 Set up your Virtualization Platform (Azure) Task 2 Planning
- You will be Pen Testing a machine Metasploitable (VM).
- Set up your pen testing objectives.
- Set up the criteria for success.
Task 3 Select your tools
- You must choose 4 different tools, Windows or Linux based, for use in this assignment.
- Each tool should be used to provide unique information about the target which the other three tools are not providing. If they have overlapping functionalities for the same set of information, use only one tool for that set of information. Justify why you pick that tool for that set of information.
Task 4 Discovery
- Reconnaissance and enumeration:
- passive and active scanning;
- identify possible system security weaknesses;
- Vulnerability scanning: Scan for known vulnerabilities;
- Design your attack vector.
Task 5 Perform the Pen Testing
- Testing and validation.
Task 6 Reporting
A written report of your pen testing:
- You must use the Unified approach with 4 major phases as shown in the Lecture Slides for Chapter 2 of the Textbook.
- Save and submit your report as one single pdf file: <StudentID>.pdf (e.g. U123456.pdf)
A video presentation of your report:
- You will produce and submit a video presentation of your Pen Testing report in mp4 format.
- Max time allowed for the video is less than 5 minutes.
- The presentation content is strictly limited to the content of your submitted report.
- You must show your face, and your report in the same screen during the presentation
- One way to do this is to set up a zoom session with you as the only participant, and record the session.
- You must show your name, USQ ID, and “CSC8101 PenTesting Report
2023” as the first slide (page) of your presentation.
- The video file must be in .mp4 format. Other formats will not be accepted.
- Submit it as <studentID>.mp4 (e.g. U123456.mp4)
Assignment 2 Submission File:
- Submit one pdf file: <studentID>.pdf (e.g. U123456.pdf) less than or equal to 15 pages including diagrams, tables, and appendices. Do not zip the file.
- Submit one mp4 file: <studentID>.mp4 (e.g. U123456.mp4). Duration of the video should be less than 5 minutes. Do not zip the file.
***** End of assignment 2 *****