Understand common wireless/network attacks and implement basic prevention techniques.

You are a Cyber Security Analyst at SecureXit tasked with assessing a test network environment after unusual network activity was detected.

As part of this assessment, you will study common network attacks such as DoS, MITM, Wi-Fi attacks, and packet sniffing, perform network scanning and traffic analysis, identify network and wireless vulnerabilities, and apply basic security controls to reduce risks.

The findings will help strengthen network security, improve wireless configurations, and enhance the organization's ability to detect and mitigate network-based threats.

Topic : Cyber Threats and Attack Vectors

1) Different types of Malware Threat.

2) Overview of social engineering attacks.

3) Wireless & Network Attacks and prevention.

You are a Cyber Security Analyst at SecureXit tasked with assessing a test network environment after unusual network activity was detected.

As part of this assessment, you will study common network attacks such as DoS, MITM, Wi-Fi attacks, and packet sniffing, perform network scanning and traffic analysis, identify network and wireless vulnerabilities, and apply basic security controls to reduce risks.

The findings will help strengthen network security, improve wireless configurations, and enhance the organization's ability to detect and mitigate network-based threats.

Open a terminal on the attacker machine and switch to the root user.

Verify connectivity with the target machine.

Confirm that all packets are successfully received before proceeding.

Launch an ICMP flood against the target machine.

Allow the attack traffic to run for approximately 30–60 seconds.

Observe that hping3 reports flood mode activity.

Launch an ICMP flood against the target machine.

Start packet capture for ICMP traffic.

Observe incoming ICMP Echo Requests from multiple source addresses.

Return to the attacker machine.

Launch a SYN flood against TCP port 80.

Let the attack run briefly and observe the packet generation.

On the target machine, open a terminal.

Start packet capture for  SYN traffic.

Observe the Flood on target machine Using

Configure the virtual machine type as Linux and select the appropriate version.

Allocate the required RAM size for the Metasploitable virtual machine.

Create a new virtual hard disk for storing the virtual machine files.

Review the VM configuration summary and click Finish to create the VM.

Open the newly created virtual machine.

Open the newly created virtual machine settings in VirtualBox.

Open Storage Settings and attach the Metasploitable VMDK file to the VM.

Start the virtual machine and allow Metasploitable Linux to boot successfully.

Log in to the Metasploitable system using the default credentials to complete the setup.

Start the Kali Linux virtual machine and log in using the username kali and the password kali.

Start the Metasploitable 2 virtual machine and log in using the username msfadmin and the password msfadmin.

Run the ifconfig command on Metasploitable 2 systems and verify network connectivity by sending a ping from one machine to the other. Ensure that both systems receive successful replies.

On the Kali Linux system, run the following command to discover all active hosts on your network:

• Replace the subnet shown above with the subnet that matches your system's network configuration. In most cases, this can be determined using the first three octets of your IP address, as illustrated in the previous example.
• The scan will display all devices currently detected on the network. One of the discovered hosts should be the Metasploitable 2 virtual machine.

To stop the scan and return to the terminal, press Ctrl+C.

Run the following command to scan all 65,536 TCP ports on the target system.

This scan performs a rapid search for open TCP ports on the target host. While it efficiently identifies open ports, it does not provide information about the versions of the services running on those ports.

Run the following command to scan the 1,000 most common ports on the target system while also performing service version detection and operating system identification.

This scan identifies many of the services running on the target host and attempts to determine their version numbers. It also performs OS detection to estimate the operating system in use.

Run the following command to scan the UDP ports on the target system.

• UDP scans generally take longer to complete than TCP scans. The process may take approximately 15 minutes, so you can leave it running and continue working in a separate terminal window.

• Once the scan is complete, it will identify several UDP-based services that are active on the target system.

Enumerating Users with rpcclient

User accounts can also be enumerated through null sessions using the rpcclient utility.

Run the following command:

When prompted for a password, simply press Enter.

After connecting successfully, an rpcclient $> prompt will appear. At the prompt, execute the following command:

This command displays domain information, including the total number of user accounts present on the target system.

In this example, the output indicates that there are 35 users configured on the system.

Run the following command to display all 35 user accounts:

This command shows every user account along with its corresponding Relative Identifier (RID) number, as illustrated below.

Run the following command to retrieve additional details about the "msfadmin" account:

This command displays information about the user's account, including the profile path and other relevant details, as shown below.

Execute exit command to exit rpcclient

Enumerating with enum4linux

enum4linux is a Perl-based utility that leverages tools such as smbclient, rpcclient, net, and nmblookup to automatically gather enumeration data from a target system.

Run the following command to view the available options for enum4linux:

If no options are specified, the tool executes all available enumeration checks. Use the following command to enumerate the target:

The command generates a large amount of output. Initially, it displays several lists of usernames, similar to the information obtained earlier using other enumeration tools.

Next, a Share Enumeration section appears, indicating that the /tmp directory is shared, as shown below. The output includes a warning of "oh noes!" because /tmp is world-writable. This suggests that scripts could potentially be uploaded to that directory and executed.

Enumerating using dig

Run the following command:

Enumerating website nslookup

Run the following command:

Enumerating using Whois

Run the following command:

Great job!

You have successfully completed your lab on Extracting System Information Using Enumeration Techniques.

In this lab, you have: Discovered Active Hosts, Identified Open TCP/UDP Ports, Performed Service and OS Enumeration, Enumerated Users and Shared Resources, Gathered Information using rpcclient and enum4linux, and Conducted DNS and Domain Enumeration using dig, nslookup, and whois.

You are now ready to move to the next stage of Vulnerability Assessment and Security Testing.

Topic : Enumeration and Vulnerability Assessment

1) Enumeration techniques.

2) Identifying vulnerabilities.