Take a look at the example penetration testing report by Offense Security in the resources. Conduct a writeup similar in nature for the vulnerabilities we discovered today. This writeup must include images as seen in the example so that the customer can easily see what was found. Your paper must discuss each of the vulnerabilities we covered in this week’s lab, as well as two additional vulnerabilities that we did not discuss.
In the resources section, you’ll see a list of vulnerabilities in Metasploitable3. Review this list to determine which additional vulnerabilities you want to exploit. When documenting these in your paper, you will need to document how you found this vulnerability. Do not state that you used a vulnerability listing for Metasploitable3. Instead, discuss the process used to identify the vulnerability (nmap scans to find open ports, Nessus to find vulnerability). Ensure that your paper revolves around the following scenario.
This week’s discussion post had fellow peers make recommendations for your paper. Include any recommendations you believe could improve your paper.
Scenario:
Acme Corporation hired you to validate a new system added to its network. They believe this system is secure and ready to be added, but company policy requires a completed penetration test to verify security. The policy dictates that the penetration test be conducted first as a white-box test to ensure that the system can be completely verified. As such, the project manager at Acme Corp has provided you with the credentials to the box. This allows you not only to conduct an uncredentialed scan, but also a credentialed scan.
They want the test to start as if the hacker has access to the internal network, but does not know anything. As such, the test must start with only barebones information (you know the subnet you are on, but you do not know credentials). After you get an initial scan of the network using no credentials, they request that you use the provided credentials to get more accurate scans and more accurate testing.