IT262M3-3: Produce network and web server attacks.
Purpose
You will complete two labs in this assessment.
In the first lab, you will perform reconnaissance and scanning using Zenmap® and Nessus®, enumeration of the vulnerabilities and exploitation using the Metasploit framework. You will then make recommendations based on these findings to reduce the risks of the vulnerabilities being exploited.
For the second lab, common web server attacks include SQL injection, Cross-Site Scripting, Cross-Site Request Forgery, password attacks, and DDoS attacks. You will conduct the first two in this activity.
Read the assessment and respond to the checklist items based on the reading and learning activities.
Instructions
Part 1: Using Ethical Hacking Techniques to Exploit a Vulnerable Workstation
Lab Instructions
This lab provides the hands-on element to your studies. It allows you to gain practical experience using the tools and techniques associated with ethical hacking.
Access the lab link entitled “Using Ethical Hacking Techniques to Exploit a Vulnerable Workstation” in this assessment section.
The following resources will help you get oriented in the lab environment: the Common Lab Tasks Manual and J and B Lab Tips. The manual will provide detail and the tips are a very abbreviated reference.
Open a new Microsoft® Word® document and put your name and assessment number at the top.
In the lab environment, you will find instructions for the specific lab, which can be downloaded. Follow the instructions.
Complete the instructions in Step 1. Compile your lab report in the document with a title page and including explanatory text where needed or required by the lab. Within your document, after your lab report, answer the question in Step 2.
Conduct research and cite supporting sources in APA format where appropriate.
Complete the following:
Step 1:
Open the lab entitled “Using Ethical Hacking Techniques to Exploit a Vulnerable Workstation.”
Review the following material in the lab environment:
Before you Begin
Introduction
Section 1. Hands-On Demonstration
When you are ready to begin click: “Section 2: Applied Learning.”
Complete Parts 1, 2, and 3. Make sure to obtain the required screenshots that are noted in the lab instructions and rubric.
As part of the mastery requirements for this competency assessment, complete the following boldfaced item and place into the Word document:
In addition to the screenshots and explanation, write up a minimum 200-word overview of the lab.
Step 2:
Answer the following question in the lab document as part of the lab submission. Respond with a minimum of 100 words.
1. What is the purpose of ethical hacking?
As part of the mastery requirements for this competency assessment, complete the following boldfaced item and place into the Word document:
Using a minimum of 200 words, explain the relationship between ethical hacking and risk assessment.
Part 2: Attacking a Vulnerable Web Application and Database
Lab Instructions
This lab provides the hands-on element to your studies. It allows you to gain practical experience using the tools and techniques associated with ethical hacking.
Access the lab link entitled “Attacking a Vulnerable Web Application and Database” in this assessment section.
The following resources will help you get oriented in the lab environment: the Common Lab Tasks Manual and J and B Lab Tips. The manual will provide detail and the tips are a very abbreviated reference.
You will append the results of the second lab to the results of the first lab. Make sure to label the labs.
In the lab environment, you will find instructions for the specific lab, which can be downloaded. Follow the instructions.
Complete the instructions in Step 1. Compile your lab report in the document with a title page and an easy to understand explanation of what you are doing and why you are doing it. Within your document, after your lab report, answer the question in Step 2.
Conduct research and cite supporting sources in APA format where appropriate.
Complete the following:
Step 1:
Open the lab entitled “Attacking a Vulnerable Web Application and Database.”
Review the following material in the lab environment:
Before you Begin
Introduction
Section 1. Hands-On Demonstration
When you are ready to begin click: “Section 2: Applied Learning.”
Complete Parts 1, 2, 3, and 4. Make sure to obtain the required screenshots that are noted in the lab instructions.
As part of the mastery requirements for this competency assessment, complete the following boldfaced item and place into the Word document:
In addition to the screenshots and explanations, provide a minimum 200-word overview of the lab.
Step 2:
Answer the following question in the lab document as part of the lab submission. Respond with a minimum of 100 words.
1. What would you do to determine the field name of the database column that holds the last name of the database records? Explain your process.
As part of the mastery requirements for this competency assessment, complete the following boldfaced item and place into the Word document:
In addition to answering the question and explaining the process, include a minimum of 200 words of tool usage instructions.
Directions for Submitting Your Assessment
Compose your assessment in a Microsoft Word document. Save the document as IT262_YourName_Assessment_3 and submit it to the Dropbox for this assessment.