RockStar Corp has recently built a new office in Hollywood, California. You are tasked with completing a network vulnerability assessment of the office.
You will complete several steps in order to analyze the Hollywood network and then provide RockStar Corp a summary of your findings.
RockStar Corp is also concerned that a hacker may have infiltrated their Hollywood office. You will need to determine if there is anything suspicious in your findings.
RockStar Corp has provided you with:
A list of their network assets: Rock Star Server List
Instructions to scan their network.
You will follow instructions to work through four phases of the network assessment. For each phase, include the following:
The steps and commands used to complete the tasks.
A summary of your findings for each testing phase.
Any network vulnerabilities discovered.
Findings associated with a hacker.
Recommended mitigation strategy.
Document the OSI layer where the findings were found.
TOPICS COVERED IN YOUR ASSIGNMENT
OSI Model and OSI Layers
Network Vulnerability Assessments
Network Vulnerability Mitigation
NETWORK VULNERABILITY ASSESSMENT INSTRUCTIONS
Please note that you will be using your Vagrant virtual machine for this homework.
PHASE 1: “I’D LIKE TO TEACH THE WORLD TO PING”
You have been provided a list of network assets belonging to RockStar Corp. Use fping to ping the network assets for only the Hollywood office.
Determine the IPs for the Hollywood office and run fping against the IP ranges in order to determine which IP is accepting connections.
RockStar Corp doesn’t want any of their servers, even if they are up, indicating that they are accepting connections.
Use fping and ignore any results that say “Request timed out”.
If any of the IP addresses send back a Reply, enter Ctrl+C to stop sending requests.
Create a summary file in a word document that lists out the fping command used, as well as a summary of the results.
Your summary should determine which IPs are accepting connections and which are not.
Also indicate at which OSI layer your findings are found.
PHASE 2: “SOME SYN FOR NOTHIN`”
With the IP(s) found from Phase 1, determine which ports are open:
You will run a SYN SCAN against the IP accepting connections. See SYN SCAN Instructions below.
Using the results of the SYN SCAN, determine which ports are accepting connections.
Add these findings to the summary and be sure to indicate at which OSI layer your findings were found.
SYN SCAN INSTRUCTIONS
What is Nmap?
Nmap is a free networking scanning tool available for Linux distributions.
Security professionals use Nmap to determine the devices running on a network, as well as finding open ports to determine potential security vulnerabilities.
Nmap has many capabilities and commands that can be run. Here is a cheat sheet for reference: https://www.stationx.net/nmap-cheat-sheet/.
For this activity, we will specifically focus on the Nmap capability of running a SYN SCAN.
We have already covered that a SYN SCAN is an automated method to check for the states of ports on a network, Nmap is simply a tool that can automate this task.
To run a SYN SCAN:
Open up the terminal within your Linux machine.
The command to run a SYN SCAN is nmap -sS .
For example, if you wanted to run a SYN SCAN against the server IP of 18.104.22.168, you would run nmap -sS 22.214.171.124 and press enter.
This will scan the most common 1000 ports.
After this runs for several minutes, it should return a similar result that depicts the state of the ports on that server:
Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-14 11:51 EDT
Nmap scan report for li86-221.members.linode.com (126.96.36.199)
Host is up (1.4s latency).
Not shown: 988 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp filtered smtp
110/tcp open pop3
113/tcp filtered ident
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
143/tcp open imap
445/tcp filtered microsoft-ds
465/tcp open smtps
587/tcp open submission
993/tcp open imaps
995/tcp open pop3s
The results show the port number / TCP / UDP , the state of the port, and the service / protocol for the ports that are either open or filtered (stopped by a firewall).
Closed ports are not shown, indicated on the line: Not shown: 988 closed ports.
For the purpose of this exercise, document which ports are open on the RockStar Corp server, and which OSI layer SYN scans run on.
PHASE 3: “I FEEL A DNS CHANGE COMIN’ ON”
With your findings from Phase 2, determine if you can access the server that is accepting connections.
RockStar typically uses the same default username and password for most of their servers, so try this first:
Try to figure out which port/service would be used for remote system administration, and then using these credentials, attempt to log into the IP that responded to pings from Phase 1.
RockStar Corp recently reported that they are unable to access rollingstone.com in the Hollywood office. Sometimes when they try to access the website, a different, unusual website comes up.
While logged into the RockStar server from the previous step, determine if something was modified on this system that might affect viewing rollingstone.com within the browser. When you successfully find the configuration file, record the entry that is set to rollingstone.com.
Terminate your ssh session to the rollingstone server, and use nslookup to determine the real domain of the IP address you found from the previous step.
Note: nslookup is a command line utility that can work in Windows or Linux Systems. It is designed to query Domain Name System records. You can use PowerShell or MacOS/Linux terminal to run nslookup.
To run nslookup, simply enter the following on the command line:nslookup to find the domain associated to an IP addressORnslookup to find the IP address associated to a domain
You’ll know you found the right domain if it begins with media-.
Add your findings to your summary and be sure to indicate which OSI layer they were found on.
PHASE 4: “SHARP DRESSED MAN”
Within the RockStar server that you SSH’d into, and in the same directory as the configuration file from Phase 3, the hacker left a note as to where he stored away some packet captures.
View the file to find where to recover the packet captures.
These are packets that were captured from the activity in the Hollywood Office.
Use Wireshark to analyze this pcap file and determine if there was any suspicious activity that could be attributed to a hacker.
Hint: Focus on the ARP and HTTP protocols. Recall the different types of HTTP request methods and be sure to thoroughly examine the contents of these packets.
Add your findings in your summary and be sure to indicate at which OSI layer they were found.
YOUR SUBMISSION: “ITS THE END OF THE ASSESSMENT AS WE KNOW IT, AND I FEEL FINE”
GUIDELINES FOR YOUR SUBMISSION:
Provide the following for each phase:
List the steps and commands used to complete the tasks.
List any vulnerabilities discovered.
List any findings associated to a hacker.
Document the mitigation recommendations to protect against the discovered vulnerabilities.
Document the OSI layer where the findings were found.
Determined the IP ranges to scan were 188.8.131.52 and 184.108.40.206, then ran fping against 220.127.116.11 and 18.104.22.168.
Used the following commands to run fping:
Determined a potential vulnerability that IP 22.214.171.124 is responding.
Since RockStar Corp doesn’t want to respond to any requests, this is a vulnerability.
Recommend to restrict allowing ICMP echo requests against IP 126.96.36.199 to prevent successful responses from PING requests.
This occurred on the network layer as Ping uses IP addresses and IPs are used on the Network Layer.
The United States is home to probably the most famous and productive chronic executioners ever. Names, for example, Ted Bundy, Gary Ridgeway, and the Zodiac Killer have become commonly recognized names because of the terrible idea of their wrongdoings. One of the most productive chronic executioners in American history is John Wayne Gacy. Nicknamed the Killer Clown due to his calling, Gacy assaulted and killed in any event 33 adolescent young men and youngsters somewhere in the range of 1972 and 1978, which is one of the most noteworthy realized casualty checks. Gacy's story has become so notable that his wrongdoings have been included in mainstream society and TV shows, for example, American Horror Story: Hotel and Criminal Minds. Criminological science has, and keeps on playing, a significant part in the comprehending of the case and distinguishing proof of the people in question. John Wayne Gacy's set of experiences of sexual and psychological mistreatment was instrumental in arousing specialist's curiosity of him as a suspect. John Wayne Gacy was conceived on March 17, 1942, in Chicago, Illinois. Being the main child out of three youngsters, Gacy had a stressed relationship with his dad, who drank vigorously and was regularly oppressive towards the whole family (Sullivan and Maiken 48). In 1949, a temporary worker, who was a family companion, would caress Gacy during rides in his truck; in any case, Gacy never uncovered these experiences to his folks inspired by a paranoid fear of revenge from his dad (Foreman 54). His dad's mental maltreatment proceeded into his young grown-up years, and Gacy moved to Las Vegas where he worked quickly in the rescue vehicle administration prior to turning into a morgue orderly (Sullivan and Maiken 50). As a morgue chaperon, Gacy was intensely engaged with the preserving cycle and conceded that one night, he moved into the casket of an expired young kid and stroked the body (Cahill and Ewing 46). Stunned at himself, Gacy re-visitations of Chicago to live with his family and graduates from Northwestern Business College in 1963, and acknowledges an administration learner position with Nunn-Bush Shoe Company. In 1964, Gacy is moved to Springfield and meets his future spouse, Marlynn Myers. In Springfield, Gacy has his subsequent gay experience when a collaborator shakily performed oral sex on him (London 11:7). Gacy moves to Waterloo, Iowa, and starts a family with Myers. Nonetheless, after consistently undermining his better half with whores, Gacy submits his initially known rape in 1967 upon Donald Vorhees. In the coming months, Gacy explicitly mishandles a few different adolescents and is captured and accused of oral homosexuality (Sullivan and Maiken 60). On December 3, 1968, Gacy is indicted and condemned to ten years at the Anamosa State Penitentiary. Gacy turns into a model prisoner at Anamosa and is allowed parole in June of 1970, an only a brief time after his condemning. He had to migrate to Chicago and live with his mom and watch a 10:00PM time limitation. Not exactly a year later, Gacy is accused again of explicitly attacking a high school kid however the adolescent didn't show up in court, so the charges were dropped. Gacy was known by numerous individuals in his locale to be an eager volunteer and being dynamic in network governmental issues. His part as "Pogo the Clown" the jokester started in 1975 when Gacy joined a neighborhood "Chipper Joker" comedian club that routinely performed at raising support functions. On January 3, 1972, Gacy submits his first homicide of Timothy McCoy, a 16-year old kid venturing out from Michigan to Omaha. Guaranteeing that McCoy went into his room using a kitchen blade, Gacy gets into an actual fight with McCoy prior to wounding him over and again in the chest. In the wake of understanding that McCoy had absentmindedly strolled into the live with the blade while attempting to get ready breakfast, Gacy covers the body in his creep space. Gacy conceded in the meetings following his capture that executing McCoy gave him a "mind-desensitizing climax", expressing that this homicide was the point at which he "understood demise was a definitive rush" (Cahill and Ewing 349). Very nearly 2 years after the fact, Gacy submits his second homicide of a unidentified young person. Gacy choked the kid prior to stuffing the body in his storage room prior to covering him (Cahill 349). In 1975, Gacy's business was developing rapidly and his craving for youngsters developed with it. Gacy regularly baited youngsters under his work to his home, persuading them to place themselves in binds, and assaulting and tormenting them prior to choking them (Cahill 169-170). The vast majority of Gacy's killings occurred somewhere in the range of 1976 and 1978, the first of this time occurring in April 1976. A significant number of the young people that were killed during this time were covered in a creep space under Gacy's home. For the rest of the homicides, Gacy confessed to throwing five bodies off the I-55 extension into the Des Plaines River; in any case, just four of the bodies were ever recuperated (Linedecker 152). In December 1978, Gacy meets Robert Jerome Piest, a 15-year old kid working at a drug store and extends to him an employment opportunity at Gacy's firm. Piest illuminates his mom regarding this and neglects to restore that night. The Piest family documents a missing individual's report and the drug specialist illuminates police that Gacy would in all probability be the man that Jerome addressed about a work. When addressed by the police, Gacy denied any inclusion in Piest's vanishing. Be that as it may, the police were not persuaded, and Gacy's set of experiences of sexual maltreatment and battery provoked the police to look through his home. Among the things found at Gacy's home were a 1975 secondary school class ring with the initials J.A.S., various driver's licenses, binds, garments that was excessively little for Gacy, and a receipt for the drug store that Piest had worked at. Throughout the span of the following scarcely any days, examiners got numerous calls and tips about Gacy's rapes and the baffling vanishings of Gacy's representatives. The class ring was in the long run followed back to John A. Szyc, one of Gacy's casualties in 1977. Futhermore, after analyzing Gacy's vehicle, specialists found a little bunch of filaments looking like human hair, which were shipped off the labs for additional investigation. That very night, search canines were utilized to distinguish any hint of Piest in Gacy's vehicle, and one of the canines showed that Piest had, actually, been available in the vehicle. On December 20, 1977, under the pressure of steady police observation and examination, Gacy admits to more than 30 killings and educates his attorney and companion where the bodies were covered, both in the slither space and the waterway. 26 casualties were found in the slither space and 4 in the stream. Gacy is captured, indicted for 33 killings, and condemned to death by deadly infusion. He endeavored a madness supplication yet was denied, and was executed on May 10, 1994. There were a few legal pointers that agents used to attach Gacy to the killings. A portion of these include fiber investigation, dental and radiology records, utilizing the deterioration cycle of the human body, and facial remaking in distinguishing the people in question. Agents discovered filaments that looked like human hair in both Gacy's vehicle and close to the creep space where the bodies were covered. Notwithstanding these hair tests, examiners likewise discovered strands that contained hints of Gacy's blood and semen in a similar territory. Blood having a place with the casualties was found on a portion of the strands, which would later straightforwardly attach Gacy to the violations. The filaments in Gacy's vehicle were investigated by criminological researchers and coordinated Piest's hair tests. Besides, the pursuit canines that confirmed that Piest had been in Gacy's vehicle demonstrated this by a "demise response", which told examiners that Piest's dead body had been within Gacy's vehicle. Out of Gacy's 33 known casualties, just 25 were ever decisively distinguished. A large number of Gacy's casualties had comparative actual depictions and were hence difficult to recognize by simply asking the general population. To recognize the people in question, agents went to Betty Pat Gatliff, a pioneer in criminological science and facial reproduction. Facial remaking is the way toward reproducing the facial highlights of a person by utilizing their remaining parts. Certain facial highlights, for example, facial structures, nasal structure, and in general face shape can be helpful in distinguishing a casualty even long in the afterlife. By utilizing these highlights, and with the assistance of program, measurable agents can make a picture of an individual's face, which is instrumental in distinguishing casualties after their bodies have rotted. Facial recreation should be possible in a few measurements. Two-dimensional facial reproductions is utilized with skull radiographs and depend on pre-passing photos and data. Notwithstanding, this isn't really ideal in light of the fact that cranial highlights are not generally obvious or at the correct scale (Downing). So as to get a reasonable and more exact portrayal of the casualty's face, a craftsman and a measurable anthropologist are normally fundamental (Downing). Three-dimensional facial recreation is finished by models or high goal, three-dimensional pictures. PC programs can make facial reproductions by controlling filtered photos of the remaining parts and use approximations to reproduce facial highlights. These will in general deliver results that don't look fake (Reichs and Craig 491). Once in a while, agents will utilize a strategy called superimposition as a method for facial remaking. Tragically, it's anything but an ordinarily utilized technique, as it expects specialists to have some information about the personality of the remaining parts they are managing. By superimposing a photo of a person over the skeletal remaining parts, examiners can check whether the facial highlights line up with the anatomical highlights, permitting them to recognize a casualty. On account of John Wayne Gacy's casualties, specialists had the option to utilize facial remaking to distinguish nine of the bodies found in the slither space. The accompanying realistic shows the facial reproductions of these nine casualties: Since facial remaking was insufficient to distinguish the entirety of the v>GET ANSWER