ISSC362 Week 2 Lab #4:
Compromise and Exploit a Vulnerable Microsoft® Workstation
Instructor Name: Dr. Elliott Lynn
Lab Assessment Questions
1. What are the five steps of a hacking attack?
The five steps of hacking are reconnaissance, scanning, enumeration, compromise and conduct post-attack activities by recommending specific countermeasures for remediating the vulnerabilities and eliminating the possible exploits.
2. During the reconnaissance step of the attack, describe what task Zenmap GUI performs to do passive OS fingerprinting.
It scans all the network and discover all open ports and information about users, servers, versions, host, OS details.
3. What step in the hacking attack process uses Zenmap GUI?
4. What step in the hacking attack process identifies known vulnerabilities and exploits?
5. During the scanning step of the hacking attack process, you identified known software vulnerabilities in a Windows XP Professional Workstation. List the name and number of the critical Microsoft® vulnerabilities identified. What is vulnerability “MS08-067”?
Vulnerability in Server Service Could Allow Remote Code Execution (958644). The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request.
6. Which tool and application were used to exploit the identified vulnerability on the targeted Microsoft® Windows 2003 XP server?
To identify it we used OpenVas and to exploit it we used the Metasploit tool.
7. What do If you were a member of a security penetration testing team, and you identified vulnerabilities and exploits, should you obtain written permission from the owners prior to compromising and exploiting the known vulnerability?
I will definitely do ask for permission, we don’t know how sensitive is the information inside the system and we want to just give a heads up of what we are going to be doing and what areas of the system it will affect....