Module 1 Lab

.pdf

School

Northern Kentucky University *

*We aren’t endorsed by this school

Course

484

Subject

Information Systems

Date

Oct 30, 2023

Type

pdf

Pages

Uploaded by fawb1

Module 1: Lab Exercise Accessing Virtual Machine and Metasploit Basics MCY 670 Web Security Lab Report Submission Instructions You are required to submit a lab report, which should include comments, descriptions, and explanations of each step that you perform. You must also include a small write up on each of the segment, and the necessity of each tool that you will be exploring in this lab task. Include screenshots of each step that you complete along with the texts in your lab report. Submission requirements: Lab report File format : MSWord or pdf (preferred) Report requirements  Include your name and lab title at the top of the report.  Number the questions and answers and answer each question in your lab report in sequence.  For each response, include the required text as well as all necessary and appropriate screenshots while performing the task. Crop the screenshots as necessary so that the text in the images are properly visible. o You may use the Snipping Tool on Windows to take screenshots from your PC, by clipping the area on the virtual machine screen. If you are using a Mac PC, press and hold together: Shift, Command, and 4, to enable the selection cursor for capturing screenshots.  At the end of your report, write a brief reflection of the lab exercise o What was the most valuable feature of the lab? o What did you learn from this experience? o Which concepts and terminology could you relate from the theoretical content to this lab experience? o How did you prepare for this lab? o What changes are you considering in preparing for your next lab?  Use black font color for texts  If uploading an MSWord format file, view the uploaded file from Canvas to make sure that the layout of images and texts are not overlapping in the report. If the contents seem to have moved around, upload a pdf instead of an MSWord file.

1. Introduction to hands-on laboratory exercises We will have multiple hands-on laboratory exercises to help us explore concepts of web security. For the purpose of performing the exercises, which involve “risky” networking behavior, v irtual resources have been provided for ensuring that the rest of the institutional network is not unwantedly disrupted. The following individual virtual machines (VM) have been provided for each student  The attacker: A Kali Linux OS virtual machine instance  Target victim 1: A vulnerable Linux (Metasploitable) OS virtual machine instance  Target victim 2: A vulnerable Windows XP OS virtual machine instance You need to refer to the IP address document provided on Canvas to obtain the IP addresses assigned to each of your set of VMs and the username/password for each of the VM types. Important : You may be able to view other VMs (from other security courses as well) while scanning the network. DO NOT access the other VMs. You must be very careful whenever you are typing IP addresses and must always limit your experiments using the IP addresses of your own VM instances. 2. Accessing Virtual Machines There are three recommended ways for accessing the virtual machines provided for you. The virtual machines placed within a protected sub- network within NKU’s primary network. Figure 1: Flow chart showing the options for accessing VMs Detailed information regarding accessing VMs is provided in the following separate documents on Canvas:  Accessing Your VM  COI Student VM Access and Help Requests Method 1 Managing COIVCenter1 through a COI Labs desktop (HTML): Involves more steps but is failsafe and should be employed if methods 2 or 3 do not work. Follow the steps below in sequence for accessing your VM instances: 1. Point your web browser to https://view.nku.edu 2. Click “VMWare Horizon HTML Access” 3. Login with your NKU username and password 4. You will see some options listed as square icons. Select “ COI Labs ”. You will be presented with a new Windows desktop. 5. From the start menu, scroll down to VMware -> VMware Workstation Pro and launch the application. 6. Click “ Connect to a Remote Server ” 7. On the next dialog, the server name is “ coivcenter1.hh.nku.edu ”.

8. Your username should be provided in the format of NKU\username (make sure the NKU\ part precedes your username, without spaces). 9. When prompted to remember your login, select “Never for this host”. 10. Your VMs may be found by expanding the coivcenter1.hh.nku.edu object. Method 2 Managing COIVCenter1 through a COI Labs desktop (VMWare Horizon Client): Similar to Method 1 but accesses COI Labs directly through desktop application instead of a browser. Follow the steps below in sequence for accessing your VM instances: 1. Point your web browser to https://view.nku.edu 2. Click “ Install VMware Horizon Client ” 3. You will be presented with several download options. Click the “Go to Downloads” link next to “VMWare Horizon Client for Windows”. 4. Install VMWare Horizon on your desktop, accepting all defaults. 5. Start the Horizon client on your computer. 6. Select “ Add Server ”. 7. When prompted for a connection server, enter “ view.nku.edu ” and press Connect. 8. Use your NKU username and password. Your username should be provided in the format of NKU\username (make sure the NKU\ part precedes your username, without spaces). 9. Follow steps 4-10 from the Method 1 Method 3 Managing COIVCenter1 through web interface: Most direct method of administering COIVCenter1, as it bypasses COI Labs entirely. However, for this approach to work, you must be:  Connected to the NKU on-campus network OR  Connected to NKU network remotely via VPN. Follow the instructions in the links below to install the VPN client on your computer  Windows: https://servicedesk.nku.edu/TDClient/2436/Portal/KB/ArticleDet?ID=122619  Mac: https://servicedesk.nku.edu/TDClient/2436/Portal/KB/ArticleDet?ID=122619 Follow the steps below in sequence for accessing your VM instances: 1. Point your web browser to https://coivcenter.hh.nku.edu 2. VERY IMPORTANT: Click “Launch VSphere Client (HTML5)”. Do NOT click the Flex client as it does not always behave predictably. 3. Login with your NKU username and password. 4. Your VMs may be located via selecting the VMs and Templates tab at the top of the left-most pane. Figure 2: Screenshots for accessing VMs via Coivcenter URL

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version