Lab 1
Assessment Worksheet
Develop an Attack & Penetration Plan

1. List the 5 steps of the hacking process.
Reconnaissance
Scanning
Gaining Access
Maintaining Access
Covering Tracks
2. In order to exploit or attack the targeted systems, the first initial step I would do to collect as much information as possible about the targets prior to devising an attack and penetration test plan would be reconnaissance. I would use passive reconnaissance as this pertains to information gathering.
3. The reconnaissance phase can have many different faces, and depending on the goal of the attacker, various tools and applications can be used. Nslookup can be used to look up all the available host on a network through the DNS server. You can get IP address information of hosts on your targeted network. You can also get the information of the purpose of the hosts. Whois lookup is a protocol that can be used to interrogate the servers operated by regional internet registries which holds information about every IP/Domain registered on the internet. You can get information about your target such as; the name of the owner, address of the owner. IP ranges that a certain IP belongs to, contact information like emails and phone numbers, administrators names and server names. You can also just use your targets web site. Sometimes the targets website can reveal way too much information without realizing it, and just by looking at the information they have on there can get you what you need. Social Engineering is also another way to get information that you desire. Without realizing it, you can get people to tell you whatever you want without them being the wiser. Most people are naïve and you can use that to your advantage.
4. A system has hardware, software, and then the human element. The first two systems may be almost impenetrable, but with enough patience and knowledge, a social engineer can use weaknesses to trick and unsuspecting target into revealing sensitive information. Social engineering includes scams such as obtaining passwords by pretending to be an employee, leveraging social media to identify new employees who might be more easily tricked into providing customer information, and basically any other method to attempt to breach security by obtaining trust. The major forms of social engineering are Phishing, Baiting, and Diversion Theft.
5. Enumeration is the first attack on a target network. It is the process to gather information about a target machine by actively connecting to it. It means to identify the user account, system account, and administrative accounts. Enumeration is the same as scanning a system for vulnerabilities that can be used to attack the system itself. This is vital to any hacker’s goal since it reveals the information needed to access the target. It can include a list of usernames, groups, applications, banner settings, and auditing information.
6. In most cases, an; attacker tries to avoid detection, and will do so by covering their tracks by purging information from the system to destroy any evidence of the crime. You must be careful when doing so because sometimes it is not what was covered up or deleted, it is what is not there that can get the hacker busted.
7. If an attacker wants to regain access to an already penetrated system, depending on the goals of the attacker, they may leave behind a backdoor on the system for later use. They can be used to regain access, as well as allow any number of different scenarios to take place, such as privilege escalations or remotely controlling a system.
8. When asked to perform an intrusive penetration test that involves cracking into the organizations WLAN, and you are able to retrieve the authentication key, you should use this and continue your penetration testing. Record your results and report your findings when you are finished. But if you can get the authentication key, what else are you really able to get? You should see how far your