Ethical hacking – penetration test, web application analysis | CISC 662 | Harrisburg University of Science and Technology

1.Document the setup of the environment as you are preparing to conduct a penetration test for a customer. As described in class, do a complete recon and come up with a potential attack plan. Describe your efforts and plan in a 2-page APA6-style report (MS-Word document only) of the tools and methods that you will be using to conduct the test.

Setup and configure the system to run 3 types of Web servers on 3 different systems:  

  1. Ubuntu – Web server of your choice (i.e., Apache) –
  2. Metasploitable – already running Web services –
  3. Windows – IIS Web server. –

Use the Kali system to perform a vulnerability scan of the different Web servers to identify possible exploits.  Document up to 3 vulnerabilities for each environment.  Provide screenshots of the Oracle Virtual Machines to demonstrate the configuration.Some tips:- You don’t have to run all four systems at once, pair Kali-Ubuntu, complete tasks, shutdown Ubuntu, then Kali-Metasploitable, etc.- Make sure you don’t run out of CPU, memory, storage by overprovisioning VMs; usually 2GB and 1 or 2 cores each is enough. The suggested computer setup is 4 core CPU (8 with hyperthreading) and 16 GB RAM.- Take screenshots of Kali and target systems and include them in your submittal, along with narration of your steps and the thought process.