By the end of this lab, the student should be able to:
EO1: Apply the concepts f
By the end of this lab, the student should be able to:
EO1: Apply the concepts from APP100 to test against a company
Abstract
Bug Bounties provide a way for government and industry to provide Application Security Testing from the public and offer prizes for finding the flaws. This has implications on the black hat side, where an unethical hacker could find the flaws, not report the flaw, and try to exploit it for even bigger gains. However, the incentives for finding these flaws can encourage white hats or gray hats to find and report them, thus preventing an unethical hacker from having the opportunity. The objective of this final APP100 lab is to use the knowledge gained so far in APP100 to conduct some of the beginning phases of a penetration test. This will be the final project for APP100.
System Requirements & Configuration
System Requirements
This lab will require a Kali Linux VM, which will be referred to as the lab machine.
Network Requirements
Internet access from the lab machine to the internet.
Software Requirements
Any browser and root access to the command prompt/terminal, along with word processing software.
Procedure – Detailed Lab Steps
Base Lab
The target organization is Uber. Uber is partnered with HackerOne. Read and understand the details of what that entails as well as scope, expectations, and rules using the following link: https://hackerone.com/uber?type=teamLinks to an external site.
Using the skills gained so far in this course and the template created in M1-1, create a penetration report for the target organization. Suggestions for questions to research are provided below. Make sure to provide evidence of what was found while creating the report:
Possible Uber Questions to Research
Question
Hint
List all of Uber’s subdomains
Recon-ng, Linux
List all of Uber’s IP addresses
Recon-ng, Linux
List all of Uber’s website technology?
Type of web server(s)
Language(s)/stack
Database(s) being used
Wapalyzer, web recon
Who hosts Uber’s DNS?
whois
Who hosts Uber’s servers?
whois
What are the MX records for Uber?
Linux
What are the whois points of contact?
whois
Identify ten people that work at Uber
Web recon
What type of corporation is Uber?
Web recon-look for certificates
How many services were discovered running on Uber’s servers and what are they?
Nmap, Nessus, Linux
What is the naming convention of employee email addresses?
Web recon, Recon-ng
What is the naming convention of Active Directory domain accounts?
Metadata recon
What employee email addresses were found?
Web recon
How many APIs were discovered?
Web recon
What are the highest risk vulnerabilities found?
Nessus
What banner information was obtained?
Ncat
Do any Uber websites support BASIC authentication?
Web recon
What breached Uber data was discovered?
Web recon
What is Uber’s biggest cyber security risk?
Submit a copy of the Penetration Test Report with all appropriate sections completed as a Word or PDF document.
Advanced Lab
Consider registering an account with HackerOne and submitting anything interesting found as a result of this lab.
References
https://hackerone.com/uber?type=teamLinks to an external site.
Rubric
Paper
Paper
Criteria Ratings Pts
This criterion is linked to a Learning OutcomeOrganization/Formatting
Was the paper was laid out properly? Was the paper properly formatted (margins, paragraphs, etc)?
10 pts
Excellent
Paper properly formatted. Contains all relevant sections, content well laid out. Executive Summary, Lessons Learned, Recommended Actions, Detailed Analysis, Relevant References (ex: Compliance Materials), Bibliography
7 pts
Good
Contains all relevant sections, layout difficult to follow. Some formatting issues.
4 pts
Fair
Some sections missing or content lacking. Formatting inconsistent throughout.
0 pts
Needs Improvement
Content not split into sections. No formatting.
10 pts
This criterion is linked to a Learning OutcomeContent
Was the content in each of the sections relevant for that audience? Executives, C-Suite, IR Team, etc.
5 pts
Excellent
All sections contained the proper detail and was written correctly for the target audience.
3 pts
Good
Content was too technical in the management sections (Exec Summary, etc.) or content not detailed enough in Lessons Learned or other sections.
2 pts
Fair
Content missing or seriously lacking for one or more sections.
0 pts
Needs Improvement
Sections left blank
5 pts
This criterion is linked to a Learning OutcomeVisuals
Was the paper visually appealing? This includes both the visual appearance and the appropriate use of charts, graphs, etc
5 pts
Excellent
Paper visually appealing, appropriate use of charts, graphs, etc.
3 pts
Good
Paper not well presented, or charts, graphs lacking appropriate detail
2 pts
Fair
Too few graphs or other visuals
0 pts
Needs Improvement
No graphs or other visuals
5 pts
This criterion is linked to a Learning OutcomeSpelling/Grammar
Appropriate spelling and grammar usage.
5 pts
Excellent
No noticeable spelling or grammar errors.
3 pts
Good
Minimal spelling or grammar errors
2 pts
Fair
Noticeable spelling or grammar errors
0 pts
Needs Improvement
Unacceptable number of spelling or grammar errors.
5 pts
Total Points: 25
Here are some samples:
https://www.offensive-security.com/reports/sample-penetration-testing-report.pdfLinks to an external site.
https://tbgsecurity.com/wordpress/wp-content/uploads/2016/11/Sample-Penetration-Test-Report.pdfLinks to an external site.
https://static1.squarespace.com/static/589316f3cd0f68e6bd715655/t/5d7ce2ed69433d1c3e3f7021/1568465657128/SAMPLE+Security+Testing+Findings.pdfLinks to an external site.
Links to an external site.http://youtube.com/watch?v=EOoBAq6z4ZkLinks to an external site. in conjunction with:
https://github.com/hmaverickadams/TCM-Security-Sample-Pentest-Report/blob/master/Demo%20Company%20-%20Security%20Assessment%20Findings%20Report.docx
I did the first page I just need you to finish it please Thank you