For the next two weeks, you and your red team members will focus on breaking int
For the next two weeks, you and your red team members will focus on breaking into the target machines, stealing credentials and data. Each team member will pick one of the exploit categories for the Penetration Test Report.
Your instructor will assign each team member a number so that each student has a unique set of credentials to recover and a different data set to steal.
For example, if you are on Red Team #2 and are assigned Student #1, get the password hash for redteam2student1, and crack it using John the Ripper or other tool.
If you are on Red Team #2 and are assigned Student #1, go into the redteam1 folder on the root directory on the victim machine. In that folder, you will find a folder called student1. There is a file called mypass.txt in that folder. Get the contents of the file from the victim out of the network and display it for the client to see.
This week, you should start working on Project 2. One of the two deliverables for that project is a brief screen capture video demonstrating your exploitation of the exploit/category you select this week. In the video, you will describe the steps you took to penetrate the system and exfiltrate data. In Week 6, you will share your videos with your team in the discussion, and you will submit it for grading in Week 7.
Video Requirements
In your video, you will do a walk-though of the attack on the Linux system with your Kali box and explain how you were able to exploit the vulnerability as well as exfiltrate data. The video demonstration will be a powerful example of what occurs on an actual penetration test and will be an item that you can add to a portfolio.
Your video should show the steps involved in penetrating the client’s system. The video will be created with Microsoft Stream. The video should be a maximum of 10 minutes but should not be shorter than 5 minutes.
Include the following:
introduction and purpose
steps taken to break into the remote system and a discussion of the vulnerability you are exploiting
an explanation of how you accessed the shadow file and what methods you used to crack the password hash
an explanation of how you gained access to the confidential information on the system
a summary of the steps taken in the video and recommendations for the company
https://support.microsoft.com/en-us/office/microsoft-stream-screen-recorder-e98d8791-2b82-4dc7-889a-959724e3cbad
Microsoft stream screen record video link sent above