Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
43 views3 pages

Practical Lab Task

The lab task focuses on developing skills in identifying, assessing, and mitigating vulnerabilities in information systems using a selected vulnerable virtual machine. Students will conduct penetration testing, document their findings, and propose mitigation strategies, with a structured report required. Assessment will be based on documentation completeness, accuracy of vulnerability identification, and effectiveness of mitigation strategies.

Uploaded by

Руслан Конішевський
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
43 views3 pages

Practical Lab Task

The lab task focuses on developing skills in identifying, assessing, and mitigating vulnerabilities in information systems using a selected vulnerable virtual machine. Students will conduct penetration testing, document their findings, and propose mitigation strategies, with a structured report required. Assessment will be based on documentation completeness, accuracy of vulnerability identification, and effectiveness of mitigation strategies.

Uploaded by

Руслан Конішевський
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Practical Lab Task:

Vulnerability Identification, Assessment, and mitigation


Objective of the Task: This lab’s objective is to develop practical skills in identifying
vulnerabilities in information systems, assessing their criticality, and proposing mitigation
measures. Students will select a virtual machine (VM) with mid-level vulnerabilities from
online platforms such as VulnHub or Hack The Box (HTB), conduct penetration testing, and
document the vulnerabilities found. The report must include steps to identify and assess
vulnerabilities and recommend mitigation strategies.

Requirements

1. Tools/Software Needed:
o PC/Laptop
o VirtualBox Download VirtualBox
o Access to Vulnerable VMs
Platforms:
▪ VulnHub – VMs designed for practice and learning.
▪ Hack The Box – An online platform with various penetration testing
challenges.

Task Instructions

1. Select a Target VM:


o Choose a vulnerable VM from either VulnHub or Hack The Box (HTB).
Make sure the VM has medium-level vulnerabilities to ensure both
educational value and manageable difficulty.
2. Set Up the Lab Environment:
o Install VirtualBox and import the downloaded VM.
o Ensure your host machine and VM have network connectivity (NAT or
Bridged mode).
3. Perform the Penetration Test:
a) Reconnaissance & Information Gathering:
Use tools such as:
o Nmap: To scan open ports and services.
o Netdiscover: To identify live hosts on the network.
o Whois or NSLookup: For domain information gathering.

Example Command:
nmap -A -T4 target_ip

Objective: Identify open ports and running services that might be exploited.

b) Vulnerability Scanning and Analysis:


Use automated tools like:

• OpenVAS or Nessus: To perform vulnerability scanning.


• Nikto: For web server vulnerability detection.
Example Command:
nikto -h http://target_ip

1. Vulnerability Identification and Assessment:


o Use the gathered data to identify specific vulnerabilities.
o Assess the criticality of each vulnerability based on:
▪ CVSS Score (if available)
▪ Potential Impact (Data exposure, unauthorized access, etc.)
▪ Ease of Exploi

Documentation and Report Structure

The report must include the following sections:

1. Introduction:
o Brief description of the target system.
o Purpose of the penetration test.
2. Tools and Methodology Used:
o List of tools employed (e.g., Nmap, Nikto).
o Brief explanation of each tool and its purpose.
3. Vulnerability Identification and Assessment:
o Summary Table: List the identified vulnerabilities, their impact, and CVSS
scores (if applicable).
o Sample Table:

Vulnerability Impact CVSS Score Affected Component

SQL Injection Data Exposure 9.8 Login Page


Open Port (SSH) Unauthorized Access 5,3 SSH Service

4. Mitigation Recommendations:

• For each vulnerability, propose specific mitigation actions (e.g., patching, disabling
unnecessary services).

5. Conclusion:

• Summary of findings.
• Reflections on challenges faced during the process.

Optional Tools and Resources

Depending on the nature of the VM and discovered vulnerabilities, students may need
additional tools, such as:

• BackTrack Linux / Kali Linux (distributions containing security tools).


• Knoppix Security Tools Distribution (STD)
Knoppix STD – A live Linux distribution with pre-installed security tools.

Useful Security Tools from Knoppix STD:

Category Tools
Network Sniffing Dsniff, Ettercap, Kismet, Wireshark
File Integrity Checking Autopsy, RootkitHunter, Sleuthkit
Vulnerability Scanning Nmap, Metasploit, Hydra, SuperScan
Wireless Scanning Airsnarf, Kismet, WiFiTAP
Password Cracking John the Ripper, Hydra, WebCrack

Assessment Criteria

• Completeness of Documentation (20%)


• Accuracy of Vulnerability Identification (30%)
• Correctness of Vulnerability Assessment (20%)
• Effectiveness of Mitigation Strategies (20%)
• Overall Presentation and Clarity (10%)

Submission Guidelines

• Submit your final report as a PDF through the Microsoft Teams channel.
• Include screenshots of key steps (e.g., open ports, vulnerability scan results).
• Submission Deadline: 10 days after starting the task.

Important Notes

• This task is individual; each student should select a different target VM.
• Students can use online resources but must reference any external material.
• Plagiarism will result in disqualification from the lab.

You might also like