Conducting a Security Assessment

1.75 hours
  • 7 Learning Objectives

About this Hands-on Lab

In this lab, we will use security utilities provided with Kali Linux to conduct a risk assessment. The lab provides a subnetwork of Linux and Windows servers to provide a complete VPC for exercising the Kali Linux utilities.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Access the Kali Linux System
  1. Establish a session to the Kali Linux system:

    ssh cloud_user@<KALI_LINUX_PUBLIC_IP>
  2. Change to superuser:

    su -
Identify the Address Assigned to the Ethernet Controller
  1. Query the ethernet configuration on the Kali Linux server:

    ifconfig

    Make note of the IP address assigned to the primary ethernet controller.

Use the `nmap` Command to Explore the Subnet

Use the nmap utility to explore the ports open on the subnetwork.

For help with nmap commands:

nmap -h

To scan a series or range of subnet private IP addresses:

nmap -sn 10.0.1.1-255

To try other flags to speed the port scanning process:

nmap -T4 -Pn -n -p- --min-parallelism 50 to 100 -vv 10.0.1.1-255 --max-retries 0 or 1
Use the hping3 Utility to Analyze a Single Host

Use the hping3 to scan a certain host on the subnet:

hping3 -1 <INTERNAL_IP_ADDRESS_OF_HOST>

Note: You may obtain the internal IP address of the host from the lab interface, the output from an nmap command, or the AWS dashboard.

Use `nslookup` to Explore the Nameserver Configuration of Various Hosts

Use nslookup to explore the A record on google.com:

nslookup

> google.com

Use nslookup to look at MX records on google.com

nslookup

> set q=MX

> google.com

Use nslookup to interrogate other address types:

nslookup

> set type=any

> google.com
Use the dig Tool to Attempt a Domain Zone Transfer

The syntax for the dig command is:

dig axfr [domain host] [IP Address To Transfer To]
Use `finger` to Determine Which Users Are Logged into Any Given Host

Use the finger command to see who is logged in on a host:

finger

Or:

finger -s root

Additional Resources

To perform this lab, you should have a basic understanding of Linux commands and Linux networking.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Get Started
Who’s going to be learning?

How many seats do you need?

  • $499 USD per seat per year
  • Billed Annually
  • Renews in 12 months

Ready to accelerate learning?

For over 25 licenses, a member of our sales team will walk you through a custom tailored solution for your business.


$2,495.00

Checkout
Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!