1 of 14

Final Engagement

Attack, Defense & Analysis of a Vulnerable Network

1

2 of 14

Table of Contents

This document contains the following resources:

Network Topology

Critical Vulnerabilities

Alerts Implemented

Hardening

2

3 of 14

Network Topology

& Critical Vulnerabilities

3

4 of 14

Network Topology

Network

Address Range:192.168.1.0/24

Machines

IPv4: 192.168.1.90

OS: Kali Linux

Hostname: Kali

IPv4: 192.168.1.110

OS: Linux

Hostname: Target 1

IPv4: 192.168.1.115

OS: Linux

Hostname: Target 2

IPv4: 192.168.1.100

OS: Linux

Hostname: ELK

5 of 14

Critical Vulnerabilities: Target 1

Our assessment uncovered the following critical vulnerabilities in Target 1.

5

Vulnerability	Description	Impact
WP scan to enumerate users	WP scan is a tool to exploit vulnerable Wordpress servers, specifically enumerating users by sending requests and seeing the responses to infer which users accounts are registered	Gaining the usernames and from there able to brute force their passwords
Weak password for WP logins	Common passwords can be brute forced using hydra and used to gain unauthorized access	Gained unauthorized access on Target 1
Running python with sudo privileges	Python module is ran with sudo privileges can be exploited by users with no sudo access	Escalate user to root

6 of 14

Alerts Implemented

6

7 of 14

Excessive HTTP Errors

Summarize the following:

Metric (packetbeat indice): WHEN count() GROUPED OVER top 5 ‘http.response.status_code’
Threshold: Above 400 for the last 5 minutes

7

8 of 14

HTTP Request Size Monitor

Summarize the following:

Metric (packetbeat indice): WHEN sum() of http.request.bytes OVER all documents
Threshold: Is above 3500 for the last 1 minute

8

9 of 14

CPU Usage Monitor

Summarize the following:

Metric (metricbeat indice): WHEN max() OF system.process.cpu.total.pct OVER all documents
Threshold: above .5 for the last 5 minutes

9

10 of 14

Hardening

10

11 of 14

Hardening Against WordPress Vulnerabilty on Target 1

WordPress Hardening:

One way to harden WordPress besides strong passwords and two-factor authentication is to block the php functions from unknown sources as well as disable the php executions in unnecessary locations like webdav.
Commands: 1.create a .htaccess file in Uploads folder. 2. Add code and upload file.

3. Edit file and add

11

12 of 14

Hardening Against DDOS on Target 1

DDOS Hardening on Linux:

1.check for connections from common subnets

netstat -ntu|awk '{print $5}'|cut -d: -f1 -s |cut -f1,2 -d'.'|sed 's/$/.0.0/'|sort|uniq -c|sort -nk1 -r

2.install netstat if needed

sudo apt-get install net-tools -y

3.find connections from the /24 subnet

netstat -ntu|awk '{print $5}'|cut -d: -f1 -s |cut -f1,2,3 -d'.'|sed 's/$/.0/'|sort|uniq -c|sort -nk1 -r

4.list all IP addresses

netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c

5. netstat calculate # of connections

sudo netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

6. Once you find IP engaging in DDOS

sudo route add ADDRESS reject

7. Or entire subnet

sudo iptables -A INPUT -s ADDRESS/SUBNET -j DROP

12

13 of 14

Hardening Against Virus or Malware on Target 1

Malware Hardening:

One step to harden against viruses or malware is to remove the Apache version being broadcasted, which makes it harder for attackers to find vulnerabilities associated with your version.

Located in apache config files, add following:

ServerSignature Off
ServerTokens Prod

Result when looking at HTTP response header:

13

14 of 14

Hardening Against Virus or Malware on Target 1

Malware Hardening:

Another step to harden against viruses or malware is to disable directory listing on the browser. This is also done in the configuration files.

Located in apache config directory in file called: httpd.conf, add following under ‘Directory’:

Options -Indexes or Options None.

Result when looking at directories:

14