Penetration Test [closed]
You were recently hired for a Penetration Tester position. You are responsible for penetration testing information systems located in the Local Area Network (LAN) and the Demilitarized Zone (DMZ). A new web server was recently installed in the DMZ and you are tasked with attempting to compromise this server as a simulated external (WAN/Internet) threat. For the purposes of this exercise you have access to a Kali Linux virtual machine. The IP address of the external router is 198.51.100.254/24. The IP address of the corporate web server resides somewhere on the 120.38.48.0/24 network.
There are 8 steps
Use the Kali Linux virtual machine to enumerate the network and discover any potential misconfigurations and/or vulnerable information systems.
Based on your vulnerability discovery(ies), exploit the system(s) using the Kali Linux virtual machine.
Use a method available to you on the Kali Linux virtual machine to recover any credentials from the compromised system.
Use your newly acquired network access to create a pass-through capability (PIVOT) onto other networks of opportunity.
Use the built-in functions of Metasploit on the Kali Linux virtual machine to conduct a portscan on the LAN network. Discover any potential misconfigurations and/or vulnerable information systems.
Use the previously stolen credentials to access the domain controller.
Leverage xfreerdp on the Kali Linux virtual machine to RDP onto the Windows 8 VM.
Deface the webpage hosted on the web server by modifying the webpage index.html file.
