The article describes a pentesting project conducted at the Rochester Institute of Technology, involving the creation of a penetration testing lab. The project is structured into three phases: setting up a vulnerable environment, implementing monitoring tools, and conducting attacks while documenting the findings. Aimed at beginners to intermediate ethical hackers, it highlights specific vulnerabilities, tools used for exploiting them, and mitigation strategies. Affected: Windows 10, Wondershare Dr. Fone, ThinVNC, Apache Tomcat
Keypoints :
- The project is part of the Computer System Security course at RIT.
- It is divided into three phases focusing on vulnerability setup, monitoring, and attack documentation.
- Phase 1 involves creating a vulnerable Windows 10 machine.
- Specific vulnerabilities were targeted: CVE-2021-44596, CVE-2019-17662, and CVE-2019-0232.
- Tools such as Python scripts, Metasploit, and Nmap were utilized in the project.
- Mitigation strategies were proposed for each identified vulnerability.
- A video demonstration of successful exploitation was included.
- Phase 2 will focus on analyzing system monitoring and detecting malicious activities.