CST 640 Project 1

I just need this the text in this PPT done and it needs to be sourced. I did the lab portion and provided screenshots.
The transcripts is just for support. I am also attaching the rubrick. Like I said the lab is done.
ppt
ATTACHED FILE(S)
Digital Forensics Technology and Practices:
Project 1 – A Network Intrusion





1
Project 1 – Introduction
Talk about the purpose of the Project 1
Discuss Network Intrusions
Discuss any concerns or critical points related to this security incident
Erase all of the directions provided in this text box when you submit the project

MARS Linux System

Add a screenshot of your Linux IP
Discuss the Linux system that you are using in MARS
in a few bullet points …
Erase all of the directions provided in this text box

MARS Windows System

Add a screenshot of your Windows IP
Discuss the Windows system that you are using in MARS
in a few bullet points …
Erase all of the directions provided in this text box

IIS Setup

The directions for IIS Setup are in section2 of Lab 3
You should be good if you went through the lab. If not, go through section 2 of Lab 3.
Add a screenshot of your connection to 127.0.0.1 on the Windows system.
Discuss what IIS is and its function in a few bullet points …
Erase all of the directions provided in this text box when you submit the project

Security Policy Changes

Right Click on the start button and select Run
In the Run Box, type gpedit.msc and then click ok.
Expand Computer Configuration.
Expand Windows Settings
Expand Security Settings
Expand Account Policies
Under Password Policies, double click Password must meet complexity requirements.
Click the Disabled Radio button and then click ok. Close the Local Group Policy Editor.
Add the screenshot seen here. Do not use the example screenshot.
Finally, Discuss Password Policies and their benefit in a few bullet points.
Erase all of the directions within this PowerPoint Slide to add your bullet points.
Adding an Administrative Account
Run these commands on your system, replacing yourname with your first name
net user yournameadmin yourname /add
Post your screenshot(s) here
Discuss the net user command
net localgroup administrators yourname admin /add
Discuss the net localgroup command
Erase all of the directions provided in this text box when you submit the project

Base64 Lesson
Go to https://gchq.github.io/CyberChef/
Drag Base64 to the Recipe Column
Type yourname (your first name) and click bake
Provide a screenshot of the output
Briefly explain CyberChef and Base64
Erase all of the directions provided in this text box
Copy the Base 64 output into a text file on Windows

Website Misconfiguration
Right Click on the start button and select Run
In the Run Box, type cmd and then click ok.
Type cd c:\inetpub\wwwroot
mkdir hidden
cd hidden
echo > index.htm
notepad index.htm
In this file, type your username of yournameadmin, where yourname is yourname
In this file, paste your base64 encoded password of yourname
Add a screenshot of your index.htm file within the wwwroot folder
erase all of the directions provided in this text box
dirb attack on the Windows Server
Go to the Kali Machin
Open a Terminal
type dirb http://10.138.X.X, using the
IP address of your Windows machine
Post a Screenshot
erase all of the directions provided

Credentials Extracted
Right Click Open Link on the CODE: 200 Link
Notice the username and the password, encoded, in base 64 is exposed.
Erase all of the directions provided in this text box when you submit the project
Post a screenshot of the harvested credentials.
Explain how website misconfigurations can lead to security incidents

Summary
Talk about the Tools and Technologies used
Talk about what happened
Talk about how the attacked got in.
References

WEBVTT
1
00:00:00.750 –> 00:00:08.069
Jesse Varsalone: hi my name is Jesse Varsalone and I’m going to cover the first project for you, so you have a
2
00:00:09.540 –> 00:00:20.250
Jesse Varsalone: PowerPoint template available in your course and it’s available right at the top of the course under project templates.
3
00:00:21.300 –> 00:00:33.240
Jesse Varsalone: i’m going to go through the technical aspects of the project, anything that I talk about in this video you are free to use as talking points in your PowerPoint bullets.
4
00:00:33.810 –> 00:00:54.690
Jesse Varsalone: Start off talk about the purpose of your project and discuss what a network intrusion is. Discuss critical events. So the first thing we’re going to do is we’re going to get our IP address of our Mars Linux system, so if you take a look at mine,
5
00:00:56.430 –> 00:01:02.190
Jesse Varsalone: here’s my Linux IP I can get that here, and I can also get that.
6
00:01:04.170 –> 00:01:07.350
Jesse Varsalone: In Mars by typing ifconfig on the Kali Linux machine.
7
00:01:11.670 –> 00:01:12.840
Jesse Varsalone: In Kali,
8
00:01:16.950 –> 00:01:20.190
Jesse Varsalone: I’ll go to applications, usual applications,
9
00:01:23.940 –> 00:01:25.920
Jesse Varsalone: system tools, mate terminal.
10
00:01:27.360 –> 00:01:29.130
Jesse Varsalone: And type ifconfig.
11
00:01:31.080 –> 00:01:39.090
Jesse Varsalone: And that IP that I had before matches the on on my MARS home page. Each student has different IP addresses that’s the way AWS works.
12
00:01:40.500 –> 00:01:40.800
Jesse Varsalone: You can get the
13
00:01:42.660 –> 00:01:47.280
Jesse Varsalone: IP of your windows system on the MARS home
14
00:01:49.290 –> 00:01:53.490
Jesse Varsalone: screen, you can also right click on start, go up to run, and type
15
00:01:55.410 –> 00:01:59.580
Jesse Varsalone: CMD and click OK, and then type ipconfig.
16
00:02:00.720 –> 00:02:05.280
Jesse Varsalone: There’s my Windows IP. So every student has different IP addresses on their Windows and Linux system.
17
00:02:06.840 –> 00:02:14.820
Jesse Varsalone: Next IIS needs of be installed which was done in
18
00:02:15.360 –> 00:02:32.070
Jesse Varsalone: in section two of lab three. I’ve already got that done, I will not go through that process again right now, but I will show you how you can verify, to make sure that you do have IIS running. There’s actually a number of ways, you could do it.
19
00:02:33.330 –> 00:02:46.260
Jesse Varsalone: The way that is mentioned in the slide is to open Internet Explorer and type http://127.0.0.1
20
00:02:47.610 –> 00:02:51.180
Jesse Varsalone: Another way you could do it is to type netstat -an
21
00:02:57.660 –> 00:02:57.930
Jesse Varsalone: .
22
00:02:59.280 –> 00:02:59.820
Jesse Varsalone: .
23
00:03:01.410 –> 00:03:01.860
Jesse Varsalone: .
24
00:03:06.690 –> 00:03:07.860
Jesse Varsalone: So, here it is it’s
25
00:03:09.900 –> 00:03:13.560
Jesse Varsalone: listening on port 80 so I have a web server.
26
00:03:14.970 –> 00:03:16.440
Jesse Varsalone: Okay, so.
27
00:03:17.580 –> 00:03:29.610
Jesse Varsalone: Make sure that’s done now, we do need to do a security policy change this is so we can create the specific user with a certain uncomplex password.
28
00:03:31.110 –> 00:03:41.910
Jesse Varsalone: i’ll close my website i’ll type gpedit.msc. You could also do that in the run box.
29
00:03:43.320 –> 00:03:46.920
Jesse Varsalone: you’re going to go to Windows settings,
30
00:03:50.670 –> 00:03:52.560
Jesse Varsalone: Security settings,
31
00:04:00.210 –> 00:04:03.120
Jesse Varsalone: Account policies, password policies.
32
00:04:06.210 –> 00:04:08.670
Jesse Varsalone: Double click on the policy that states Passwords must meet
33
00:04:10.740 –> 00:04:23.940
Jesse Varsalone: complexity requirements. You’re going to disable that. That is done sometimes. Whether this actually is enabled by default depends if it’s a server or a
34
00:04:25.470 –> 00:04:47.640
Jesse Varsalone: workstation operating system. That’s done and then you can talk about you passwords and password complexity and how that’s important to an organization in that slide. The next thing we’re going to do is type net user yournameadmin yourname /add
35
00:04:48.870 –> 00:04:54.180
Jesse Varsalone: Your nameadmin, and your first name without spaces is the password.
36
00:05:03.150 –> 00:05:05.730
Jesse Varsalone: Okay, so I added yournameadmin.
37
00:05:07.290 –> 00:05:12.060
Jesse Varsalone: Then I add that account to the administrators group by typing net localgroup administrators yourname admin /add
38
00:05:15.480 –> 00:05:22.770
Jesse Varsalone: I’ve been using these net commands since windows nt (for a long time).
39
00:05:38.490 –> 00:05:38.970
Jesse Varsalone: If you type
40
00:05:41.010 –> 00:05:42.780
Jesse Varsalone: net localgroup administrators
41
00:05:43.830 –> 00:05:49.050
Jesse Varsalone: You can actually see the list of the administrators on that account on that system.
42
00:05:50.880 –> 00:05:53.760
Jesse Varsalone: Okay, the directions talk about Base64 encoding
43
00:05:54.900 –> 00:05:57.630
Jesse Varsalone: and the cyber chef website.
44
00:06:08.460 –> 00:06:12.990
Jesse Varsalone: Go the the site within MARS on your Windows system.
45
00:06:14.220 –> 00:06:15.210
Jesse Varsalone: it’s a great site.
46
00:06:30.540 –> 00:06:30.930
Jesse Varsalone: OK.
47
00:06:33.840 –> 00:06:46.260
Jesse Varsalone: So now, this is has many different ways, you can encode and encrypt inputs, so what we’re going to do is type our name.
48
00:06:48.600 –> 00:06:50.910
Jesse Varsalone: And then we’re going to click to base 64.
49
00:06:51.990 –> 00:06:55.020
Jesse Varsalone: So that’s the base 64 version of
50
00:06:56.910 –> 00:07:04.380
Jesse Varsalone: your name. You put your name, whether it’s Tyrone or Tyesia, Sam, Jane or Sue.
51
00:07:05.760 –> 00:07:06.270
Jesse Varsalone: OK.
52
00:07:08.130 –> 00:07:12.630
Jesse Varsalone: So now i’m going to copy that Base64 encoded password to a text file.
53
00:07:13.710 –> 00:07:14.040
Jesse Varsalone: .
54
00:07:17.220 –> 00:07:19.470
Jesse Varsalone: So I can just
55
00:07:20.610 –> 00:07:29.070
Jesse Varsalone: Right click here go to run and type notepad. You can also just right click on the desktop create a new text document.
56
00:07:29.760 –> 00:07:46.110
Jesse Varsalone: Okay, so i’m going to save that until I get further directions. All right and you’re going to show those screenshots in your PPT. Website miss configurations are common. So i’m gonna put a hidden directory in the website root folder.
57
00:07:47.790 –> 00:07:48.510
Jesse Varsalone: To do that,
58
00:07:49.710 –> 00:07:55.380
Jesse Varsalone: we need to be in the website directory, this is covered pretty significantly in the
59
00:07:56.640 –> 00:07:57.720
Jesse Varsalone: week 3 lab.
60
00:08:04.260 –> 00:08:14.070
Jesse Varsalone: type: cd c:\inetpub\wwwroot
61
00:08:16.170 –> 00:08:22.320
Jesse Varsalone: Now we need to make a directory called hidden by typing md hidden.
62
00:08:27.120 –> 00:08:32.730
Jesse Varsalone: Typecd hidden
63
00:08:33.780 –> 00:08:37.740
Jesse Varsalone: Now we’re going to create a file called index.html.
64
00:08:39.510 –> 00:08:50.550
Jesse Varsalone: To do that, type echo > index.htm
The next thing I want to do is type notepad index.html
65
00:08:51.600 –> 00:08:59.430
Jesse Varsalone: Now in here erase the contents of the file and add the yournameadmin account and the base64 encoded password.
66
00:09:00.690 –> 00:09:01.860
Jesse Varsalone: .
67
00:09:03.570 –> 00:09:05.370
Jesse Varsalone: .
68
00:09:07.620 –> 00:09:11.820
Jesse Varsalone: .
69
00:09:20.310 –> 00:09:30.090
Jesse Varsalone: So here’s the idea, the scenario, you have in some cases, seen especially back in the day, people would have hidden directories or
70
00:09:30.870 –> 00:09:42.240
Jesse Varsalone: hidden areas where they had the creds because they were managing you know, maybe 50 websites or something, and they want to keep track of everything get there and get in fast.
71
00:09:42.750 –> 00:10:04.770
Jesse Varsalone: In this case, this directory is not accessible to anyone who goes to the site, they would have to kind of know where it is or the dig deeper and then the administrator’s taking a further step of Base64 encoding the password that way, if someone were to stumble across this
72
00:10:05.970 –> 00:10:18.450
Jesse Varsalone: area they wouldn’t have the password itself, they would have the base 64 encoded password. So that’s kind of where it goes now let’s see what happens from there.
73
00:10:20.880 –> 00:10:22.710
Jesse Varsalone: So you’re going to
74
00:10:23.760 –> 00:10:28.230
Jesse Varsalone: take a screenshot. All right now we get to use a a tool
75
00:10:29.520 –> 00:10:46.890
Jesse Varsalone: called dirb which stands for directory buster. To do that it’s going to be a little different for each of you i’m going to clear the screen here by typing clear and then i’m going to type dirb http:// and I need the IP of my Windows system.
76
00:10:48.060 –> 00:11:06.360
Jesse Varsalone: Just copy and paste it from the MARS home page. Everyone has a different IP Address. Don’t use the one in the video. OK, so now, this is just done a transverse all the directories and look for a bunch of random
77
00:11:07.980 –> 00:11:11.940
Jesse Varsalone: directories and see if it gets any type of hits.
78
00:11:14.280 –> 00:11:21.480
Jesse Varsalone: And as you can see, it did get a hit there’s actually larger word sets that you can use to search for additional directories.
79
00:11:21.930 –> 00:11:33.960
Jesse Varsalone: We are only covering it on a surface level. So you see an automated tool, a hacker might use to look for things on a website code 200 means that exists. I’m going to click open link and
80
00:11:35.160 –> 00:11:40.230
Jesse Varsalone: firefox will open some point. There you go, there is the
81
00:11:41.400 –> 00:11:42.750
Jesse Varsalone: information needed.
82
00:11:44.610 –> 00:11:56.550
Jesse Varsalone: The credentials were extracted. All right, and then you want to go have a summary and then some APA references related to all the things that happened.
83
00:11:57.720 –> 00:12:10.140
Jesse Varsalone: As to the next project, the hacker will get in with those credentials and start performing post exploitation tasks. And, in the
84
00:12:11.400 –> 00:12:18.540
Jesse Varsalone: final project, you will do the forensic analysis of looking at everything the hacker has done and how they got in.
85
00:12:20.310 –> 00:12:39.600
Jesse Varsalone: So, finally, for the end of this just make sure that that you hand in the deliverable of the PowerPoint for project one. Make sure you update all the slides with your relevant screenshots and relevant bullet points. Thank you.
Here is the scenario for Project 1:
A recently hired website administrator maintains and manages multiple websites across the country.Theirreputation is good, and they are relatively inexpensive.Mercury USA, the small company you work for, just hired them.Their contract states that they may only access the Windows system through RDP (Remote Desktop Protocol – 3389). You are theirForensic Analyst for Mercury USA. Your IT specialist provided the website administrator with an account with administrative access so they can change and update their settings. The website administrator has many sites to maintain. As a shortcut, they added a hidden folder to the website. Within that folder there is a file where they stored their credentials so they can easily access the system. No one should be able to find this hidden folder and the file with the credentials, since it is not indexed. And, just as an extra precaution, the website administrator encoded the password with Base64 encoding on the off chance that someone with a lot of time on their hands would figure out the hidden URL. An attacker who regularly scans websites with directory buster, or dirb (a built in Kali Linux tool), finds the hidden URL and then decodes the base64password.

Evaluation Criteria

Exceeds Performance Requirements
30 points

Meets Performance Requirements
20 points

Does Not Meet Performance Requirements
0 points

Criterion Score

Screenshots Slides 3-13

In slides 3-11, student includes all of the screenshots of the initial configurations that will lead to a Network Intrusion. Names, and Date and Time Stamps that are reflective of this course.

In slides 3-11, student includes most of the screenshots of the initial configurations that will lead to a Network Intrusion. Names, and Date and Time Stamps that are reflective of this course.

Student is missing most or all of the screenshots for slides 3-11 in this Project

Score of Screenshots Slides 3-13,
/ 30

Evaluation Criteria

Exceeds Performance Requirements
50 points

Meets Performance Requirements
40 points

Does Not Meet Performance Requirements
0 points

Criterion Score

Bullet Points in PowerPoint slides 3-11

In slides 3-11, student includes detailed and relevant explanations in their bullet points that show their understanding of the configurations and settings that will lead to to a Network Intrusion.

In slides 3-11, student includes explanations in their bullet points that show their understanding of the configurations and settings that will lead to to a Network Intrusion.

Student is missing most or all of the descriptions or bullet points for slides 3-11 in this Project

Score of Bullet Points in PowerPoint slides 3-11,
/ 50

Evaluation Criteria

Exceeds Performance Requirements
5 points

Meets Performance Requirements
4 points

Does Not Meet Performance Requirements
0 points

Criterion Score

Title Slide

Title Slide has all relevant information and graphic

Title Slide has all relevant information but is missing graphic

Title Slide is not present

Score of Title Slide,
/ 5

Introduction Slide

Introduction Slide fully sets the stage for the materials covered in the slide deck

Introduction Slide sets the stage for the materials covered in the slide deck, but lacks some detail

Introduction Slide is not present

Score of Introduction Slide,
/ 5

Summary Slide

Summary Slide is comprehensive

Summary Slide is there but could be more comprehensive

Summary Slide Slide is not present

Score of Summary Slide,
/ 5

Reference Slide

Reference Slide is there with at least 2 properly formatted APA references

Reference Slide is there with at least 1 properly formatted APA references

Reference Slide is not present

Score of Reference Slide,
/ 5
Total
Score of Project 1 – A Network Intrusion,
/ 100

Place your order
(550 words)

Approximate price: $22

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more