Applied Exploitation Using Metasploit

While the scope of this class does not cover writing our own exploits, there are many libraries of exploits available to the security practitioner. One such library is Exploit Database, from Offensive Security. Metasploit is an exploit framework that provides access to the Exploit Database.

1. Using GCU Approved Virtualization Solution and Metasploit available in Kali Linux, exploit three or more vulnerabilities discovered in the Vulnerability Assessment assignment on the virtual machines.
2. Document findings under Phase Testing in the “PEN Testing Report Guidelines,” located in the Course Materials. Refer to the SANS Institute industry-standard “Writing a Penetration Testing Report,” for examples of PEN Testing Report.
3. Append this assignment to the PEN testing report and resubmit the report (Passive Corporate Recon + Automating Information RECON + NMap Scan + Vulnerability Assessment + Applied Exploitation using Metasploit).

In a 500- to 750-word essay research the following concepts/terms. Discuss how these concepts/terms aid in the exploitation of a host system.

1. Return-oriented programming
2. Buffer overflows
3. Password weaknesses
4. Vulnerability Race conditions
5. Numeric over/underflows
6. User-space vs. Kernel-space vulnerabilities

While APA style is not required for the body of this assignment, solid academic writing is expected, and documentation of sources should be presented using APA formatting guidelines, which can be found in the APA Style Guide, located in the Student Success Center.

This assignment uses a rubric. Please review the rubric prior to beginning the assignment to become familiar with the expectations for successful completion.

You are not required to submit this assignment to LopesWrite.

Custom Payload

Metasploit comes with various preconfigured backdoors and payloads both for Windows and Linux Operating Systems. These backdoors can be used to exploit flaws discovered in the source code of a host. Metasploit also comes with an additional tool set that allows the security practitioner to create custom backdoors (payloads) to be delivered by Metasploit. These custom payloads can be used to evade Anti-Virus (AV) protection and established trust relationships between information systems.

1. Using GCU Approved Virtualization Solution and MSFVenom (MSFPayload + MSFEncode) available in Metasploit Frameworks, found in Kali Linux, create a custom payload and install that payload as a backdoor in an exploited host and establish a remote access connection verses a local login.
2. Document findings under Phase Testing in the “PEN Testing Report Guidelines,” located in the Course Materials. Refer to the SANS Institute industry-standard “Writing a Penetration Testing Report,” for examples of PEN Testing Reports.
3. Append this assignment to the PEN testing report and resubmit the report (Passive Corporate Recon + Automating Information RECON + NMap Scan + Vulnerability Assessment + Applied Exploitation using Metasploit + Custom Payload).

While APA style is not required for the body of this assignment, solid academic writing is expected, and documentation of sources should be presented using APA formatting guidelines, which can be found in the APA Style Guide, located in the Student Success Center.

This assignment uses a rubric. Please review the rubric prior to beginning the assignment to become familiar with the expectations for successful completion. 

You are not required to submit this assignment to LopesWrite.