The scenario for this LiveCD is that a CEO of a small company has tasked you to do more extensive penetration testing of systems within his company. The network administrator has reconfigured systems within his network to meet tougher security requirements and expects you to fail any further penetration attempts. This system is an ftp server used by the network administrator team to create / reload systems on the company intranet. No classified or sensitive information should reside on this server. Through discussion with the administrator, you found out that this server had been used in the past to maintain customer information, but has been sanitized (as opposed to re-built).Prove to the network administrator that proper system configuration is not the only thing critical in securing a server.
1. Brief Summary/Executive Overview
The scenario as presented in your own words, to provide scope, summary of results
2. Information Gathering
What can you find out about using Active and passive gathering
You can use write up of attacks that can be found on the internet, but they must be treated as information not fact until verified with execution.
3. Attack plan (20)
Detailed plan based on Information Gathering
Use information for the internet and book below:
Professional Penetration Testing : Creating and Learning in a Hacking Lab by Thomas Wilhelm