Penetration Test Proposal

Scanning Plan

Overview

Once I have collected information for the reconnaissance phase, there is a need to collect details necessary to penetrate the target. The list of destinations from the reconnaissance phase is too expansive and demand proper streamlining. Scanning will ensure that the systems are responsive and make sense. It is also a necessary action to eliminate any operation that might have turned unresponsive during the process of reconnaissance. In this phase, several methods are available for testing the availability of connected systems. However, I intend to use the technique of ICMP packets, which one of the most common practices in this application. I will use these methods to verify that all the selected systems are available before proceeding to the next phase. The technique chosen is familiar and straightforward. It is also very reliable in its application.

Tactics, Techniques, and Procedures

The ICMP echo is a technique that demands comments, for instance, so that all internet users will respond to them. Some systems, however, may have ways to blocks and ICMP, but most of them, and as identified in the reconnaissance, the Haverbrook Investment Group systems do not have such defenses in many of its applications. As a

result, it will be easier to use the tools to perform the scanning process. I intend to use these methods to achieve the said scanning to narrow down my process of hacking Haverbrook Investment.

In areas where the company has blocked ICMP, I intend to use the packets such as the TCP ACK. Te packet would return an RST whenever it is sent to a port that is firewall enabled, which will indicate whether the target system is active or not.  With this, I will manage to perform the tests to confirm those systems that are active and those that are not, to narrow down my process further. With the combination of these two packets., I will manage to perform a sweep based on the ping technique. A log file will allow the capture of these ping sweeps identifying active machines in the process. Moreover, the process will also enable the identification of dynamic IP addresses.

The ICMP Packets will be used to create and send messages to the IP addresses in the sources to indicate the gateway to the router of the internet or services that cannot be accessed through direct packet delivery.  I will send a series of ICMP request packets to the network of Haverbrook Investment groups. It will sweep their entire system with inferences of whether the hosts are connected and alive or they are out of operations. Once I have to Identify the status of the target areas, I apply the techniques for the subsequent steps.

Procedure

Perform SSH on a specific port to a particular host using the credentials obtained in the reconnaissance phase. The processes will log someone on to the virtual lab terminal server. Then issue a command based on Nmap to perform ICMP sweep on the target network. Here, the power based on Nmap will return an output to indicate active and inactive hosts. Login into the virtual lab and find the information that correlates to the IP addresses for the hosts, and hence, the target networks.

References

Achleitner, S., La Porta, T. F., McDaniel, P., Sugrim, S., Krishnamurthy, S. V., & Chadha, R. (2017). Deceiving network reconnaissance using SDN-based virtual topologies. IEEE Transactions on Network and Service Management, 14(4), 1098-1112.

Dar, U. A., & Iqbal, A. (2018). The Silent Art of Reconnaissance: The Other Side of the Hill. International Journal of Computer Networks and Communications Security, 6(12), 250-263.