Skip to content
/ EH-Assignment Public

Scripts for NP CSF Ethical Hacking Module Assignment

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

RyanNgCT/EH-Assignment

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
SambaCry/scripts
SambaCry/scripts
 
 
EH ASGMT Worksheet.pptx
EH ASGMT Worksheet.pptx
 
 
README.md
README.md
 
 

Repository files navigation

EH-Assignment

Scripts for NP CSF Ethical Hacking Module Assignment.

Assignment demonstrates SambaCry (CVE-2017-7494) and ZeroLogon (CVE-2020-1472). Designed to replicate an enterprise pentest/attack scenario.

The Simulated Attack includes the following components

  • Scanning and Enumeration
  • Exploitation
  • Pivoting
  • Post-Exploitation Activities

Disclaimer: The author is NOT responsible to any breach of computer system(s) and/or violation of National or International Computer Security Laws by third parties (you) accessing this material, including but not limited to Singapore Computer Misuse and Cybersecurity Act Chapter 50A. By viewing this material, you agree to not use this for malicious intent and for the sole reason of educational purposes only.

Case Scenario

Mel is a disgruntled employee of Company13. During COVID-19, the company deployed the Hamachi VPN service to allow employees to work from home, to access the company file shares via the Samba protocol hosted on an Ubuntu File server.

Mel decides to use this opportunity to attack the outdated version of Samba and compromise the server using SambaCry. Since the Samba File Server has an interface communicating with Active Directory Domain, Mel can pivot to and exploit the Domain Controller with the Zerologon vulnerability to steal domain credentials and exfiltrate the company’s data.

Network Diagram

image

Requirements

1. Hardware

  • minimally 8GB RAM (recommended 12GB and above)

2. VMs

*iso images should be amd64 to allow for virtualization on Windows

3. Software

  • Hamachi VPN - install on Kali and Ubuntu only.
  • Kali: Impacket, sshuttle (and dependencies)
  • Ubuntu: openssh server, samba (during installation)

a) kali dependencies

$ sudo apt update && upgrade -y
$ sudo apt install python3 python3-pip

b) Impacket (please refer to installation guide for newer versions).

$ git clone https://github.com/SecureAuthCorp/impacket.git
$ cd impacket
$ python3 -m pip install .
$ sudo pip install virtualenv
$ virtualenv --python=python3 impacket
$ source impacket/bin/activate
$ pip install --upgrade pip
$ pip install .

Contributions and Thanks

About

Scripts for NP CSF Ethical Hacking Module Assignment

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published