The Project VM Environment

The project involves testing a number of VMs, each has its own settings and
configurations (e.g. different OS, ports, services, versions, etc.). Some of the VMs are
intentionally vulnerable and therefore can be exploited.
The VMs are password-protected and the only way to gain access is to apply your
ethical hacking skills. You will be given two VMs.

WinXP No SP
WinXP SP2

Instructions
This assignment should be done in teams of (two or three per group)
Download and run the project VMs
The network card in the VMs are configured to work in the 192.168.1.0/24
network. You have to configure the Virtual environment in the VMware software
to make all the VMs to communicate.
Explore and profile the system using any technique and tool (e.g. Kali)
Detect services running in the VMs
Detect open ports
Detect system vulnerabilities
Exploit system vulnerabilities
Report findings

Kali and XP.

Report Requirements
1. Cover page signed by all team members Also, include a table of contents.

2. Executive Summary
The executive summary is the section you write the last. This section summarizes
the report content in a small paragraph containing a statement of the tasks
accomplished, methodology used, high level findings and recommendations.

3. System Information
Perform system discovery tasks and identify the followings. Provide screenshots
of your scans. Do not include duplicate information from multiple scans.

List of hosts (hostname, IP, MAC, OS, and services)

Tools and commands (e.g. netdiscover, NMAP, HPING3, etc.)
Screenshots of results

4. Findings
This is the main part where you should include information about three
discovered vulnerabilities, and the successful attacks you performed to exploit

1|Page
 these three vulnerabilities. Include screenshots and technical information about
each attack.
Organize this section by host and then by attack. For each successful attack
include:
Vulnerability Information (what is the vulnerable service and what
type of vulnerability does it have?)
Steps of the attack (include commands and screenshots)
Result of the attack (so what can you do with this attack? Show
screenshots)

5. Fix Recommendations
In this section discuss possible fix recommendations for the successful exploits you
carried out in the previous section.

6. Reflection
Write a brief (5 lines) reflection about the task you carried out and the things you
learned. You may also highlight challenges you faced.

2|Page
 Deliverables and Marking
5 = Excellent, 4 = Very good, 3 = Satisfactory, 2 = Unsatisfactory, 1 = Poor, 0 = Not Included

Report Packaging EX VG S US P NI

Overall formatting 2.5 2 1.5 1 0.5 0

Language (grammar and spelling) 5 4 3 2 1 0

Report Contents EX VG S US P NI

Executive Summary 2.5 2 1.5 1 0.5 0

System Information 10 8 6 4 2 0

Findings

Vulnerability Exploitation (V1) 10 8 6 4 2 0

Vulnerability Exploitation (V2) 10 8 6 4 2 0

Vulnerability Exploitation (V3) 10 8 6 4 2 0

Fix Recommendations 5 4 3 2 1 0

Reflection -Individual

Student 1 5 4 3 2 1 0

Student 2 5 4 3 2 1 0

Student 3 5 4 3 2 1 0

Total 60

Awarded

3|Page