Hacking in GNS3
A penetration test demonstration
Objectives
Demonstrate real-world network penetration attacks in a simulated environment.
Research and implement security strategies to prevent further attacks.
Project Overview
Photo by Jordan Harrison on Unsplash.com
Build simulated network
To demonstrate the penetration attacks a virtual network was created in GNS3. Services and hosts were configured to simulate a real-world network.
Three cyber attacks were performed on the network. Information regarding the specific attacks is posted below.
Photo obtained from iStock.com
Denial-of-Service attack
A SYN flood denial-of-service (DoS) attack was used against a webserver. This caused the website to crash and become inaccessible for everyone. A simple yet powerful attack that anyone with an internet connection can perform.
Hydra logo obtained from kali.org
Brute-force login cracker
A login cracker tool called Hydra was used to obtain the password for a webserver. Hydra utilized a brute-force method along with vulnerabilities in the FTP service in order to gain the credentials. While this type of attack could potentially take years to complete, it is still one of the most reliable methods.
Metasploit Project logo, trademark of Rapid7 LLC.
Metasploit exploit
The Metasploit Framework is an open-source tool used to build and execute exploits. Vulnerabilities in the services running on the network were taken advantage of using this tool. A reverse shell session was opened in this attack and commands were then sent remotely to the target system. This type of attack requires extensive knowledge of the target network and systems.
Photo obtained from iStock.com
Attack mitigation solutions
Security solutions and strategies were implemented after penetration testing to prevent further malicious attacks. Research was done to determine the best techniques to use against cyber attacks. Password policies were enforced, security-oriented configurations were put in place, and ACLs were setup.