A.3 TestOut Ethical Hacker Pro Certification Practice Exam
You are the IT security administrator for a small corporate network. You are performing vulnerability scans on your network. Mary is the primary administrator for the network and the only person authorized to perform local administrative actions. The company network security policy requires complex passwords for all users. It is also required that Windows Firewall is enabled on all workstations. Sharing personal files is not allowed. In this lab, your task is to: Run a vulnerability scan for the Office2 workstation using the Security Evaluator on the taskbar. Remediate the vulnerabilities found in the vulnerability report on Office2 as follows:Rename the Administrator account.Disable the Guest account.Set the password for the Mary account to expire.Require a strong password for the Mary account.Unlock the Susan account.Remove the Susan account from the Administrators group.Turn on Windows Firewall for all profiles.Remove the file share on the MyMusic folder. Re-run a vulnerability scan to make sure all of the issues are resolved.
Complete this lab as follows: Run a Security Evaluator report as follows:From the taskbar, open Security Evaluator.Next to Local Machine, select the Target icon to select a new target.Select Workstation.From the Workstation drop-down list, select Office2 as the target.Click OK.Select Status Run/Rerun Security Evaluation icon to run the security evaluation.Review the results to determine which issues you need to resolve on Office2. From the top navigation tabs, select Floor 1. Under Office 2, select Office2. On Office2, right-click Start and select Computer Management. Expand Local Users and Groups. Select Users. Rename a user account as follows:Right-click Administrator and select Rename.Enter a new name and press Enter. Disable the Guest account as follows:Right-click Guest and select Properties.Select Account is disabled and then click OK. Set a new password as follows:Right-click Mary and select Set Password.Select Proceed.Enter a new password (12 characters or more).Confirm the new password and then click OK.Click OK.Ideally, you should have created a policy that requires passwords with 12 characters or more. Set a password to expire as follows:Right-click Mary and select Properties.Deselect Password never expires.Select User must change password at next logon and then click OK. Unlock a user account and remove the user from a group as follows:Right-click Susan and select Properties.Deselect Account is locked out and then click Apply.Select the Member of tab.Select the Administrators.Select Remove.Click OK.Close Computer Management. Enable Windows Firewall for all profiles as follows:In the search field on the taskbar, enter Control Panel.Under Best match, select Control Panel.Select System and Security.Select Windows Firewall.Select Turn Windows Firewall on or off.Under Domain network settings, select Turn on Windows Firewall.Under Private network settings, select Turn on Windows Firewall.Under Public network settings, select Turn on Windows Firewall.Click OK.Close Windows Firewall. Remove a file share as follows:From the taskbar, open File Explorer.Browse to C:\\MyMusic.Right-click MyMusic and select Properties.Select the Sharing tab.Select Advanced Sharing.Deselect Share this folder.Click OK.Click OK. Use the Security Evaluator feature to verify that all of the issues on the ITAdmin computer were resolved as follows:From the top navigation tabs, select Floor 1.Select ITAdmin.In Security Evaluator, select Status refresh to rerun the security evaluation.If you still see unresolved issues, select Floor 1, navigate to the Office2 workstation, and remediate any remaining issues.
The CEO of CorpNet.xyz has hired your firm to obtain some passwords for their company. A senior IT network administrator, Oliver Lennon, is suspected of wrongdoing and suspects he is going to be fired from the company. The problem is that he changed many of the standard passwords known to only the top executives, and now he is the only one that knows them. Your company has completed the legal documents needed to protect you and the company. With the help of a CorpNet.xyz executive, you were allowed into the IT Admin's office after hours. You unplugged the keyboard from the back of the ITAdmin computer and placed a USB keylogger into the USB, then plugged the USB keyboard into the keylogger. After a week, the company executive lets you back into the IT Admin's office after hours again. In this lab, your task is to use the keylogger to recover the changed passwords as follows: Move the keyboard USB connector to a different USB port on ITAdmin. Remove the keylogger from ITAdmin. Move the consultant laptop from the Shelf to the Workspace. Plug the keylogger into the consultant laptop's USB drive. Use the SBK key combination to toggle the USB keylogger from keylogger mode to USB flash drive mode. Open the LOG.txt file and inspect the contents. Find the olennon account's password. Find the Administrator account's password. Answer the questions.
Complete this lab as follows: Above the computer, select Back to view the back of the computer. On the back of the computer, drag the USB Type A connector for the keyboard to another USB port on the computer. On the Shelf, expand System Cases. Drag the Laptop to the Workspace. Above the laptop, select Back to view the back of the laptop. From the computer, drag the keylogger to a USB port on the laptop. Above the laptop, select Front to view the front of the laptop. On the laptop, select Click to view Windows 10. Press S + B + K to toggle from the keylogger mode to the flash drive mode. Select Tap to choose what happens with removable drives. Select Open folder to view files. Double-click LOG.txt to open the file. In the top right, select Answer Questions. Answer the questions. Select Score Lab.
You recognize that the threat of malware is increasing and have implemented Windows Defender on the office computers. In this lab, your task is to configure Windows Defender as follows: Add a file exclusion for D:\Graphics\cat.jpg. Add a process exclusion for welcome.scr. Update protection definitions before performing the scan. Perform a quick scan.
Complete this lab as follows: Add a file exclusion as follows:In the search field on the taskbar, enter Windows Defender.Under Best match, select Windows Defender Security Center.Maximize the window for easier viewing.Select Virus & threat protection.Select Virus & threat protection settings.Under Exclusions, select Add or remove exclusions.Select the + (plus sign) next to Add an exclusion.From the drop-down lists, select File.Under This PC, select Data (D:).Double-click Graphics.Select cat.jpg.Select Open. Add a process exclusion as follows:Select the + (plus sign) next to Add an exclusion.From the drop-down lists, select Process.In the Enter process name field, enter welcome.scr for the process name.Select Add. Update protection definitions as follows:In the left menu, select the shield icon.Select Protection updates.Select Check for updates. Perform a quick scan as follows:In the left menu, select the shield icon.Under Scan History, select Quick scan to run a quick scan now.
You are the IT security administrator for a small corporate network. You've received a zip file that contains sensitive password-protected files. You need to access these files. The zip file is located in the home directory. In this lab, your task is to use John the Ripper to: Crack the root password on Support. Crack the password of the protected.zip file in the home directory on IT-Laptop. After John the Ripper cracks the password, it won't crack it again. The results are stored in the john.pot file.
Complete this lab as follows: Crack the root password on Support as follows:From the Favorites bar, open Terminal.At the prompt, type cd /usr/share/john and press Enter to change directories to the folder containing the John the Ripper password file.Type ls and press Enter to list the files in the directory.Type cat password.lst and press Enter to view the password list. This is an abbreviated list.Type cd and press Enter to go back to root.Type john /etc/shadow and press Enter to crack the Linux passwords.Notice that the root password of 1worm4b8 was cracked.Type john /etc/shadow and press Enter to attempt to crack the Linux passwords again.Notice that it does not attempt to crack the password again. The cracked password is already stored in the john.pot file.Type cat ./.john/john.pot and press Enter to view the contents of the john.pot file.Type john /etc/shadow --show and press Enter as an alternate method of viewing the previously cracked password.In the top right, select Answer Questions.In Terminal, find the root password and answer the question. Crack the password of the protected.zip file as follows:From the top navigation tabs, select Floor 1 Overview.Under IT Administration, select IT-Laptop.From the Favorites bar, open Terminal.At the prompt, type ls and press Enter to view the contents of the home directory. Notice the protected.zip file you wish to crack.Type zip2john protected.zip > ziphash.txt and press Enter to copy the hashes to a text file.Type cat ziphash.txt and press Enter to confirm that the hashes have been copied.Type john --format=pkzip ziphash.txt and press Enter to crack the password.Notice that the password of p@ssw0rd was cracked.Type john ziphash.txt --show and press Enter to show the password.In the top right, select Answer Questions.In Terminal, find the password for the file and answer the question.Select Score Lab.
You are enhancing your network's security, and you want to enable Intrusion Detection and Prevention on the network security appliance (NSA). In this lab, your task is to: Enable the IPS on the LAN and DMZ interface. Manually update the IPS signature using C:\signatures\sbips000018.bin Use the following credentials to configure the NSA to automatically update the signature in the future:Username: mary.r.brownPassword: Upd@teN0w (0 is a zero) Set the IPS policies to detect and prevent all known threats.
Complete this lab as follows: Enable IPS as follows:In the Security Appliance Configuration utility, select IPS.Under IPS Enable, select Enable IPS Protection for LAN.Select Enable IPS Protection for DMZ.Select Apply. Update the IPS signature as follows:Under Manual Signature Updates, select Browse.Browse to and select C:\Signatures\SBIPS000018.bin.Select Open.Select Upload.Refresh the page to update the IPS Signatures status.Select Automatically Update Signatures.In the Cisco.com User Name field, enter mary.r.brown.In the Password field, enter Upd@teN0w (0 is a zero).Select Apply. Configure IPS policies as follows:In the left menu, select IPS Policy.For each IPS Category, select Detect and Prevent.Select Apply.
You are the IT security administrator for a small corporate network. Recently, some of your firm's proprietary data leaked online. You have been asked to use steganography to encrypt data into a file that will be shared with a business partner. The data will allow you to track the source if the information is leaked again. In this lab, your task is to use OpenStego to hide data inside a picture file as follows: Encrypt the user data found in John.txt into gear.png. Save the output file into the Documents folder as send.png. Password protect the file with NoMor3L3@ks! as the password. Confirm the functionality of the steganography by extracting the data from send.png into the Exports folder and opening the file to view the hidden user data.
Complete this lab as follows: Encrypt the user data into the file to be shared as follows:In the search field on the taskbar, type OpenStego.Under Best match, select OpenStego.In the Message File field, select the ellipses at the end of the field.Select John.txt.Select Open.In the Cover File field, select the ellipses at the end of the field.Select gear.png file.Select Open.In the Output Stego File field, select the ellipses at the end of the field.In the File name field, enter send.png.Select Open. Password protect the file as follows:In the Password field, enter NoMor3L3@ks!In the Confirm Password field, enter NoMor3L3@ks!Select Hide Data.Select OK. Extract the data and open the file as follows:Under Data Hiding, select Extract Data.In the Input Stego File field, select the ellipses.Select send.png file with the encryption.Select Open.In the Output Folder for Message File field, select the ellipses.Double-click Export to set it as the destination of the output the file.Click Select Folder.In the Password field, enter NoMor3L3@ks! as the password.Select Extract Data.Select OK.From the taskbar, open File Explorer.Double-click Documents to navigate to the folder.Double-click Export to navigate to the folder.Double-click John.txt to open the output file and verify that the decryption process was successful.
As an IT administrator, you need to know how security breaches are caused. You know that SMAC is used for MAC spoofing, so you are going to spoof your MAC address. In this lab, your task is to complete the following: On Office2 use ipconfig /all and find the IP address and MAC address. Spoof the MAC address on ITAdmin to that of Office2 using SMAC. Refresh your MAC and IP addresses to match the target machine.
Complete this lab as follows: Find the IP address and MAC address as follows:Right-click Start and select Windows PowerShell (Admin).At the command prompt, type ipconfig /all and press Enter.Find the MAC address and the IP address. Spoof the MAC address as follows:From the top navigation tabs, select Floor 1 Overview.Under IT Administration, select ITAdmin.In the search bar, type SMAC.Under Best match, right-click SMAC and select Run as administrator.In the New Spoofed Mac Address field, type 00:00:55:55:44:15 for the MAC address from Office2.Select Update MAC.Select OK to restart the adapter. Refresh your MAC and IP addresses as follows:Right-click Start and select Windows PowerShell (Admin).At the command prompt, type ipconfig /all to confirm the MAC address has been updated.Type ipconfig /renew to update the IP address.
You are a cybersecurity consultant and have been asked to work with the ACME, Inc. company to ensure that their network is protected from hackers. As part of the tests, you need to clear a few log files. In this lab, your task is to use Windows PowerShell (as Admin) to clear the following event logs: Use get-eventlog to view the available event logs. Use clear-eventlog to clear the Application and System logs.
Complete this lab as follows: Right-click Start and select Windows PowerShell (Admin). Maximize the window for easier viewing. At the prompt, type Get-Eventlog -logname * and press Enter.In the Entries column, notice the number of entries for the logs. Type Clear-Eventlog -logname Application and press Enter. Type Clear-Eventlog -logname System and press Enter. Type Get-Eventlog -logname * and press Enter.The log entries for Application is zero. The log entries for System is one because another event occurred between the times you cleared the log and viewed the entry list.
You work for a penetration testing consulting company. During an internal penetration test, you find that VNC is being used on the network, which violates your company's security policies. It was installed to maintain access by a malicious employee. In this lab, your task is to complete the following: From the IT-Laptop, use Zenmap to scan all computers on the network to see if any devices have port 5900 (VNC) open. Answer Question 1. Go to the suspect computer and uninstall VNC. From the suspect computer, run netstat to verify the ports for VNC are closed.IP AddressComputer192.168.0.30Exec192.168.0.31ITAdmin192.168.0.32Gst-Lap192.168.0.33Office1192.168.0.34Office2192.168.0.45Support192.168.0.46IT-Laptop
Complete this lab as follows: Find the server that has port 5900 open.From the Favorites bar, open Zenmap.In the Command field, use nmap -p 5900 192.168.0.0/24.Select Scan.From the results, find the computer with port 5900 open.From the top right, select Answer Questions.Answer Question 1.Minimize the Lab Questions window. Uninstall VNC from the computer that has port 5900 open.From the top navigation tabs, select Floor 1 Overview.Find and select the computer that has port 5900 open. (Open the Question window if needed.)At the prompt, type netstat and press Enter to confirm the port is open on the machine.Type dnf list vnc and press Enter to find the package name.Type dnf erase libvncserver and press Enter.Press Y and press Enter to uninstall the package.Type netstat and press Enter to confirm the port has been closed on the machine.From the top right, select Answer Questions.Select Score Lab.
You are the CorpNet IT administrator. Your support team says that CorpNet's customers are unable to browse to the public-facing web server. You suspect that it might be under some sort of denial-of-service attack, possibly a TCP SYN flood attack. Your www_stage computer is on the same network segment as your web server, so you'll use this computer to investigate the problem. In this lab, your task is to: Capture packets from the network segment on www_stage using Wireshark. Analyze the attack using the following filters:tcp.flags.syn==1 and tcp.flags.ack==1tcp.flags.syn==1 and tcp.flags.ack==0 Answer the question.
Complete this lab as follows: From the Favorites bar, open Wireshark. Under Capture, select enp2s0. From the menu, select the blue fin to begin the capture. In the Apply a display filter field, type tcp.flags.syn==1 and tcp.flags.ack==1 and press Enter to filter the Wireshark display to only those packets with both the SYN flag and ACK flag.You may have to wait several seconds before any SYN-ACK packets are captured and displayed. Select the red square to stop the capture. In the Apply a display filter field, change the tcp.flags.ack ending from 1 to 0 and press Enter to filter the Wireshark display to packets with only the SYN flag.Notice that there are a flood of SYN packets being sent to 128.28.1.1 (www.corpnet.xyz) that were not being acknowledged. In the top right, select Answer Questions. Answer the question. Select Score Lab.
You are the cypersecurity specialist for your company. You are conducting a penetration test to see if anyone is using FTP against company policy. In this lab, your task is to capture FTP packets as follows: Use Wireshark to capture packets for five seconds. Filter for FTP packets. Answer the questions.
Complete this lab as follows: From the Favorites bar, open Wireshark. Under Capture, select enp2s0. Select the blue fin to begin a Wireshark capture. Capture packets for five seconds. Select the red box to stop the Wireshark capture. In the Apply a display filter field, type ftp and press Enter. In the top right, select Answer Questions. Answer the questions. Select Score Lab.
You are the IT administrator for a small corporate network, and you want to know how to find and recognize an ICMP flood attack. You know that you can do this using Wireshark and hping3. In this lab, your task is to create and examine the results of an ICMP flood attack as follows: From Kali Linux, start a capture in Wireshark for the esp20 interface. Ping CorpDC at 192.168.0.11. Examine the ICMP packets captured. Use hping3 to launch an ICMP flood attack against CorpDC. Examine the ICMP packets captured. Answer the questions.
Complete this lab as follows: From the Favorites bar, open Wireshark. Under Capture, select enp2s0. Select the blue fin to begin a Wireshark capture. From the Favorites bar, open Terminal. At the prompt, type ping 192.168.0.11 and press Enter. After some data exchanges, press Ctrl + c to stop the ping process. In Wireshark, select the red box to stop the Wireshark capture. In the Apply a display filter field, type icmp and press Enter.Notice the number of packets captured and the time between each packet being sent. Select the blue fin to begin a new Wireshark capture. In Terminal, type hping3 --icmp --flood 192.168.0.11 and press Enter to start a ping flood against CorpDC. In Wireshark, select the red box to stop the Wireshark capture.Notice the type, number of packets, and the time between each packet being sent. In Terminal, type Ctrl + c to stop the ICMP flood. In the top right, select Answer Questions. Answer the questions. Select Score Lab.
You are a cybersecurity consultant. The company hiring you suspects that employees are connecting to a rogue access point (AP). You need to find the name of the hidden rogue AP so it can be deauthorized. The computer suspected of using the rogue access point is Exec-Laptop. In this lab, your task is to complete the following: On IT-Laptop, use airmon-ng to put the wireless adapter in monitor mode. Use airodump-ng to find the hidden access point. On Exec-Laptop, connect to the rogue AP using the CoffeeShop SSID. Answer the question.
Complete this lab as follows: On IT-Laptop, configure the wlp1s0 card to run in monitor mode as follows:From the Favorites bar, open Terminal.At the prompt, type airmon-ng and press Enter to find the name of the wireless adapter.Type airmon-ng start wlp1s0 and press Enter to put the adapter in monitor mode.Type airmon-ng and press Enter to view the new name of the wireless adapter. Use airodump-ng to discover and isolate the hidden access point as follows:Type airodump-ng wlp1s0mon and press Enter to discover all of the access points.Press Ctrl + c to stop airodump-ng.Find the hidden access point ESSID <length : 0>.In the top right, select Answer Questions.Answer the question.In Terminal, type airodump-ng wlp1s0mon --bssid bssid_number and press Enter to isolate the hidden access point. Switch to the Exec-Laptop and connect to the Wi-Fi network as follows:From the top navigation tabs, select Floor 1 Overview.Under Executive Office, select Exec-Laptop.From the notification area, select the Wi-Fi network icon.Select Hidden Network.Select Connect.In the Enter the name (SSID) for the network field, type CoffeeShop.In a real environment, you'll only need to wait until the employee connects to the rogue access point again.Select Next.Select Yes.Under Lab Questions, select Score Lab.
You are the IT security administrator for a small corporate network. You have some security issues on a few Internet of Things (IoT) devices. You can use the Security Evaluator to find these problems. In this lab, your task is to: Find a device using the IP address of 192.168.0.54. Find all devices using an IP address in the range of 192.168.0.60 through 192.168.0.69. Answer the questions.
Complete this lab as follows: Run a Security Evaluator report for 192.168.0.54 as follows:From the taskbar, open Security Evaluator.Next to Target, select the Target icon to select a new target.Select IPv4 Address.Enter 192.168.0.54 as the IP address.Click OK.Next to Status, select the Run/Rerun Security Evaluation icon to run a security evaluation.In the top right, select Answer Questions.Answer questions 1 and 2. Run a Security Evaluator report for an IP range of 192.168.0.60 through 192.168.0.69 as follows:From the Security Evaluator, select the Target icon to select a new target.Select IPv4 Range.In the left field, type 192.168.0.60 as the beginning IP address.In the right field, type 192.168.0.69 as the ending IP address.Click OK.Next to Status, select the Run/Rerun Security Evaluation icon to run a security evaluation.Answer question 3.Select Score Lab.
You are the IT administrator for a small corporate network. You are attempting to improve the password security of the Windows 10 laptop in the Lobby. In each policy, the Explain tab provides a description of the effects of the policy to help you identify which policy to configure with which value. In this lab, your task is to use the Local Security Policy tool to configure password restrictions as follows: Passwords must be at least 10 characters long. Passwords must be changed every 30 days. New passwords cannot be the same as the previous four passwords. New passwords cannot be changed for at least two days. Passwords must contain non-alphabetical characters. Lock the user account after four incorrect logon attempts within a 30-minute period. Automatically unlock locked accounts after one hour. Policy changes will not be enforced within the simulation.
Complete this lab as follows: Select Start. Select Windows Administrative Tools. Select Local Security Policy. In the left pane, expand Account Policies. Select Password Policy. Double-click the policy you want to configure. Configure the policy settings. Click OK. Repeat steps 6-8 to configure additional policies. Select Account Lockout Policy. Repeat steps 6-8 to configure policy settings.
As the cybersecurity specialist for your company, you're performing a penetration test. As part of this test, you're checking to see if the Security Account Manager (SAM) passwords from a Windows system can be cracked using John the Ripper. In this lab, your task is to crack the SAM passwords as follows: On Office 1, use pwdump7 to export the contents of the SAM to SAMhash.txt. This machine has already been booted into a recovery mode, allowing you to use Troubleshoot > Advanced > Command Prompt to access the SAM file. Copy the exported file to the thumb drive (g: drive) and then move the thumb drive to the IT-Laptop computer. After the thumb drive is inserted, it is automatically mounted to /media/root/ESD-USB/. On IT-Laptop, crack the password using the echo and John the Ripper commands.Use the cat command to display the password hash file that was copied to the thumb drive. Do NOT run the echo or John the Ripper commands from the thumb drive.
Complete this lab as follows: Use pwdump7 to create a text file containing the SAM password hashes and copy the new file to the thumb drive as follows:From the recovery dialog, select Troubleshoot.Select Advanced options.Select Command Prompt.Type pwdump7 > SAMhash.txt and press Enter.Type copy SAMhash.txt g: and press Enter. Move the thumb drive from Office 1 to the IT-Laptop computer as follows:From the top navigation tabs, select Office 1.Select the USB Thumb Drive plugged into the front of the computer.Drag the USB Thumb Drive to the Shelf so you can access it later in the IT Administration office.From the top navigation tabs, select Floor 1 Overview.Under IT Administration, select Hardware.Above IT-Laptop, select Back to switch to the back view of the laptop.From the Shelf, drag the USB Thumb Drive to a USB port on the laptop computer.Above IT-Laptop, select Front to switch to the front view of the laptop.On the monitor, select Click to view Linux. Create a new hash file that contains the hash to be cracked as follows:From the Favorites bar, open Terminal.Type cat /media/root/ESD-USB/SAMhash.txt and press Enter.Type echo.Press the space bar.In the Admin line of the output, select the hash in the fourth field. Each field is separated by a colon. This is the hash value that needs to be cracked.Right-click the hash in the fourth field of the Admin line.Notice that the hash was pasted into the command line.Press the space bar.Type > SAMhash.txt.Press Enter. Use John the Ripper and the new hash file to crack the password as follows:Type john SAMhash.txt and press Enter.From the output, find the Admin's password.In the top right, select Answer Questions.Answer the questions.Select Score Lab.
You are the IT security administrator for a small corporate network. You're experimenting with DHCP spoofing attacks using Ettercap. In this lab, your task is to complete the following: On IT-Laptop, use Ettercap to launch a man-in-the-middle DHCP spoofing attack using the following parameters:Netmask: 255.255.255.0DNS Server IP: 192.168.0.11 On Support, complete the following tasks:Start a capture in Wireshark and filter the display for DHCP traffic.View the IP address and the gateway in Terminal.Bring the network interface down and back up to request a new DHCP address.In Wireshark, how many DHCP packets were exchanged?View the IP address and gateway again. What has changed? On Office1, complete the following tasks:Use tracert to rmksupplies.com to find the path. What is the path?Check the IP address of the computer.Release and renew the IP address assigned by DHCP.Check the IP address of the computer again. What has changed?Use tracert to rmksupplies.com to find the path again. What has changed?Log in to the rmksupplies.com employee portal with the following credentials:Username: bjacksonPassword: $uper$ecret1 On IT-Laptop, find the captured username and password in Ettercap. Answer the questions.
In this lab, your task is to complete the following: On IT-Laptop, use Ettercap to launch a man-in-the-middle DHCP spoofing attack using the following parameters:Netmask: 255.255.255.0DNS Server IP: 192.168.0.11 On Support, complete the following tasks:Start a capture in Wireshark and filter the display for DHCP traffic.View the IP address and the gateway in Terminal.Bring the network interface down and back up to request a new DHCP address.In Wireshark, how many DHCP packets were exchanged?View the IP address and gateway again. What has changed? On Office1, complete the following tasks:Use tracert to rmksupplies.com to find the path. What is the path?Check the IP address of the computer.Release and renew the IP address assigned by DHCP.Check the IP address of the computer again. What has changed?Use tracert to rmksupplies.com to find the path again. What has changed?Login to the rmksupplies.com Employee Portal with the following credentials:Username: bjacksonPassword: $uper$ecret1 On IT-Laptop, find the captured username and password in Ettercap. Answer the questions Complete this lab as follows: On IT-Laptop, start unified sniffing on the enp2s0 interface as follows:From the Favorites bar, select Ettercap.Select Sniff > Unified sniffing.From the Network Interface drop-down list, select enp2s0.Click OK.Select Mitm > DHCP spoofing.In the Netmask field, enter 255.255.255.0.In the DNS Server IP field, enter 192.168.0.11.Click OK. On Support, start a capture that filters for bootp packets as follows:From top navigation tabs, select Floor 1 Overview.Under Support Office, select Support.From the Favorites bar, open Wireshark.Under Capture, select enp2s0.Select the blue fin to begin a Wireshark capture.In the Apply a display filter field, type bootp and press Enter. Request a new IP address as follows:From the Favorites bar, open Terminal.At the prompt, type ip addr show and press Enter.The IP address for enp2s0 is 192.168.0.45.Type route and press Enter.The gateway is 192.168.0.5.Type ip link set enp2s0 down and press Enter.Type ip link set enp2s0 up and press Enter to bring the interface back up.Maximize Wireshark for easier viewing.In Wireshark, under the Info column, notice that there are two DHCP ACK packets. One is the real acknowledgment (ACK) packet from the DHCP server, and the other is the spoofed ACK packet.Select the first DHCP ACK packet received.In the middle panel, expand Bootstrap Protocol (ACK).Expand Option: (3) Router.Notice the IP address for the router.Repeat steps 3g-3i for the second ACK packet.In the top right, select Answer Questions.Answer the questions.Minimize Wireshark. View the current IP addresses as follows:In Terminal at the prompt, type ip addr show and press Enter.The IP address is 192.168.0.45.Type route and press Enter.The current gateway is 192.168.0.46. This is the address of the computer performing the man-in-the-middle attack. On Office1, view the current route and IP address as follows:From top navigation tabs, select Floor 1 Overview.Under Office 1, select Office1.Right-click Start and select Windows PowerShell (Admin).Type tracert rmksupplies.com and press Enter.Notice that the first hop is 192.168.0.5.Type ipconfig /all and press Enter to view the IP address configuration for the computer.The configuration for Office1 is as follows:IP address: 192.168.0.33Gateway: 192.168.0.5DHCP server: 192.168.0.14At the prompt, type ipconfig /release and press Enter to release the currently assigned addresses.Type ipconfig /renew and press Enter to request a new IP address from the DHCP server.Notice that the default gateway has changed to the attacker's computer which has an IP address of 192.168.0.46.Type tracert rmksupplies.com and press Enter.Notice that the first hop is now 192.168.0.46 (the address of the attacker's computer). In Google Chrome, log into the rmksupplies.com employee portal as follows:From the taskbar, open Google Chrome.Maximize the window for easier viewing.In the URL field, enter rmksupplies.com and press Enter.At the bottom of the page, select Employee Portal.In the Username field, enter bjackson.In the Password field, enter $uper$ecret1.Select Login. You are logged in as Blake Jackson. From IT-Laptop, find the captured username and password in Ettercap as follows:From top navigation tabs, select Floor 1 Overview.Under IT Administration, select IT-Laptop.Maximize Ettercap.In Ettercap's bottom pane, find the username and password used to log in to the employee portal. In the top right, select Answer Questions to end the lab. Select Score Lab.
