Target Scoping and Network Exploitation
Part 1: The Five Elements of Target Scoping
Network Vulnerability Assessment – Metasploit
Network vulnerability assessment refers to finding, analyzing, and reviewing network components to check for network flaws that hackers could exploit and compromise the network system’s integrity and confidentiality (Khera, Kumar, & Garg, 2019). This is enhanced through periodic assessments aided by tools like Wireshark, Nmap, and Metasploit. We will deeply concentrate on the Metasploit tool. This tool can conduct the development of exploits, information gathering, and vulnerability scanning.
Information Gathering
This reconnaissance involves obtaining information about a network regarding connected devices, ports, and the IP and Mac addresses of the devices connected (Rani & Nagpal, 2019). It can be active or passive information gathering. The following are the main elements of target scoping and the various types of tools used to gather different information:
Elements of Target Scoping
Port Scanning
This refers to obtaining information about the network ports by performing a scan to determine the open and listening ports. Ports are the points where information exists or enters a device; thus, they are key to hackers as they can be compromised to get access to data. There are different types of ports, from the standards to the services they offer. Some common ports include port 20 for file transfer protocol and port 80 for HTTP (Raj & Walia, 2020).
To perform a network scan, a packet is set to a specified port to determine whether it gains entry. Metasploit uses different scanners and modules to enhance information gathering.
First, type the command port scan to choose the scanning you want. They include SYN and TCP scanning (Raj & Walia, 2020). Their difference is in their speed and ease of being found, whereas the SYN scanner is recommended.
You can scan on a specific port or a range of ports in the configuration plane. The RHOSTS are set together with the number of threads the scan would undergo. After the scan, all the services running on the specified ports are revealed, the open ports identified, and the software version and operating systems are revealed.
Hunting for MSSQL
Metasploit can be used to gather information about MSSQL systems that are vulnerable to attacks. This is done by finding where MSSQL is installed in a network. This can be done by conducting a footprint at the UDP and TCP ports and providing information about the type of server used and the operating system it is running on ((Tabassum et al., 2021). It should be noted that the TCP ports are configured either to be dynamic or static. MSSQL plugins are installed mainly in the dynamic TCP ports. MSSQL authenticates using the Windows and SQL methods and runs on only two ports (Tabassum et al., 2021).
To enable this, a set of tools and commands are used. First, the MSSQL plugin is searched on the MSF console. Next, ping the identified plugins to some scanning modules. Metasploit has tools that specify the in-range and threads and set the RHOSTS. After performing the scan, the tools provide information on the type and name of the device used and the port to which it is connected. From this information, one can crack the server’s password, control the user groups, and create a new account for entry to the system (Raj & Walia, 2020).
Service Identification
Metasploit used auxiliary scanners and modules to perform information gathering. A scanner can be essentially deployed to find out which services are running on the various ports in the network and access to find out which are legitimate services and which are not (Raj & Walia, 2020). The information can be analyzed to identify and detect if a network system is compromised.
Various ports offer different services, which include telnet, secure shell (SSH), file transfer protocol (FTP), simple mail transfer protocol (SMTP), and many more (Oluwatobi, 2020). The corresponding auxiliary scanner is configured by setting the RHOSTS to gather information about a certain service. Then, by running the commands, information about the service is revealed, including the server version and the number of hosts scanned, and shows the hosts connected to the network (Oluwatobi, 2020).
This information is useful as a hacker may gain entry to a server or a network by running a similar service in the identified open port to access the system or the information itself. After the service is identified, the read-only rights are available for them to access the services the ports give. When the version of the services and the ports are not updated, they are vulnerable to the whole network system.
Information gathering should be conducted in stealth mode to obtain the maximum information possible. It must be well planned for and carried out in the form of the attacker’s mind (Rani & Nagpal, 2019).
Part 2: Network Exploitation Using the Exploit Database
Penetration testing or ethical hacking is a procedural process that involves dependency on the processes. After information gathering, the next step is gaining and maintaining access to the system, which can be either a network or a computer. Exploits are used to enable that; they are a piece of code that enables one to create and maintain access to a target machine (Rawat, Bhatia, & Chopra, 2020). Metasploit has a platform that contains exploits that can be controlled and managed through configurations.
Exploits Subcategories
Webapps Exploits
Web applications contain vulnerabilities that mainly arise from various processes, which are either good or bad. They include not validating inputs, lack of good configurations to the web servers, and vulnerabilities from the hardware and software that arise during development (Lau, 2021). Web application exploits compromise the accessibility process of the client to the server and vice versa.
In the exploit database, there are 26,206 web app exploit entries. They are pieces of code used to exploit the vulnerabilities found in websites, such as the server and the web pages. The web application exploits found on the exploits database mainly follow the categories of bypassing the authentication mechanism, bypassing the access control procedures, modifying and inserting scripts with bogus intentions, and manipulating the database querying process (Lau, 2021). Web application exploits can be inserted on the server side or the client side, depending on where the vulnerability to be exploited resides.
Specific Exploits.
Accounting Journal Management System 1.0 – ‘id’ SQLi (Authenticated).
This is a web app exploit that targets the accounting journal management system. It mainly affects the section on balancing the trial balance. The exploit has been developed and tested on the Windows 10 and Kali Linux operating systems environment. The exploit utilizes the mechanism of taking advantage of the client side, where the request is manipulated through a payload to gain entry to the system.
Exam Reviewer Management System 1.0 – ‘id’ SQL Injection.
The exploit is to exploit the vulnerabilities of the exam reviewer management system. The exploit is from a PHP environment developed and tested on Windows 10 and Kali Linux. The exploits work to alter the inputs of the querying process of the database where the ID part is compromised to gain access. The SQL injection code is embedded in a payload that uses Boolean to enable an SQL injection attack in the id field of the system.
Remote Exploits
An attacker uses this type of exploit when they do not have access to a network in a remote location. The exploits are utilized to enable a hacker to access a network or machine that is in a remote location (Biswas et al., 2018).
The exploit database has 7,168 entries for remote exploits, which attackers use to access a system and execute actions remotely connected to the machine. This aids in not being easily detected.
Specific Exploits.
AWebServer GhostBuilding 18 – Denial of Service (DoS).
This remote exploit is developed and implemented in the Android environment where the attacker remotely causes the webserver to be unavailable. The exploits work in the principle that by using threads, you can create more web server requests, which the server can’t handle, making it unavailable to its users. It exploits the vulnerability of Android applications to cause a denial of service attack.
Wing FTP Server 4.3.8 – Remote Code Execution (RCE) (Authenticated).
The exploit is developed, run, and tested on the Windows operating system environment. The exploits have a code that executes to help gain access from a remote network connection. The exploit starts by setting the RHOSTS on which they intend to connect and the port they are targeting to use. The login credentials are set, which are the username and the password. The exploit has the listener functionality while establishing connection and authentication and gives feedback of cookies where the login credentials can be found. Hence, one can gain the login credentials for remote access. The exploit is sent through the use of a payload that is encoded in the headers and URLs.
Local Exploits
This type of network is exploited when a user or hacker has already gained access to a network but wants more privileges or access to the system. For example, a local exploit may change a user from a normal user to the root of the network system (Yunanri, Yuwono, & Yuliadi, 2021).
The exploit database has 4,630 entries of the local exploits, which are utilized to gain more access when you have already entered into a system. The local exploit deals with exploits that take advantage of the vulnerabilities that deal with privileges and rights of accessing systems, applications, and resources like data.
Specific Exploits.
PolicyKit-1 0.105-31 – Privilege Escalation.
This local exploit exploits the vulnerabilities of systems by checking on the system’s flaws and using them to gain more privileges and rights than what they are allocated. The attacker first has access to systems and has been given certain privileges and rights, then uses the exploit to gain more rights and privileges than what is allocated for personal benefits. The exploit works in the Linux operating system environment.
Microsoft Windows Defender – Detections Bypass.
This local exploit affects the Windows Defender application, mainly used to handle the security of Windows application systems and operating systems. The local exploit exploits vulnerabilities found at the endpoint devices and the cloud. The Windows Defender detects and flags attacks when they try to execute their malicious codes. This exploit bypasses this method by encoding the payloads, concatenating, and passing extra transversal in payloads and their URLs. This local exploit operates on the Windows operating system environment.
An exploit database is a useful tool for security analysts and ethical hackers because it is a repository for current network and system vulnerabilities and gives a deeper understanding of how our systems can be compromised. By being aware of how hackers can exploit various vulnerabilities using exploits, one can come up with security measures to detect, prevent, and mitigate attacks.
References
Biswas, S., Sohel, M., Sajal, M. M., Afrin, T., Bhuiyan, T., & Hassan, M. M. (2018, October). A study on remote code execution vulnerability in web applications. In Int. Conf. Cyber Security. Comput. Sci., no. October (pp. 1-8).
Khera, Y., Kumar, D., & Garg, N. (2019, February). Analysis and Impact of Vulnerability Assessment and Penetration Testing. In 2019 International Conference on Machine Learning, Big Data, Cloud and Parallel Computing (COMITCon) (pp. 525-530). IEEE.
Lau, T. P. (2021, November). Software Reuse Exploits in Node. Js Web Apps. In 2021, the 5th International Conference on System Reliability and Safety (ICSRS) (pp. 190-197). IEEE.
Oluwatobi, E. H. (2020). They are exploiting vulnerabilities using Metasploit Vulnerable Service Emulator.
Raj, S., & Walia, N. K. (2020, July). A study on metasploit framework: A pen-testing tool. In 2020 International Conference on Computational Performance Evaluation (ComPE) (pp. 296-302). IEEE.
Rani, S., & Nagpal, R. (2019). Penetration testing using Metasploit framework: An ethical approach. Int. Res. J. Eng. Technol, 6(8), 538-542.
Rawat, S., Bhatia, T., & Chopra, E. (2020). Web Application Vulnerability Exploitation using Penetration Testing scripts.
Tabassum, M., Muscat, O., Sharma, T., & Mohanan, S. (2021). Ethical Hacking and Penetrate Testing using Kali and Metasploit Framework.
Yunanri, W., Yuwono, D. T., & Yuliadi, Y. (2021). DETEKSI SERANGAN VULNERABILITY PADA OPEN JURNAL SYSTEM MENGGUNAKAN METODE BLACK-BOX. Jurnal Informatika dan Rekayasa Elektronik, 4(1), 68-77.
ORDER A PLAGIARISM-FREE PAPER HERE
We’ll write everything from scratch
Question 
Part 1: The Five Elements of Target Scoping
Instructions
Research target scoping using scholarly or reputable sources found in the course materials, the Library, or the Internet. Using the most recent edition APA formatting and citation style, write a research paper that includes at least three references and addresses the following:
Target Scoping and Network Exploitation
Criteria Section 1: Content
Network vulnerability assessment is essential to ensuring systems are secured to an acceptable level. You are going to continue your education on Metasploit. Go to www.offensive-security.com, navigate to the Projects tab, and select Metasploit. Utilize this site and other credible sources to dive deeper into Metasploit. On the left-hand side of the screen in Metasploit, select Information Gathering. You will choose three subcategories (Port Scanning, Service Identification, etc.). Write at least 200 words for each of your chosen subcategories. Discuss the different tools in each subcategory and what information can be found using the tools.
Expectations:
1. At least three paragraphs in length
2. Student discusses the different tools in five subcategories and what information can be found using the tools in Part 1
3. Includes at least five references in appropriate APA style.
Part 2: Network Exploitation Using the Exploit Database
Instructions
Access the exploit database by going to www.offensive-security.com. Scroll to the Projects tab and go down to “Exploit Database.” Scroll down and select “Search the EDB” on the right-hand side of the screen. You will see five exploit categories and a section for archived security papers.
Select three exploit categories to write about. Click on the exploit category. Capture the total entries for the exploit category. Capture the information that is contained after clicking on each exploit. Finally, write a minimum 200-word summary for each exploit and include how this database benefits security engineers and hackers. Provide a reference in APA style for each exploit.
Expectations:
1) Student provides a summary of four exploits and explains how the database is beneficial to a security engineer and hackers alike.
2) Student provides four APA style references for Part 2
Complete the 
Complete the order payment after filling in the order form. We’ll receive your order and assign it to a writer.
The assigned writer will complete your paper and forward it to our Editing Team for review and approval.
Once approved by the editor, the completed paper will be uploaded to your account for you to download, review and approve.