Ethical Hacking Lab Project

-

Hacking Lab- Financial Security Exploitation:

June 19, 2025     

Overview

 The goal of the project is to identify and exploit typical security flaws inside a business network. This project simulates a monitored data breach setting on an unreal financial company, Binary Assets. This project is designed to provide practical experience in ethical hacking focusing on educational and cybersecurity practices which includes ethical hacking, evaluating vulnerabilities and network security. 

 Team Members 

 1. Tanguy Krzepisz 

 2. Aakriti Neupane

 Lab Setup 

 In this project, we created cyber atmosphere on VirtualBox to simulate an actual computer network. We are taking Kali Linux to perform major attack and follow systematic plan to get control to various network using identified vulnerabilities.

 Stages of Attack

 1. First Access – Using VSFTPD vulnerability 

  • Target: Honeypot Linux server – 192.168.60.250 
  •  Network: 192.168.60.0/24 
  •  Technique: Using Nmap scan to identify VSFTPD vulnerability and exploiting is attempted.

 2. Accessing Internal network- SSH Exploitation of IT computer 

  •  Target: IT Computer – 192.168.60.10 
  •  Network: 192.168.60.0/24 
  •  Technique: Using a SSH brute-force attack to get control.

 3. Getting in Zabbix Server - The primary network 

  •  Target: Zabbix server – 172.16.1.250 
  •  Network: 172.16.10.0/24 
  •  Technique: Using SSH vulnerability to take over the network which has access to all the internal assets. 

 4. Final Stage- Potential connection to the private network. 

 system: Database on 10.0.0.0/8 network, internal servers and information. Objective: Illustrating that an hackers can easily get control on whole internal networks especially sensitive company data and systems after gaining login to the Zabbix server in the third stage. 

 The diagram below demonstrates a clear overview of the hacking lab. It displays a virtual environment designed to perform lab where Kali Linux is Hacker's computer. It shows all the phases of lab in form of diagram with Vulnerable Linux server Honeypot, IT computer focuses of SSH attacks, Zabbix server which has control of internal systems.

 Fig (1): Ethical Hacking Lab Setup Note: 

NOTE: This content is for educational purposes only and is meant to help learn about cybersecurity practices. 

PowerPoint with Stepwise exploitation shown: 

ESP Presentation.pptx

Stepwise Video Presentation: 


Project pamphlet: 



 Moral Aspects of Project:

  This project is entirely meant for educational purposes and security instruction. It is never to be applied maliciously. The methods and results will only be utilized in understanding actual security risks and how businesses can strengthen their protections from assaults.

 Anticipated Results 

 After finishing lab, we expect to:

 1. Recognize the weaknesses in business computer infrastructures. 

 2. Get training in identifying weaknesses and protecting from cyber-attacks. 

 3. Develop your skills in vulnerability detection and penetration testing with Linux operating systems.

 4. Discover best practices to protect your system from online attacks. 

 

Conclusion

 This project presents a secure setting for getting hands on experience on practicing cybersecurity and hacking techniques. The outcomes of the project will assist in improving our understanding of the necessity of vulnerability protection, security measures and practices in financial organizations such as Binary Assets.                                                                                         


Comments

Post a Comment

Popular posts from this blog

Vulnerability Analysis using NESSUS and OPENVAS

-
Image
  🔍 Vulnerability Analysis using NESSUS and OPENVAS In this project, I dive into Vulnerability Analysis using two powerful tools: NESSUS and OPENVAS . These tools are widely used in cybersecurity for identifying security flaws in systems and networks. Whether you're new to vulnerability scanning or looking to improve your analysis skills, this guide will walk you through how to use these tools effectively. A Practical Guide from My Cybersecurity Training Want to learn how to perform vulnerability assessments like a pro? Check out my PowerPoint presentation that covers: ✅ What NESSUS & OPENVAS are ✅ How to conduct vulnerability scans ✅ How to analyze the results for potential risks 💡 Whether you're starting out in vulnerability analysis or looking to enhance your skills, this guide is beginner-friendly and hands-on! Click here to view full presentation:  Cybersecurity_Project2.pdf   Helpful Sources: You Tube Channel: GetCyber and Jon Good Sources:  Nes...
Read more

Exploring GNS3: A Comprehensive Overview

-
Image
  Introduction GNS3 (Graphical Network Simulator) is a software tool that simulates complex networks. It allows the combination of virtual and real devices. It is used by many large companies like Walmart, AT and T and NASA. You can also use GNS3 on any computer to experiment with various router configurations. It is helpful for network and Network Security certificates such as CCNA, CCNP, CCIE and so on. This allowed users to build, design and test networks without needing physical hardware. History It was first released in 2008, developed by Jeremy Grossman. His motivation on developing this was to provide graphical user interface for Dynamips, a cisco IOS emulator. Additionally, it was created to make network simulation more accessible and practical for learning and professional development. People who liked the program have supported making it even better and updating it with more features. Features and Benefits This allows users to create virtual labs and practice CCNA/C...
Read more

Wireshark Report

-
Image
 Introduction    An effective software program for examining network traffic is called Wireshark. It is a crucial tool for network troubleshooting, security research, and understanding how networks work since it enables users to record and examine data as it moves over a network. Students, IT workers, and cybersecurity specialists utilize it extensively for understanding data flow between devices.    History  Gerald Combs first created Wireshark in 1998 under the alias "Ethereal." Due to trademark concerns, it eventually changed its name to Wireshark in 2006. It has developed into a well-regarded network monitoring tool over time, and its features are constantly being enhanced by a vibrant community.   Features and Benefits  Users can record and thoroughly examine real-time network data with Wireshark. It is adaptable for various kinds of network analysis because it supports a wide range of network protocols, including HTTP, TCP, UDP...
Read more