THE UNIVERSITY OF DODOMA

COLLEGE OF INFORMATICS AND VIRTUAL EDUCATION

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
IA 422: ETHICAL HACKING
LAB ASSIGNMENT #1 (10 Marks)
Instructions
✓ It is a group lab assignment
✓ Observe ethical standards and maintain privacy and confidentiality of the target
organizations
✓ Cause no harm to the target organizations
✓ Each group will present by demonstrating their works
✓ Skills, Abilities and Competencies will be highly credited
✓ The more the exploitations and tricks, the higher the scores
✓ Divide and rule is important, hence each student should demonstrate his / her Skills,
Abilities and Competencies
✓ Less marks will be awarded to students who will take the lab for granted
✓ Deadline: 12th Week

Task 1: Reconnaissance, Scanning and Enumerations

Lab Setup: Virtual Lab Environment:
• Set up a virtual lab environment using VirtualBox, VMware, or any other virtualization
platform.
• One representing the attacker's machine (Kali Linux or similar)
• Target can be UDOM, CBE, UDSM, MUHAS, ARDHI, MZUMBE, SUA, St. John, St. Joseph,
CRDB, NMB, NBC, BUNGE (Each group should uniquely select one target for this
question)
• Install necessary tools on the attacker's machine for reconnaissance activities, such as:
o Nmap for network scanning
o theHarvester for email and domain reconnaissance
o Shodan for searching Internet-connected devices
o Maltego for data mining and visualization
o SpiderFoot for open-source intelligence (OSINT) gathering
o Any other tools
Tasks on Reconnaissance, Scanning and Enumerations
1. Passive Reconnaissance:
• Conduct passive reconnaissance using online resources and publicly available information:
• Use theHarvester to gather email addresses, domain names, and subdomains
associated with the target organization (Selected organizations above)

IA 422-Ethical Hacking-lab1 Mr. Wilbard G. Masue 15/05/2025

 • Search for employee profiles, job postings, and organizational details on
professional networking sites (e.g., LinkedIn).
2. Open-Source Intelligence (OSINT) Gathering:
• Use Shodan or similar tools to search for Internet-connected devices associated with the target
organization (e.g., web servers, IoT devices).
• Utilize Maltego or SpiderFoot to aggregate and visualize OSINT data, including domain
relationships, IP addresses, and online footprint.
3. Port Scanning and Service Enumeration:
• Perform port scanning to identify open ports and services on the discovered hosts:
• Use Nmap's TCP SYN scan to detect open TCP ports.
• Perform a comprehensive scan to enable OS detection, version detection, and
script scanning.
• Document the open ports and services identified during the scan
• Follow the CEH scanning methodology and document the result for each step.
4. Vulnerability Identification and Advanced Target Enumeration :
• Explore other enumeration techniques to gather additional information about target systems:
• Use banner grabbing (e.g nc <target_IP> <port_number>) to capture service
banners and versions.
• Enumerate network shares and services using tools like SMBclient, NetBIOS,
or SNMPwalk.
• Extract information from DNS records (e.g., nslookup, dig) to identify
subdomains and mail servers.
• Perform all known types of enumerations and document every step taken.
• Utilize vulnerability scanning tools (e.g., Nessus, OpenVAS) to discover
known vulnerabilities. (Don’t conduct penetration testing on this target, as
it is not ethical)
Reporting: Reconnaissance, Scanning and Enumerations
• Document the reconnaissance process, tools used, and findings in a lab report.
• Include screenshots, command outputs, and any relevant data collected during reconnaissance
activities.
• Provide analysis and insights based on the gathered information, highlighting potential attack
vectors and areas of interest.
• Document the scanning and enumeration process, commands used, and scan results in a lab
report.
• Include screenshots of Nmap output showing discovered hosts, open ports, service details, and
any additional enumeration results.
• Provide analysis and insights based on the scan and enumeration results, highlighting potential
attack vectors and security risks.

Task 2: Gaining Access, Maintain Access and Cover Tracks

Lab Setup: Virtual Lab Environment:
• Set up a virtual lab environment using VirtualBox, VMware, or any other
virtualization platform.
• Create a network topology with at least two virtual machines:
• One representing the attacker's machine (Kali Linux or similar)

IA 422-Ethical Hacking-lab1 Mr. Wilbard G. Masue 15/05/2025

 • One or more representing the target network machines (Windows or Linux)
Vulnerable Services Installation:
• Install intentionally vulnerable services or applications on the target machines for exploitation
purposes (e.g., DVWA, Metasploit able, Matilidae, OWASP juice shop, BWAPP, Web goat,
etc.) (each group should install unique intentionally vulnerable services or vulnerable
application)

Tasks on Gaining Access, Maintain Access and Cover Tracks

1. Vulnerability Identification:
• Conduct reconnaissance and vulnerability assessment to identify exploitable
vulnerabilities on the target system:
• Use Nmap or other scanning tools to identify open ports, services, and potential
vulnerabilities. (Enumeration can be performed under this phase also)
• Utilize vulnerability scanning tools (e.g., Nessus, OpenVAS) to discover known
vulnerabilities.
2. Exploitation Techniques:
• Select and exploit identified vulnerabilities to gain unauthorized access to the target
machine(s):
• Exploit common vulnerabilities (both data input validations, authentications
and authorization, poor cryptographic and improper error handling and
logging vulnerabilities) such as SQL injection, XSS, command injection, or
outdated software vulnerabilities.
• Use Metasploit modules or custom scripts to launch attacks against vulnerable
services.
• Demonstrate successful exploitation by obtaining a shell or remote access to the
target system.
3. Post-Exploitation Activities:
• After gaining initial access, escalate privileges and maintain persistence on the
compromised system:
• Explore the compromised system to gather sensitive information (e.g., passwords,
configuration files).
• Install backdoors or rootkits to maintain access and evade detection.
• Install and configure a backdoor (e.g., reverse shell) to provide remote access to
the target machine.
• Implement persistence mechanisms (e.g., scheduled tasks, registry entries) to
ensure access remains even after system reboots
• Retrieve passwords, configuration files, or other valuable data stored on the target
machine.
• Demonstrate lateral and or vertical movement within the target to simulate real-
world attack scenarios.
4. Stealth and Evasion Techniques / Network Traffic Obfuscation:
• Obfuscate network traffic to evade detection by network monitoring tools:
• Encrypt communication channels using tools like SSH or VPN to protect data in
transit (Encrypt or obfuscate communication channels to evade network
monitoring).

IA 422-Ethical Hacking-lab1 Mr. Wilbard G. Masue 15/05/2025

 • Use steganography techniques to hide sensitive information within benign files or
images.
• Use rootkits or process hiding techniques to conceal malicious activities.
5. Covering Tracks and Anti-Forensic Techniques
• Implement anti-forensic techniques to cover tracks and conceal evidence of unauthorized
activities:
• Delete or modify log files (e.g., event logs, system logs) to remove traces of the
attack.
• Use rootkit-based tools to hide malicious processes and conceal the attacker's
presence.
• Modify timestamps and file attributes to manipulate forensic analysis results.
• Overwrite free disk space to erase remnants of deleted files and data.
6. Clean-Up and Restoration:
• Restore the system to its original state or a clean state after covering tracks and completing
unauthorized activities:
• Remove any remaining backdoors, rootkits, or unauthorized modifications made
to the target system.
• Revert system configurations and settings to avoid suspicion and restore normal
operations.
7. Documentation and Reporting on Gaining Access, Maintain Access and Cover Tracks
• Document the entire process of gaining access, covering tracks and anti-forensic activities
in a lab report.
• Include detailed steps, commands used, and screenshots demonstrating the effectiveness
of each step conducted.
• Provide analysis of the potential impact of covering tracks on forensic investigations and
incident response efforts.

Prepared by
IA 422 Ethical Hacking Instructor
Mr. Masue, Wilbard G.
[email protected]
0764222232

IA 422-Ethical Hacking-lab1 Mr. Wilbard G. Masue 15/05/2025