Business case: Think like an Ethical Hacker

Company Name: Bule Stone Hats and Shoes which has stores in different states

Headquarters and data center: Fairfax, VA

Retail Sales: $$10$ million annually

Customers: $150,000$ annually

Online Transactions: $65\%$

In the company headquarters, there are $3$ Local Area Networks $($LANs$).$

In each LAN there are $30$ desktop computers.

No WFI.

All office computers have access to the data center with the company network

Bule Stone Data Center Has

$-$Database for customer accounts

$-$Print server.

And in the DMZ there are two servers

$-$Web server

$-$Email server

Question $1$: Draw a network block diagram and present the following

Three LANs are connected to each other via the intranet. Do not show the individual computers

On$-$premises data center with customer database, and Print server.

The web server and the Email server are located in the DMZ$.$

Connection of all LANs to the data center, web server, and email server and to the internet via ISP

Show the target $($customer database$)$ location and the required network devices $($switch$,$ router$)$ to make sure all connections are done.

Question $2$: What are the Phases of Penetration Testing steps you would follow to access the customer database for this company?

Question $3$: How can you gather Information for the target system $($customer database$)?$ Write each step and technique

Question $4$: What is your goal of hacking the target system $($customer database$)?$ What do you want to achieve? Explain your answer.

Question $5$: In Information$-$Gathering by Google Dork Google Hacking tool.

A Google Dork is a specialized search query that can find information in the deep, forgotten places of the internet. Use the following Google Dork search sequences and find two different sites for each case. The screenshot for each section should be in your report.

$5$a$)$ Google Search Statement to access the vulnerability report

filetype:pdf "Assessment Report" nessus

A Screenshot from your search findings.

$4$b$)$ Google Search Statement to reach recorded chat logs

intext:"Index of$"/"$chat$/$logs$"$

A Screenshot from your search findings.

$4$c$)$ Google Search Statement:

intitle:"login to webmin"

A Screenshot from your search findings.

$4$d$)$ Google Search Statement:

intitle:"GoAnywhere Web Client $-$ Login"

A Screenshot from your search findings.