Offensive security consultant overview

Overview
Global Comm has hired you as an . You have been
tasked with writing a penetrating test report against the web application of
Global Comm – DVWA. The expectation is you use active information gathering
techniques and methods to exploit web applications.
Rules of engagement
The only computer that should targeted is Metasploitable
Students must of preformed the before
continuing
Tasks and expectations
Show proficiency Web application security
Write a response to the tasks and questions below
Technical Questions
For this lab report screenshots of every command is not needed, please use your
judgment when documenting this. Screenshots again should be used but limited. I
do not want 5 pages of screenshots; additionally use the cropping tool to tighten the
screenshots that are used.
Design
Web Application Assessment
The CTO of GlobalComm has requested an in-depth assessment of the Web
Applications running on the Linux virtual machine provided. A report should be
written outlining the risk the current system has and recommendations on how to
resolve them. DVWA should be the focus of the report but feel free to include an
assessment of the other web applications running. Within the report you should
explain the following:
Information gathering
Vulnerability identification
Authentication weaknesses
Web Application Exploitation
o 4 Exploits should be demonstrated
!
! 1 attack using SQL Map
! a web shell
! 1 attack of choice
o 1 additional Exploit with DVWA in medium will award you 5 bonus
points
Data exfiltration or disclosure possibilities should be outline and explain the
risk in-depth.
Remediation steps and action items to resolve issues identified should be
elaborated on.