Inspiration
Spread awareness about how easy it is to hack vulnerable systems and encourage people to take their security more seriously, especially by using longer and more secure passwords.
What it does
Gains control of the main shell of the vulnerable target machine.
How we built it
Using VMware and Linux command-line knowledge.
Challenges we ran into
At the beginning, the project was vague. It was abstract and unclear where to start, which commands or tools to use, or which vulnerabilities to target. Over time, we realized we could do a lot with just a few tools. We didn’t need as many tools as we initially thought. We have faced many issues with setting up both machines to communicate with each other using VMware Player Workstation, as this hypervisor software does not provide many options to customize our virtual machines, we had to tweak the machine’s files and modify them using a text editor. After finally setting up the two virtual machines, we had unfortunately encountered many other problems with exploiting the target machine with Meterpreter that’s inside of Metasploit because we could not set them up accordingly even after the help of Youtube videos and ChatGPT, for some reason the exploit was successful but we could not establish a session to control the other machine as wanted so we had to try other exploits with different payloads until we found a good one that worked.
Accomplishments that we're proud of
-We have successfully installed the two virtual machines (Kali Linux, and Windows XP) with complete isolation while keeping the connection between them and the internet when necessary.
-We hacked an old vulnerable machine successfully while testing other vulnerabilities as well
-We enhanced our problem-solving skills.
What we learned
We have learned a handful of tricks and tools, understood their purpose and how to use them, and encountered many problems, learning how to solve them.
What's next for Automated Security Pentesting Simulation(ASPS)
For our future plans, we are thinking of continuing the researches and expand our knowledge. While it is difficult to know where to start, the first step from here onwards is to understand how to isolate the machines 100% knowing there will be no consequences locally or any threat on the our home network. Next we learn how to exploit other vulnerabilities of the machine and how to set them up correctly and prepare for their success. Moreover, after understanding how to use ‘Metasploit’ and ‘Nmap’ correctly on our own, we will expand to other tools like ‘Hydra’ and ‘Nessus’ and learn them as intended. Lastly, and after “playing” with Windows XP and know how to use the the other tools, we will go gradually with the operating systems from the less secure to the most secure ones that have firewalls and other protections.
Log in or sign up for Devpost to join the conversation.