A simulated penetration test against a CEO's workstation at GoodCorp Inc.
• Perform a service and version scan using Nmap to determine which services are up and running, and determine eploitable services.
• Gain access to the CEO's computer and using a Meterpreter session to search for two files that contain the following strings:
⚬ secretfile
⚬ recipe
• Run a Meterpreter post script that enumerates all logged on users.
• Open a Meterpreter shell and gather system information for the target.
• Discover the target's computer system information
The scope of this engagement is limited to the CEO's workstation only. You are not permitted to scan any other IP addresses or exploit anything other than the CEO's IP address.
The CEO has a busy schedule and cannot have the computer offline for an extended period of time. Therefore, denial of service and brute force attacks are prohibited.
After you gain access to the CEO’s computer, you may read and access any file, but you cannot delete them. Nor are you allowed to make any configurations changes to the computer.
Since you've already been provided access to the network, OSINT won't be necessary.