Your objective of this task is to exploit three target machines and provide proof of enumeration/vulnerability assessment, scanning, exploit development, exploitation and a brief discussion on vulnerability fixes or detailed security recommendations with appropriate references where required. You will be provided with three Virtual Machines each ranked by their difficulty with instructions on how to access these VMs on ESXi. You will be given Kali Linux Virtual Machine to attack the targets. 1. Proof Filenames: proof.txt /root.txt – This file is only accessible to the root or Administrator user and can be found under the /root directory (Linux) or the Administrator “Desktop” or “My Documents and Settings” (Windows). This file is available on every target machine. a. Proofs: Windows On all Windows targets, you must have a shell of one of the following to receive full or partial marks: Full marks will be given if you obtain: SYSTEM user/Administrator user or User with Administrator privileges. Partial marks will be awarded for obtaining a low privilege user (see marks breakdown section). 3 You must provide the contents of the proof files IN A SHELL (web, bind, reverse, or RDP) with the “type” or “cat” command from their original location. Obtaining the contents of the proof files in any other way will result in loss of marks. b. Proofs: Linux On all Linux targets, you must have a root shell to receive full marks. Partial marks will be awarded for obtaining a low privilege user. You must provide the contents of the proof files IN A SHELL (web, bind, reverse, or ssh) with the “cat” command from their original location. Obtaining the contents of the proof files in any other way will result in loss of marks. 2. Technical Report Requirements You are required to write a professional report describing your exploitation process for each target. You must document all your attacks including all steps and commands issued. For each target machine you exploit, you must provide the target’s operating system name and IP address and detailed documentation to accompany the ethical hacking process. Your documentation should be thorough enough that your attacks can be replicated step-by-step by a technically competent reader.