A fictional corporation named NewAlts Research Labs has decided to add a web presence. Due to the nature of their business model, information confidentiality is critical and any leakage of sensitive research data has a direct negative impact on their bottom line. Their administrator has set up a mock environment that is similar to what they would like to eventually move to production. The business owner has asked the administrator to hire an outside consultant to review the environment and inform of any vulnerabilities that may exist.

The administrator then contracts you to perform a penetration test on the mockup environment because he has ascertained that he is using security best practices and performed the initial vulnerability scans a few months ago and found no issues. He reiterates that he is using well-known products that provide great support and prides himself on the fact that his shop is 100 percent open source.

When asking about the network you find that there is only...