CIS 3700 Lab 1 - EIU
|MIS 4850 | |
|Systems Security | |
| | |
|Lab 2 | |
| |Target Attacks |
Student Name: _______________________________________ Computer #: _____
Exercise 1: Using Netbus 1.7 for remote control
You need to work in teams of two. One teammate (referred to as Student 1) will download and start the server portion of Netbus (Patch.exe) on his/her computer. The other teammate will install the client version of Netbus (Netbus.exe) to be used for controlling the other machine.
To be done on Student 1’s computer
Downloading and starting Patch.exe
DO NOT RESTART YOUR COMPUTER IF ASKED TO DO SO AT ANYTIME!!!!!!
0) Identify Student 1’s computer: Computer #_____. IP address: 10.1.10.__
1) From your computer, click Start/Run, and then type in the following, then click OK:
\\mainserver2\Netbus
2) Select all four files available in the folder. Copy them (Edit/Copy menu) to the clipboard, and close (x) the opened window
3) Double-click My Computer on your computer’s desktop. Locate and open the C: drive.
4) Create a folder called Lab2 at the root of the C drive
5) Then, paste the four files to the Lab2 folder you just created
6) Double-click the NetBus.exe.sda.exe file. When a dialog window opens, uncheck the “Hide Typing” checkbox and type password as the passphrase in the textbox. This will reveal the patch.exe and the Netbus.exe files.
7) Open the Command prompt (Start/Run, then type cmd followed by the ENTER key)
8) Type cd\ and hit ENTER to get to the root of the C: drive
9) Type the cd Lab2 command to be in the Lab2 directory where you copied the Netbus files
10) To start the patch.exe program, type patch /noadd and hit ENTER
11) Your computer is ready to be taken over remotely by someone using Netbus client!
12) To make sure it is, at the Command prompt type in netstat -a and hit ENTER
13) You should see that port 12345 (and possibly 12346 too) is now open (and listening) for communication with any computer that has the client portion of Netbus.
14) Copy the open window by simultaneously pressing ALT+PRINT-SCRN
15) Open Wordpad (Start/All Programs/Accessories/Wordpad), and then paste.
16) Press the right arrow key. Then, hit the ENTER key twice to create two blank lines below the pasted image.
17) Save the file at the root of the C: drive under the name Last1-Last2Lab2.rtf (where Last1 and Last2 are the teammates last names)
To be done on Student 2’s computer
Installing Netbus.exe
0) Identify Student 2’s computer: Computer #: ____. IP address: 10.1.10.__
1) From your computer, click Start/Run and then type in the following:
\\mainserver2\Netbus
2) Select all four files available in the folder. Copy them (Edit/Copy menu) to the clipboard, and then close (x) the opened window
3) Double-click My Computer on your computer’s desktop. Locate and open the C: drive.
4) Create a folder called Lab2 at the root of the C drive
5) Then, paste the four files to the Lab2 folder you just created
6) Double-click the NetBus.exe.sda.exe file. When a dialog window opens, uncheck the “Hide Typing” checkbox and type password as the passphrase in the textbox. This will reveal the patch.exe and the Netbus.exe files.
7) Run the program called Netbus.exe by double-clicking it
8) You should see the Netbus remote control console with port 12345 or 12346
9) In the Host Name/IP: text box, type in the other computer's IP address (see the IP address that was written down on the previous page), and click the Connect button
10) You should see Connected to at the bottom of the console window
11) You have total control over your teammate’s computer!
12) Note: This may not work for those who have a computer with the new secured CD drive. Try to open the other computer's CD-ROM drive by clicking the Open CD-ROM button
13) Close the CD-ROM drive
14) Click the Msg Manager button and send a message (like "Hi, How are you doing") to the controlled computer.
15) Display the image of the cat (cat.jpg) on your teammate’s computer. Note that cat.jpg is one of the files you and your teammate both downloaded to your computers. Then, explain what do you need to do in order for the cats.jpg file to be shown on the controlled computer? Explain:
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
16) Can the user on the controlled computer remove the picture that is shown on their desktop? YES NO
17) eastwood.wav is one of the files you and your teammate both downloaded to your computers. Because your computer does not have speaker, you cannot play sound. But check Netbus and explain what you need to do in order for the music to play on the controlled computer? Explain:
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
18) Click File Manager, and then the Show Files button. Take the steps necessary to display the files that are on the C: disk of the controlled computer. Name two of the folders: __________________________, ___________________________.
18) Open Wordpad (Start/All Programs/Accessories/Wordpad).
19) Copy the open window showing the files on the controlled computer by simultaneously pressing ALT+PRINT-SCRN.
20) Paste the copied window to Wordpad.
21) Press the right arrow key. Then, hit the ENTER key twice to create two blank lines below the pasted image.
19) Save the file at the root of the C: drive under the name Last1-Last2Lab2-2.rtf (where Last1 and Last2 are the teammates last names)
20) Locate the wb32.exe file available in the C:\Program Files\NetMeeting folder of your local C; drive and upload it to the root of the controlled computer’s C: drive.
21) Check to make sure the file is copied to the root of your teammate’s computer.
22) Given the options in the File Manager tool of Netbus, which of the following is true?
a. You can use Netbus to download a file from a controlled computer.
b. You can use Netbus to delete a file located on a controlled computer.
c. You can use Netbus to rename a file located on a controlled computer.
d. All of the above.
23) Start the dialer.exe program located in the C:\Windows folder of your local C: drive so that the program launches on the controlled computer.
24) Have your teammate capture the dialer window (by simultaneously pressing ALT+PRINT-SCRN), and copy the captured window to the Last1-Last2Lab2.rtf (where Last1 and Last2 are the teammates last names) file he/she has created.
25) Can the user on the controlled computer close the started program? YES NO
26) Use the appropriate Netbus tool to remotely “listen” to keystrokes when the user on the controlled computer is typing using the keyboard. After you have started the tool, have your teammate start a new Notepad session (Start/All Programs/Accessories/Notepad). Then ask the teammate to type a sentence like “I am coming in 10 mutes”.
27) When the text shows on your Netbus dialog window, you should capture the screen and paste it to the end bottom of your Last1-Last2Lab2-2.rtf file.
28) Disconnect.
Exercise 2: Using the At command to start programs on a remote computer
Objective: One weakness of many operating systems including Windows is that they provide means of starting programs on remote computers; which opens the door to attackers. In this activity you will learn how easy it is to use the At command to schedule an executable file to run on a remote computer at a specific time.
1. (If not already done) Log on to your Windows 2003 Server as Administrator
2. Press Ctrl+Alt+Del. Click Task Manager, then select the Processes tab
3. Notice that notepad.exe is NOT among the processes that are currently running
4. Your neighbor have noticed exactly the same thing on his/her computer
5. Click Start/All Programs/Accessories, and then click Command Prompt.
6. In the Command prompt, change the current directory to the root of the C: drive using the CD command by typing cd\ and hitting the ENTER key
Note: The net time command could be used to tell the current time on any computer connected to the network. Next, you will use it to determine the time on your neighbor’s computer.
7. At the command line type net time \\srvdcXX (where XX is the number assigned to your neighbor’s computer), then press ENTER. Write down the time: ___________
Next, you will schedule the execution of notepad.exe on your neighbor’s computer
8. At the command line type at \\srvdcXX time /interactive “notepad.exe” (where XX is the number assigned to your neighbor’s computer, and time is the time you wrote down + 3 minutes to allow for a delay), then press ENTER.
Hint: Not using the /interactive switch with the At command will hide the starting of the process from your partner.
9. If your neighbor has used the At command to start the notepad.exe process on your server, notepad will automatically open on your server as scheduled.
10. The notepad.exe process might not appear if your neighbor didn’t use the /interactive switch with the At command as mentioned in the Hint above. But you can still check the Task Manager to see that the notepad.exe process is running on your server.
11. Close all open windows.
Question: what kind of harm can be done using the At command. Explain.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Exercise 3: Manipulating the ARP table
Exhibit
In a P2P network where all computers are connected to a 2-layer switch, ARP tables (available on each computer) are used by stations to send messages to the switch, which forwards the messages to the destination station based on the MAC address. Consider the exhibit shown above. Suppose that the user who regularly uses Workstation 3 has physical access to Workstation 5. How could that user manipulate the ARP table in order to hijack all communications from Workstation 5 to Workstation 6 so that all messages destined to Workstation 6 are automatically forwarded by the switch to Workstation 3 instead? Explain.
________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
Exercise 4: Ping-based attacks
1) Open Wordpad (NOT Notepad) and create a file called FirstLastPing.rtf (where First and Last are your first and last names). Save the file in a folder to be called Lab2. Type in the following as the first lines in the file:
MIS 4850 Systems Security
Lab 2
First Last (where First and Last are your first and last names)
2) Open Windows’ Command Prompt
3) At the prompt, type ping /? to display the options you can use with Ping
4) Make sure that your neighbor (or Lab partner) has a computer he/she is using. Write down the neighbor’s (or Lab partner’s) computer IP address: 10.1.10.___
5) What command should you use to ping the computer that has the 10.1.10.30 IP address by pretending that the ping message originates from your neighbor’s computer? Assume that your neighbor IP address is an IPv6 address.
Answer (write the full command): ___________________________________________________
6) Which of the following probe attack technique is used in the command you mentioned when answering previous question?
a. Flooding
b. SYN attack
c. Fingerprinting
d. spoofing
7) In another exercise, you will use the NMAP tool to perform the same probe attack with an IPv4 IP address.
8) Issue a basic Ping to ping the computer with the 10.1.10.30.
9) What is the size in bytes of the ping message being sent to 10.1.10.30?
10) Answer: ____________ bytes
11) If needed use ping /? to display the options you can use with the Ping command. What command should you use to ping the computer that has the 10.1.10.30 IP address with a packet (or buffer) size that is 50000 bytes?
Answer (write the full command): _______________________________________
12) From the Command Prompt, type the command you mentioned when answering the question above to see its outcome. Then, capture the Command Prompt window (Ctrl-Alt-PrintScreen) with the command and its outcome displayed. Make sure you have captured the command and all its outcome. Switch to your FirstLastPing.rtf file. Create a blank line at the bottom of the file. Then, paste the screen capture right below.
13) If needed use ping /? to display the options you can use with the ping command. What command should you use to ping the computer that has the 10.1.10.30 IP address so that the IP address is revolved to the computer host name, allowing you to see the host name displayed in the command result?
Answer (write the full command): __________________________________
14) From the Command Prompt, type the command you mentioned when answering the question above to see its outcome. Then, capture the Command Prompt window (Ctrl-Alt-PrintScreen) with the command and its outcome displayed. Make sure you have captured the command and all its outcome. Switch to your FirstLastPing.rtf file. Create a blank line at the bottom of the file. Then, paste the screen capture right below.
Write down the host name of the computer with the 10.1.10.30 IP address as it appears in the result you got: _________________________________________________
15) If needed use ping /? to display the options you can use with the ping command. What command should you use to ping the computer that has the 10.1.10.30 IP address until you decide to stop the pinging yourself. Test your answer and, then, write down the command:
Answer: ________________________________________________
Using the NMAP network scanning program
Copying NMAP (Network Mapping)
1) Click Start/Run and type in \\mainserver2
2) Select the NMAP folder and copy it (Ctrl-C) to the clipboard
3) Close the open window
4) Open My Computer on your computer (Click Start/My Computer)
5) Paste (Ctrl-V) the NMAP folder
Install the Ping Tester program
Note: If asked to replace any existing file during the installation, click YES and, if prompted, uninstall the old version.
1) Open the NMAP folder that you just copied
2) Double-click the nmap-6.47-setup.exe file to start the installation
3) Follow the instructions to install the program with all default options
4) If/When asked, install the other program (i.e. WinPcap) that comes with NMAP
5) When the installation is complete, close (x) the My Computer window
Starting and using NMAP
1) From the Start menu, click All Programs/Nmap/ Nmap – Zenmap GUI to start the program
If the program is not in the Start menu, opem the C:\Program Files\nmap folder to locate and double-click the zenmap.exe file.
2) From the main window, perform a Quick scan (NOT an Intense Scan) of the target with IP address 10.1.10.2
3) Write down the ports that are open on the target computer along with the corresponding services:
|Port |Service |
| | |
| | |
| | |
| | |
4) From the main window perform an Intense Scan of the target with IP address 10.1.10.2
5) Was the scan able to detect the Operating System installed on the target computer? Check the Host Details tab to report your answers.
Name of the OS: __________________________________. How accurate is the scan result? ____%
Number of ports scanned: ____________________ Number of ports open: __________
6) From the main window, perform an Intense Scan of the computer with the 10.1.10.1 IP address. Answer the following questions based on the result:
01. Which of the following services are installed and running on the target computer? Use a check mark (√) to answer
| |Oracle Database service |
| |File Transfer Protocol service |
| |Web service |
| |DB2 service |
| |SMTP email service |
| |NetBIOS |
02. If the target computer hosts Internet-related services, which of the following Web service software is used to provide the services
a) Apache 2.4
b) IIS 5.0
c) Apache 2.0
d) Nginx
e) IIS 6.0
03. What is the target computer’s MAC address?
Answer: __________________________________________
04. If the computer is part of a domain, what is its domain name?
Answer: ___________________________________________________
05. How much time did the scan last? _______________
7) From the Profile menu, select New Profile or Command to open the Profile Editor in order to hide your identity (i.e. your IP address) to the target computer you are trying to scan. Explain how you can do that.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
8) With the Profile Editor still open, determine what existing script can be used in NMAP in order to perform a brute force password auditing against an http basic authentication system.
Name of the script: _________________________________
Write down the command the command that can be entered in Nmap – Zenmap to attempt such an attack against an HTTP server that has the 10.1.10.1 IP address:
__________________________________________________________________
Student Name: __________________________________________
Exercise 5: Understanding Target Attacks’ Questions
1) Assume that a password is 4 decimal number long. What is the maximum number of passwords that an attacker would have to try in order to crack the password? And how much time (in minutes) will it take to crack the password if it requires 1.2 second to try each password?
Maximum number of passwords to try: _________
Maximum time to crack in minutes: ____________ min.
2) In preparing his attack, the attacker sent normal HTTP requests to a web server. Then, he spent some time analyzing the protocol-related information in the response received from the web server in order to determine what software are installed on the web server. Which of the following did the attacker do?
a. Active learning
b. Network scanning
c. Passive fingerprinting
d. None of the above
3) In which of the following DoS attacks the attacker makes use of IP spoofing? (Choose all that apply)
a. LAND attack
b. Teardrop
c. Ping of Death
d. Smurf attack
e. None of the above
4) Which of the following malware is able to rewrite itself completely each time it infects new executable files?
a. Worm
b. Logic bomb
c. Polymorphic virus
d. Stealth
e. None of the above
5) Which of the following is not considered a single-message DoS attack?
a) LAND attack
b) Teardrop
c) Ping of Death
d) None of the above
6) Which of the following DoS attacks takes advantage of IP fragmentation? (Choose all that apply)
a) LAND attack
b) Teardrop
c) Ping of Death
d) None of the above
7) Which of the following do Denial of Service attacks primarily attempt to jeopardize?
a) confidentiality
b) integrity
c) Availability
d) None of the above
8) Typically, which of the following malware could harm a host computer by consuming processor time and random access memory?
a) a virus
b) a worm
c) a logic bomb
d) None of the above
9) In which of the following may the victim crash after receiving a single attack packet?
a) LAND
b) Smurf
c) All of the above.
d) Neither a. nor b.
10) In which of the following DoS attacks the attacker makes use of IP spoofing?
a) LAND attack
b) Teardrop
c) Ping of Death
d) None of the above
11) The attacker sends an attack message to a target computer using IP fragmentation. The attack packet is about 80000 bytes in size. What kind of attack does the attacker attempted?
a) Teardrop attacks
b) Ping of Death attack
c) Land attack
d) None of the above
-----------------------
This should be the computer # with no leading zero in case there is one. Example of valid IP address: 10.1.10.1
This should be the computer # with no leading zero in case there is one. Example of valid IP address: 10.1.10.1
Example: or 2:45pm or 1:05pm
[pic]
Don’t need to do this
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.