CIS 3700 Lab 1



|MIS 4850 | |

|Systems Security | |

| | |

|Lab 2 | |

| |Target Attacks |

Student Name: ________________________________ Computer #: _____

Exercise 1: Using Netbus 1.7 for remote control

You need to work in teams of two. One teammate (referred to as Student 1) will download and start the server portion of Netbus (Patch.exe) on his/her computer. The other teammate will install the client version of Netbus (Netbus.exe) to be used for controlling the first machine.

To be done on Student 1’s computer

Downloading and starting Patch.exe

DO NOT RESTART YOUR COMPUTER IF ASKED TO DO SO AT ANYTIME!!!!!!

0) Identify Student 1’s computer: Computer #_____. IP address: 10.1.10.__

1) From your computer, click Start/Run, and then type in the following, then click:

\\mainserver\Netbus

2) Select all five files available in the folder. Copy them (Edit/Copy menu), and close the opened window

3) Double-click My Computer on your computer’s desktop. Locate and open the C: drive. Then, paste the five files to the root of C: drive

4) Open the Command prompt (Start/Run, then type cmd followed by the ENTER key)

5) Type cd\ and hit ENTER to get to the root of the C: drive

6) To start the patch.exe program, type patch /noadd and hit ENTER

7) Your computer is ready to be taken over by someone remotely using Nebus client!

8) To make sure it is, at the Command prompt type in netstat -a and hit ENTER

9) You should see that port 12345 (and possibly 12346 too) is now open (and listening) for communication with any computer that has the client portion of Netbus.

10) Copy the open window by simultaneously pressing ALT+PRINT-SCRN

11) Open Wordpad (Start/All Programs/Accessories/Wordpad), and then paste.

12) Press the right arrow key. Then, hit the ENTER key twice to create two blank lines below the pasted image.

13) Save the file at the root of the C: drive under the name Last1-Last2Lab2.rtf (where Last1 and Last2 are the teammates last names)

To be done on Student 2’s computer

Installing Netbus.exe

0) Identify Student 2’s computer: Computer #: ____. IP address: 10.1.10.__

1) From your computer, click Start/Run and then type in the following:

\\mainserver\Netbus

2) Select all five files available in the folder. Copy them (Edit/Copy menu), and then close the opened window

3) Double-click My Computer on your computer’s desktop. Locate and open the C: drive. Then, paste the five files to the root of the C: drive

4) Run the program called Netbus.exe by double-clicking it

5) You should see the Netbus remote control console with port 12345 or 12346

6) In the Host Name/IP: text box, type in the other computer's IP address (see the IP address that was written down on the previous page), and click the Connect button

7) You should see Connected to at the bottom of the console window

8) You have total control over your teammate’s computer!

9) Note: This may not work for those who have a computer with the new secured CD drive. Try to open the other computer's CD-ROM drive by clicking the Open CD-ROM button

10) Close the CD-ROM drive

11) Click the Msg Manager button and send a message (like "Hi, How are you doing") to the controlled computer.

12) Display the image of the cat (cat.jpg) on your teammate’s computer. Note that cat.jpg is one of the files you and your teammate both downloaded to your computers. Then, explain what do you need to do in order for the cats.jpg file to be shown on the controlled computer? Explain:

__________________________________________________________________________

__________________________________________________________________________

__________________________________________________________________________

__________________________________________________________________________

13) Can the user on the controlled computer remove the picture that is shown on their desktop? YES NO

14) eastwood.wav is one of the files you and your teammate both downloaded to your computers. Because your computer does not have speaker, you cannot play sound. But check Netbus and explain what you need to do in order for the music to play on the controlled computer? Explain:

_______________________________________________________________________

_______________________________________________________________________

_______________________________________________________________________

_______________________________________________________________________

15) Click File Manager, and then the Show Files button. Take the steps necessary to display the files that are on the C: disk of the controlled computer. Name two of the files/folders: __________________________, ___________________________.

14) Open Wordpad (Start/All Programs/Accessories/Wordpad).

15) Copy the open window showing the files on the controlled computer by simultaneously pressing ALT+PRINT-SCRN.

16) Paste the copied window to Wordpad.

17) Press the right arrow key. Then, hit the ENTER key twice to create two blank lines below the pasted image.

16) Save the file at the root of the C: drive under the name Last1-Last2Lab2-2.rtf (where Last1 and Last2 are the teammates last names)

17) Locate the wb32.exe file available in the C:\Program Files\NetMeeting folder of your local C; drive and upload it to the root of the controlled computer’s C: drive.

18) Check to make sure the file is copied to the root of your teammate’s computer.

19) Given the options in the File Manager tool of Netbus, which of the following is true?

a. You can use Netbus to download a file from a controlled computer.

b. You can use Netbus to delete a file located on a controlled computer.

c. You can use Netbus to rename a file located on a controlled computer.

d. All of the above.

20) Start the dialer.exe program located in the C:\Windows folder of your local C: drive so that the program starts on the controlled computer.

21) Have your teammate capture the dialer window (by simultaneously pressing ALT+PRINT-SCRN), and copy the captured window to the Last1-Last2Lab2.rtf (where Last1 and Last2 are the teammates last names) file he/she has created.

22) Can the user on the controlled computer close the started program? YES NO

23) Use the appropriate Netbus tool to remotely “listen” to keystrokes when the user on the controlled computer is typing using the keyboard. After you have started the tool, have your teammate start a new Notepad session (Start/All Programs/Accessories/Notepad). Then ask the teammate to type a sentence like “I am coming in 10 mutes”.

24) When the text shows on your Netbus dialog window, you should capture the screen and paste it to the end bottom of your Last1-Last2Lab2-2.rtf file.

25) Disconnect.

Exercise 2: Using the At command to start system processes

Objective: One weakness of many operating systems including Windows is that they provide means of starting programs on remote computers; which opens the door to attackers. In this activity you will learn how easy it is to use the At command to schedule an executable file to run on a remote computer at a specific time.

1. (If not already done) Log on to your Windows 2003 Server as Administrator

2. Press Ctrl+Alt+Del. Click Task Manager, then select the Processes tab

3. Notice that notepad.exe is NOT among the processes that are currently running

4. Your neighbor have noticed exactly the same thing on his/her server

5. Click Start/All Programs/Accessories, and then click Command Prompt.

6. In the Command prompt, change the directory to the root of the C: drive by typing cd\ and hitting the ENTER key

Note: The net time command could be used to tell the current time on any computer connected to the network. Next, you will use it to determine the time on your neighbor’s computer.

7. At the command line type net time \\srvdcXX (where XX is the number assigned to your neighbor’s computer), then press ENTER. Write down the time: ___________

Next, you will schedule the execution of notepad.exe on your neighbor’s computer

8. At the command line type at \\srvdcXX time /interactive “notepad.exe” (where XX is the number assigned to your neighbor’s computer, and time is the time you wrote down + 3 minutes to allow for a delay), then press ENTER.

Hint: Not using the /interactive switch with the At command will hide the starting of the process from your partner.

9. If your neighbor has used the At command to start the notepad.exe process on your server, notepad will automatically open on your server as scheduled.

10. The notepad.exe process might not appear if your neighbor didn’t use the /interactive switch with the At command as mentioned in the Hint above. But you can still check the Task Manager to see that the notepad.exe process is running on your server.

11. Close all open windows.

Question: what kind of harm can be done using the At command. Explain.

_______________________________________________________________________________

_______________________________________________________________________________

_______________________________________________________________________________

_______________________________________________________________________________

_______________________________________________________________________________

Exercise 3: Manipulating the ARP table

Exhibit

In a P2P network where all computers are connected to a 2-layer switch, ARP tables (available on each computer) are used by stations to send messages to the switch, which forwards the messages to the destination station based on the MAC address. Consider the exhibit shown above. Suppose that the user who regularly uses Workstation 3 has physical access to Workstation 5. How could that user manipulate the ARP table in order to hijack all communications from Workstation 5 to Workstation 6 so that all messages destined to Workstation 6 are automatically forwarded by the switch to Workstation 3 instead? Explain.

________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

Student Name: __________________________________________

Exercise 4: Understanding Target Attacks’ Questions

1. Which of the following is not considered a single-message DoS attack?

a) LAND attack

b) Teardrop

c) Ping of Death

d) None of the above

2. Which of the following DoS attacks takes advantage of IP fragmentation? (Choose all that apply)

a) LAND attack

b) Teardrop

c) Ping of Death

d) None of the above

3. Which of the following do Denial of Service attacks primarily attempt to jeopardize?

a) confidentiality

b) integrity

c) availability

4. Typically, which of the following malware could harm a host computer by consuming processor time and random access memory?

a) a virus

b) a worm

c) a logic bomb

d) None of the above

5. In which of the following may the victim crash after receiving a single attack packet?

a) LAND

b) Smurf

c) Both of the above.

d) Neither a. nor b.

6. In which of the following DoS attacks the attacker makes use of IP spoofing?

a) LAND attack

b) Teardrop

c) Ping of Death

d) None of the above

7. The attacker sends an attack message to a target computer using IP fragmentation. The attack packet is about 80000 bytes in size. What kind of attack does the attacker attempted?

a) Teardrop attacks

b) Ping of Death attack

c) Land attack

d) None of the above

-----------------------

This should be the computer # with no leading zero in case there is one. Example of valid IP address: 10.1.10.1

Don’t need to do this

[pic]

Example: 1:05p or 1:05pm

This should be the computer # with no leading zero in case there is one. Example of valid IP address: 10.1.10.1

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download