Franske CNT-2820 Labs-Homework: Difference between revisions

From ITCwiki
Jump to navigation Jump to search
Line 63: Line 63:


=Chapter 4=
=Chapter 4=
==Using an Internet Port Scanner==
Complete project 4-1 in the book. Do this at school as well as at home and compare the results. If you have Windows Vista or Windows XP explore the built in firewalls in those instead of the one for Windows 7 which is described in the activity.
==Using a Vulnerability Scanner==
Complete project 4-2 in the book. Make sure to download and run the scanner inside your Virtual Machine and run it ONLY when attached to the special CNT 2820 network (192.168.x.x address) and NOT when on the campus network. You will have to move the connection for your computer to the CNT network switch.
==Use the Nmap Port Scanner==
One of the most popular port-scanning utilities is nmap. It is available as a command line program for Linux, but a GUI and Windows version are also available.
* Read the instructions for installing it at [http://nmap.org/book/inst-windows.html the Nmap site]. * Download the latest stable version from the Windows binaries section on the [http://nmap.org/download.html download page] and install it in your VM.
* Make sure you are attached to the special CNT 2820 network (192.168.x.x address) and NOT the campus network.
* Trade IP addresses with a partner and try scanning each others systems. The Zenmap GUI is fairly easy to use and understand but check [http://nmap.org/book/zenmap.html the manual] if you need help.
* Turn off your firewall in the VM and try scanning each others systems again.


=Chapter 5=
=Chapter 5=

Revision as of 16:02, 20 September 2011

For most chapters in the course you will need to complete some assignments which may include homework and/or labs. The specific type of assignment(s) varies depending on the chapter. This page will list the labs and/or other assignments you need to complete, organized by chapter. If you have any questions about these assignments please contact the instructor for clarification or assistance. All assignments are due as indicated on the course schedule.

Chapter 1

There is no homework or lab assignment for chapter 1.

Chapter 2

Prepare a Windows XP VM

Your first task is to prepare a Windows XP virtual machine which we will use throughout the course as a lab system. In the lab we will use the Oracle VirtualBox software and a pre-built Windows XP system which we will make a copy of specifically for this class.

  1. Open the D: drive of your computer by clicking the Start Menu and typing "d:" in the search box, then pressing Enter.
  2. Create a new folder on this drive titled "fa11-yourlogin" where you have replaced yourlogin with the username you use to log in to the system
  3. Start the VirtualBox software Start -> All Programs -> Oracle VM VirtualBox -> Oracle VM VirtualBox
  4. IMPORTANT!!! Change the default storage location for your VMs to your new "fa11-yourlogin" folder by clicking File -> Preferences and selecting "Other..." from the "Default Machine Folder" drop down list on the "General" page. Navigate to the Computer -> D: -> "fa11-yourlogin" folder and click OK. Verify the folder location is correct for the "Default Machine Folder" setting and click OK.
  5. Import the base virtual machine. Click the File -> Import Appliance menu option then click the "Choose..." button. Navigate to Computer -> D: -> CNT Files -> VirtualBox XP and open the "CNT XP Base" file. Click the Next button and verify the "Virtual Disk Image" location is inside the "D:\fa11-yourlogin" folder then click the Import button.
  6. Disable USB, shared folders and audio for the VM by clicking on the new virtual machine listed on the left side of the screen and then clicking on the word "USB" on the right side of the screen. Click OK on the warning message and then uncheck the "Enable USB Controller" box at the top of the window. Click the "Shared Folders" page on the left side of the window, click the "Desktop" shared folder and then press the Delete key. Finally, click the "Audio" page on the left side of the window and uncheck the "Enable Audio" box. Click the OK button to save your settings.
  7. Start the VM by clicking on the new virtual machine listed on the left side of the screen and then clicking the green Start arrow at the top of the window. Read and then click OK on the message about keyboard capture. Read and then click OK on the message about mouse pointer integration. Wait as the mini-setup process completes, reading and then clicking OK on any VirtualBox messages that come up. You may choose to check the box not to see the message again on any of these if you like.
  8. Once the system reboots once you can login to the Virtual Machine using the Administrator account and the password "College1".
  9. Open a web browser in the VM. You will need to enter your IHCC login and password and install the SafeConnect client to access the Internet from your VM, do this now.
  10. Congratulations! Your Windows XP Virtual Machine is now setup and configured for your use during this course.

Scan Your System for Rootkits

Follow the instructions on page 73 of your book to complete "Project 2-2: Scan for Rootkits". Note that all of this should be done inside your Windows XP Virtual Machine.

Use a Software Keylogger

Note that all of this should be done inside your Windows XP Virtual Machine.

Follow the instructions at the bottom page 73 of your book to complete "Project 2-3: Use a Software Keylogger". IMPORTANT: Due to some corrupt system files in the XP Base image you will not be able to use the Wolfeye Keylogger noted in the book. Instead please download and use the free Pykeylogger software from [1]. Instructions on that site explain how to use the keylogger. I suggest installing it with a shortcut to the desktop so you can easily start it.

You will need to modify the settings of the keylogger to access it's control panel because the Right-Ctrl key which is normally used is already being used by VirtualBox for keyboard capture. To do this:

  1. Open Wordpad by clicking Start -> All Programs -> Accessories -> Wordpad.
  2. Open the file "C:\Program Files\PyKeylogger\pykeylogger.ini". You may need to switch to showing "All Documents" or enter the full location into the open dialog box to access the file.
  3. Find the line Control Key = Control_L;Control_R;F12 and change it to Control Key = Control_L;Alt_R;F12
  4. Now when you start the keylogger you can access it's hidden control panel by pressing the Left Control, Right Alt and F12 keys at the same time.

This keylogger is started either through the link in the start menu or on your desktop if you chose to create one. Your log files are stored in the "C:\Program Files\PyKeylogger\logs" folder.

Chapter 3

Configure DEP

Complete Hands-On Project 3-1 on your Windows XP VM

Hosts File Attack

Complete Hands-On Project 3-3 on your Windows XP VM

MITM Sidejacking Attack

For this lab you will need to pay close attention and be under the supervision of the instructor, doing this incorrectly will cause problems on the campus network and could be viewed as an attack on the network!

First, you will need to download and install some software in your VM:

Next, you MUST disconnect from the campus network and connect to the special CNT network. Verify that you have an IP address in the correct range (192.168.203.x) before proceeding!

You will need to do a little research online about how to use these tools. Your goal is to hijack the session of your partner so that you can access a webmail or social network site without their password. Below is a brief description of what each tool is for:

  • WinPcap - This driver allows the other software to talk directly to the network card in Windows.
  • Ettercap NG - This tool can be used for an ARP poisoning attack against a specific IP (your partner) so that you can route all traffic from them to the default gateway through your system first and sniff it (in this case for session cookies).
  • Hamster & Ferrer - These utilities allow you to actually sniff for session cookies to steal from your partner and then pass them off to websites as your own.
  • Firesheep - A simplified, point-and-click interface with automatic capabilities like Hamster & Ferret which works with many popular "Web 2.0" sites to demonstrate a sidejacking attack. Note that traffic must already be flowing through your machine (such as on a hub, wireless network or through an ARP poisoning attack.

When you are done and have switched off all poisoning and attack software you may shut down your VM and then make sure to reconnect to the campus network for the next class.

Chapter 4

Using an Internet Port Scanner

Complete project 4-1 in the book. Do this at school as well as at home and compare the results. If you have Windows Vista or Windows XP explore the built in firewalls in those instead of the one for Windows 7 which is described in the activity.

Using a Vulnerability Scanner

Complete project 4-2 in the book. Make sure to download and run the scanner inside your Virtual Machine and run it ONLY when attached to the special CNT 2820 network (192.168.x.x address) and NOT when on the campus network. You will have to move the connection for your computer to the CNT network switch.

Use the Nmap Port Scanner

One of the most popular port-scanning utilities is nmap. It is available as a command line program for Linux, but a GUI and Windows version are also available.

  • Read the instructions for installing it at the Nmap site. * Download the latest stable version from the Windows binaries section on the download page and install it in your VM.
  • Make sure you are attached to the special CNT 2820 network (192.168.x.x address) and NOT the campus network.
  • Trade IP addresses with a partner and try scanning each others systems. The Zenmap GUI is fairly easy to use and understand but check the manual if you need help.
  • Turn off your firewall in the VM and try scanning each others systems again.

Chapter 5

Chapter 6

Chapter 7

Chapter 8

Chapter 9

Chapter 10

Chapter 11

Chapter 12

Chapter 13

Chapter 14