Franske CNT-2820 Labs-Homework
For most chapters in the course you will need to complete some assignments which may include homework and/or labs. The specific type of assignment(s) varies depending on the chapter. This page will list the labs and/or other assignments you need to complete, organized by chapter. If you have any questions about these assignments please contact the instructor for clarification or assistance. All assignments are due as indicated on the course schedule.
Chapter 1
There is no homework or lab assignment for chapter 1.
Chapter 2
Prepare a Windows XP VM
Your first task is to prepare a Windows XP virtual machine which we will use throughout the course as a lab system. In the lab we will use the Oracle VirtualBox software and a pre-built Windows XP system which we will make a copy of specifically for this class.
- Open the D: drive of your computer by clicking the Start Menu and typing "d:" in the search box, then pressing Enter.
- Create a new folder on this drive titled "fa11-yourlogin" where you have replaced yourlogin with the username you use to log in to the system
- Start the VirtualBox software Start -> All Programs -> Oracle VM VirtualBox -> Oracle VM VirtualBox
- IMPORTANT!!! Change the default storage location for your VMs to your new "fa11-yourlogin" folder by clicking File -> Preferences and selecting "Other..." from the "Default Machine Folder" drop down list on the "General" page. Navigate to the Computer -> D: -> "fa11-yourlogin" folder and click OK. Verify the folder location is correct for the "Default Machine Folder" setting and click OK.
- Import the base virtual machine. Click the File -> Import Appliance menu option then click the "Choose..." button. Navigate to Computer -> D: -> CNT Files -> VirtualBox XP and open the "CNT XP Base" file. Click the Next button and verify the "Virtual Disk Image" location is inside the "D:\fa11-yourlogin" folder then click the Import button.
- Disable USB, shared folders and audio for the VM by clicking on the new virtual machine listed on the left side of the screen and then clicking on the word "USB" on the right side of the screen. Click OK on the warning message and then uncheck the "Enable USB Controller" box at the top of the window. Click the "Shared Folders" page on the left side of the window, click the "Desktop" shared folder and then press the Delete key. Finally, click the "Audio" page on the left side of the window and uncheck the "Enable Audio" box. Click the OK button to save your settings.
- Start the VM by clicking on the new virtual machine listed on the left side of the screen and then clicking the green Start arrow at the top of the window. Read and then click OK on the message about keyboard capture. Read and then click OK on the message about mouse pointer integration. Wait as the mini-setup process completes, reading and then clicking OK on any VirtualBox messages that come up. You may choose to check the box not to see the message again on any of these if you like.
- Once the system reboots once you can login to the Virtual Machine using the Administrator account and the password "College1".
- Open a web browser in the VM. You will need to enter your IHCC login and password and install the SafeConnect client to access the Internet from your VM, do this now.
- Congratulations! Your Windows XP Virtual Machine is now setup and configured for your use during this course.
Scan Your System for Rootkits
Follow the instructions on page 73 of your book to complete "Project 2-2: Scan for Rootkits". Note that all of this should be done inside your Windows XP Virtual Machine.
Use a Software Keylogger
Note that all of this should be done inside your Windows XP Virtual Machine.
Follow the instructions at the bottom page 73 of your book to complete "Project 2-3: Use a Software Keylogger". IMPORTANT: Due to some corrupt system files in the XP Base image you will not be able to use the Wolfeye Keylogger noted in the book. Instead please download and use the free Pykeylogger software from [1]. Instructions on that site explain how to use the keylogger. I suggest installing it with a shortcut to the desktop so you can easily start it.
You will need to modify the settings of the keylogger to access it's control panel because the Right-Ctrl key which is normally used is already being used by VirtualBox for keyboard capture. To do this:
- Open Wordpad by clicking Start -> All Programs -> Accessories -> Wordpad.
- Open the file "C:\Program Files\PyKeylogger\pykeylogger.ini". You may need to switch to showing "All Documents" or enter the full location into the open dialog box to access the file.
- Find the line Control Key = Control_L;Control_R;F12 and change it to Control Key = Control_L;Alt_R;F12
- Now when you start the keylogger you can access it's hidden control panel by pressing the Left Control, Right Alt and F12 keys at the same time.
This keylogger is started either through the link in the start menu or on your desktop if you chose to create one. Your log files are stored in the "C:\Program Files\PyKeylogger\logs" folder.
Chapter 3
Configure DEP
Complete Hands-On Project 3-1 on your Windows XP VM
Hosts File Attack
Complete Hands-On Project 3-3 on your Windows XP VM
MITM Sidejacking Attack
For this lab you will need to pay close attention and be under the supervision of the instructor, doing this incorrectly will cause problems on the campus network and could be viewed as an attack on the network!
First, you will need to download and install some software in your VM:
Next, you MUST disconnect from the campus network and connect to the special CNT network. Verify that you have an IP address in the correct range (172.17.143.x) before proceeding!
You will need to do a little research online about how to use these tools. Your goal is to hijack the session of your partner so that you can access a webmail or social network site without their password. Below is a brief description of what each tool is for:
- WinPcap - This driver allows the other software to talk directly to the network card in Windows.
- Ettercap NG - This tool can be used for an ARP poisoning attack against a specific IP (your partner) so that you can route all traffic from them to the default gateway through your system first and sniff it (in this case for session cookies).
- Hamster & Ferrer - These utilities allow you to actually sniff for session cookies to steal from your partner and then pass them off to websites as your own.
- Firesheep - A simplified, point-and-click interface with automatic capabilities like Hamster & Ferret which works with many popular "Web 2.0" sites to demonstrate a sidejacking attack. Note that traffic must already be flowing through your machine (such as on a hub, wireless network or through an ARP poisoning attack.
When you are done and have switched off all poisoning and attack software you may shut down your VM and then make sure to reconnect to the campus network for the next class.