
















Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Material Type: Lab; Class: Computer Network Security; Subject: Electrcl & Computer Engr; University: University of the Pacific; Term: Fall 2007;
Typology: Lab Reports
1 / 24
This page cannot be seen from the preview
Don't miss anything!

















If any of your force be
12/20/
LAB 7
If any of your force be killed or captured, thesecretary will disavowany knowledge of youractions...this tape willself destruct in 5seconds...Good Luck, Jim
Gathering information: Find the password file on aLinux box
Scenario
You have access to a Linux computer. You must findthe password file on the computer.
12/20/
LAB 7
The “all-powerful” user under Windows
is
Administrator or any user with admin privileges
An attacker wants “admin privileges.”
The “all-powerful” user under Linux
is
root
12/20/
LAB 7
root
An attacker wants “root privileges.”
Only
root
has root privileges – no other users
Linux Prompts:
$ = normal user# = root
Important!Important!Important!Important!
Insert the
Knoppix
CD in your laptop and reboot.
Knoppix is a “distro” of Linux.
“distro” is short for “distribution
Press when you get the
Boot:
prompt.
When fully booted,
close the Knoppix webpage
12/20/
LAB 7
When fully booted,
close the Knoppix webpage
Open a terminal window
by clicking on the computer icon
on the task bar at the bottom of the screen. •
The icon has a black screen
It’s to the right of the little house.
Use the up/down arrow keys to access previous commands!
Navigating the directory structure You can move:
12/20/
LAB 7
Enter the following
(the
is the “normal
user” prompt)
$ cd /
cd (change directory) to the top of structure
that’s a
forward
slash!
$ pwd
where am I in the directory structure?
$ ls
list the top level directories, including these 5:
12/20/
LAB 7
Continue…
(You’re in
/home/knoppix
$ cd root
oops!
no
/root
dir under
/home/knoppix
$ cd /root
go
directly
to
/root
from
/home/knoppix
$ ls /home/knoppix
view a remote dir w/o going there
$ cd ..
move up one level (to the top)
Linux requires a there! (DOS does not)
12/20/
10
LAB 7
Tab completion
, hit
, and Linux will finish the name
$ cd /ro
ro becomes root!
is nice when names are very long
Wildcards
(can be used with any command)
$ cd /etc
/etc is big!
12/20/
LAB 7
$ cd /etc
/etc is big!
$ ls *.conf
lots of .conf files
$ ls *.c??
list all .c?? files
there’s 2 chars after ‘c’
Finding
files (e.g. the
passwd
file – or flags)
$ cd /
start at top
$ find / -name passwd
find
passwd
file
Don’t re-type previous commands – use the arrow keys!
Continue…
(You’re in
/etc
$ su
switch user (root is default)
the prompt changes!
you’re root!
you were not asked for root’s password, because root has no password - yet
now you can view the password file!
root can do lots of things that the normal user cannot
12/20/
LAB 7
root can do lots of things that the normal user cannot
but there’s no hashes here – no one has a password yet
view it a page at a time
note root (top first page) has no
hash
(no password)
hit to view next page, q to quit
remember, you can hit and try anyprevious command again
Continue…
give root a
simple
password
Linux will now ask you (twice) for the new password
hit til you see the next command; hit
should now see a
hash
for root at top of first page
12/20/
LAB 7
When a password cracker guesses a password (either a wordtaken from a dictionary or just a random set of characters), ithashes that password and then compares the hash with thehash stored in the password file. If they match, the passwordhas been successfully guessed!Remember, a hash is just the result of a mathematicaloperation done on the numerical equivalent of a password.
Enter this sequence of commonly used commands:
go to root’s home directory
make a new directory under /root
move to new directory
you’re in /root/test
creates a new file called file1 and…
12/20/
LAB 7
creates a new file called file1 and…
writes the message into the file
view the contents of file
remove (delete) file
go up to /root
remove test directory
Continue…
one more time…
Linux is case sensitive
go home (/root)
list present working directory
nothing here
copy password file here (.)
12/20/
LAB 7
copy password file here (.)
there it is - shadow!
switch to knoppix user
$ ls
$ = you’re a normal user
$ cat shadow
you don’t have the right!
Note
: Both
cp
and
mv
(move file) will over-write existing
files without warning you!
File permissions:
dooogggwww
= permissions
d:
directory
o
= owner
r
= file can be read
g
= group
w
= file can be written
w
= world
x
= file can be executed
Example:
-rwxr-x--x
Meaning:
This is a file, not a directory (no ‘d’)
File’s owner
12/20/
LAB 7
Meaning:
This is a file, not a directory (no ‘d’)
File’s owner
can read, write, execute
Owner’s group can read and execute
The world (everyone) can execute only.
if not already there, move to /etc
list passwd – note permissions
list shadow – note permissions
Do you see the difference between passwd and shadow?^
World can read
passwd
, but not
shadow
Networking commands
list interface conf info – gives your IP address
pings the target (Ctrl-c = quit)
lists status of (
a
ll)
n
etwork interfaces – pipe to
less
12/20/
LAB 7