Ethical Hacking & Network Defense

MIS 4600 – MBA 5880

Ethical Hacking & Network Defense

Chapter 3: Network & Computer Attacks

Extra-Credit 2 (Due 2/16/10)

Student Name: ____________________________________

Exercise 1: The CPUHog DoS attack

Memory, storage, and processor power are the three most important resources in a computer system. The computer becomes useless without those resources. The basic idea behind a DoS attack is for the attacker to find a way to make a target computer use all or some of its main resources to the point that there are not enough resources for other legitimate users/applications. The CPUHog attack that [originally] targets Windows systems, allows processes associated with the CPUHog program to consume CPU to the point that other programs - including Task Manager - couldn’t run. The objective of this activity is two-fold: (1) search the web for the CPUHog attack in order to understand how it works, and (2) download and use the CPUHog program to test it.

Part 1:

Search the Internet for “CPUHog” , “CPUHog attack”, and “server hog” in order to answer the following questions about the CPUHog DoS attack. Appendix 1 has some Web addresses that might be helpful.

1) CPUHog DoS is a new type of denial of service attack. T F

2) The CPUHog program can make a target system consume much of its storage
capacity to the point that it is not able to service other processes. T F

3) CPUHog exploits flaws in the way vulnerable OS schedule the execution of
processes. T F

4) In Windows NT, applications running under a user account with
administrative privileges can set their priority to any of the 32 levels. T F

5) In Windows NT, applications running under a user account without
administrative privileges can set their priority to any of the first 16 levels. T F

6) Which of the following is a way of regaining control over a computer system once a CPUHog attack succeeds in hanging it?

a. Use a malware removal software to stop all processes associated with CPUHog, and and remove the CPUHog program from the computer.

b. Reboot the system

c. Use Task Manager to stop the processes associated with CPUHog

d. None of the above

7) What are the similarities between CPUHog and a server hog? Explain.

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

___________________________________________________________________________

Part 2:

1) Use a computer connected to the Internet to download the CPUHog program to your flash drive. Note: If needed, the Appendix includes a URL

2) On your computer, create a folder called cpuhog under the root of the C: drive

3) Copy the cpuhog.zip file you have downloaded to the cpuhog folder

4) Unzip the cpuhog.zip file. The locate and run the cpuhug.exe program

5) Use it and explain how it works.

Exercise 2: Using the Run As command to bypass security

In the Windows environment, network administrators still use their administrative account to complete daily tasks like checking their email, typing text documents, etc. To prevent security breaches, many companies require administrators to use two accounts: one for administrative tasks, and the other for day-to-day tasks. But many administrators find ways around such policy. The Run As feature can be used in Windows Server 2003. It allows administrator who log on using their regular account to perform tasks that require administrative privileges without logging off.

1) If necessary, log on to your Windows Server 2003 computer (username: Administrator, password: password)

2) Create (Start/Right-click My Computer/Manage/Expand Local Users & Groups) two user accounts with the following information:

Username Password Full name

user1 123 User John

user2 123 User Jane

3) Log of as administrator, and log on as user1

4) Click Start/Control Panel/Administrative Tools. You should get and error message. Click Close

5) Right-click the Local Security Policy icon

6) Click Run As

7) Enter your administrative credentials, and click OK.

8) You should be able to edit the local Security Policy now.

9) Close all open windows.

Questions

You may try out things or use Windows help if needed to answer some of the questions.

1. Which of the following is an advantage of using the Run As command?

a. allows users to bypass security without permission

b. helps prevent the spread of viruses

c. conserves resources for administrators

d. allows administrators to check e-mail and administer the network

2. Which of the following is a disadvantage of the Run As command? (Choose all that apply.)

a. opens potential security holes

b. allows users to install applications if they know the local administrator password

c. allows users to access administrative tools if they know the local administrator password

d. All of the above

3. How can you use the Run As command on an existing shortcut?

a. Right-click the shortcut.

b. Hold down the Alt key and right-click the shortcut.

c. Hold down the Shift key and right-click the shortcut.

d. Hold down the Ctrl key and right-click the shortcut.

5. How can you prevent users from using the Run As command?

a. Delete the Run As command.

b. Disable the Secondary Logon service.

c. Disable the Server service.

d. Delete the RunAs.dll file.

Exercise 3:

1) Search the Internet to download the 7-day trial version of AllInOne Keylogger. You can find it at

http://download.cnet.com/windows/

2) Install it on your server (on the Win Server 2003 platform) and familiarize yourself with it.

3) Number of the Computer you have installed it on: _______

Appendix 1

Luga (1996), NT vulnerable to attack on CPU, retrieved on February 9, 2010 from http://www.luga.at/mailing-lists/luga/1996/12/msg00015.html

CPUHog download: http://www.sysint.no/products/Download/tabid/536/language/en-US/Default.aspx

AttacksExercises.doc 1/5