10/10

MIS 4850
Systems Security
Lab 2 /
Target Attacks

Student Name: ______Computer #: _____

Exercise 1: Using Netbus 1.7 for remote control

You need to work in teams of two. One teammate (referred to as Student 1) will download and start the server portion of Netbus (Patch.exe) on his/her computer. The other teammate will install the client version of Netbus (Netbus.exe) to be used for controlling the other machine.

To be done on Student 1’s computer

Downloading and starting Patch.exe

DO NOT RESTART YOUR COMPUTER IF ASKED TO DO SO AT ANYTIME!!!!!!

0)  Identify Student 1’s computer: Computer #_____. IP address: 10.1.10.__

1)  From your computer, click Start/Run, and then type in the following, then click OK:

\\mainserver2\Netbus

2)  Select all four files available in the folder. Copy them (Edit/Copy menu) to the clipboard, and close (x) the opened window

3)  Double-click My Computer on your computer’s desktop. Locate and open the C: drive.

4)  Create a folder called Lab2 at the root of the C drive

5)  Then, paste the four files to the Lab2 folder you just created

6)  Double-click the NetBus.exe.sda.exe file. When a dialog window opens, uncheck the “Hide Typing” checkbox and type password as the passphrase in the textbox. This will reveal the patch.exe and the Netbus.exe files.

7)  Open the Command prompt (Start/Run, then type cmd followed by the ENTER key)

8)  Type cd\ and hit ENTER to get to the root of the C: drive

9)  Type the cd Lab2 command to be in the Lab2 directory where you copied the Netbus files

10) To start the patch.exe program, type patch /noadd and hit ENTER

11) Your computer is ready to be taken over remotely by someone using Netbus client!

12) To make sure it is, at the Command prompt type in netstat -a and hit ENTER

13) You should see that port 12345 (and possibly 12346 too) is now open (and listening) for communication with any computer that has the client portion of Netbus.

14) Copy the open window by simultaneously pressing ALT+PRINT-SCRN

15) Open Wordpad (Start/All Programs/Accessories/Wordpad), and then paste.

16) Press the right arrow key. Then, hit the ENTER key twice to create two blank lines below the pasted image.

17) Save the file at the root of the C: drive under the name Last1-Last2Lab2.rtf (where Last1 and Last2 are the teammates last names)

To be done on Student 2’s computer

Installing Netbus.exe

0)  Identify Student 2’s computer: Computer #: ____. IP address: 10.1.10.__

1)  From your computer, click Start/Run and then type in the following:

\\mainserver2\Netbus

2)  Select all four files available in the folder. Copy them (Edit/Copy menu) to the clipboard, and then close (x) the opened window

3)  Double-click My Computer on your computer’s desktop. Locate and open the C: drive.

4)  Create a folder called Lab2 at the root of the C drive

5)  Then, paste the four files to the Lab2 folder you just created

6)  Double-click the NetBus.exe.sda.exe file. When a dialog window opens, uncheck the “Hide Typing” checkbox and type password as the passphrase in the textbox. This will reveal the patch.exe and the Netbus.exe files.

7)  Run the program called Netbus.exe by double-clicking it

8)  You should see the Netbus remote control console with port 12345 or 12346

9)  In the Host Name/IP: text box, type in the other computer's IP address (see the IP address that was written down on the previous page), and click the Connect button

10) You should see Connected to <IP Address> at the bottom of the console window

11) You have total control over your teammate’s computer!

12) Note: This may not work for those who have a computer with the new secured CD drive. Try to open the other computer's CD-ROM drive by clicking the Open CD-ROM button

13) Close the CD-ROM drive

14) Click the Msg Manager button and send a message (like "Hi, How are you doing") to the controlled computer.

15) Display the image of the cat (cat.jpg) on your teammate’s computer. Note that cat.jpg is one of the files you and your teammate both downloaded to your computers. Then, explain what do you need to do in order for the cats.jpg file to be shown on the controlled computer? Explain:

______

______

______

______

16) Can the user on the controlled computer remove the picture that is shown on their desktop? YES NO

17) eastwood.wav is one of the files you and your teammate both downloaded to your computers. Because your computer does not have speaker, you cannot play sound. But check Netbus and explain what you need to do in order for the music to play on the controlled computer? Explain:

______

______

______

______

18) Click File Manager, and then the Show Files button. Take the steps necessary to display the files that are on the C: disk of the controlled computer. Name two of the folders: ______, ______.

18) Open Wordpad (Start/All Programs/Accessories/Wordpad).

19) Copy the open window showing the files on the controlled computer by simultaneously pressing ALT+PRINT-SCRN.

20) Paste the copied window to Wordpad.

21) Press the right arrow key. Then, hit the ENTER key twice to create two blank lines below the pasted image.

19) Save the file at the root of the C: drive under the name Last1-Last2Lab2-2.rtf (where Last1 and Last2 are the teammates last names)

20) Locate the wb32.exe file available in the C:\Program Files\NetMeeting folder of your local C; drive and upload it to the root of the controlled computer’s C: drive.

21) Check to make sure the file is copied to the root of your teammate’s computer.

22) Given the options in the File Manager tool of Netbus, which of the following is true?

a.  You can use Netbus to download a file from a controlled computer.

b.  You can use Netbus to delete a file located on a controlled computer.

c.  You can use Netbus to rename a file located on a controlled computer.

d.  All of the above.

23) Start the dialer.exe program located in the C:\Windows folder of your local C: drive so that the program launches on the controlled computer.

24) Have your teammate capture the dialer window (by simultaneously pressing ALT+PRINT-SCRN), and copy the captured window to the Last1-Last2Lab2.rtf (where Last1 and Last2 are the teammates last names) file he/she has created.

25) Can the user on the controlled computer close the started program? YES NO

26) Use the appropriate Netbus tool to remotely “listen” to keystrokes when the user on the controlled computer is typing using the keyboard. After you have started the tool, have your teammate start a new Notepad session (Start/All Programs/Accessories/Notepad). Then ask the teammate to type a sentence like “I am coming in 10 mutes”.

27) When the text shows on your Netbus dialog window, you should capture the screen and paste it to the end bottom of your Last1-Last2Lab2-2.rtf file.

28) Disconnect.


Exercise 2: Using the At command to start programs on a remote computer
Objective: One weakness of many operating systems including Windows is that they provide means of starting programs on remote computers; which opens the door to attackers. In this activity you will learn how easy it is to use the At command to schedule an executable file to run on a remote computer at a specific time.

1.  (If not already done) Log on to your Windows 2003 Server as Administrator

2.  Press Ctrl+Alt+Del. Click Task Manager, then select the Processes tab

3.  Notice that notepad.exe is NOT among the processes that are currently running

4.  Your neighbor have noticed exactly the same thing on his/her computer

5.  Click Start/All Programs/Accessories, and then click Command Prompt.

6.  In the Command prompt, change the current directory to the root of the C: drive using the CD command by typing cd\ and hitting the ENTER key

Note: The net time command could be used to tell the current time on any computer connected to the network. Next, you will use it to determine the time on your neighbor’s computer.

7.  At the command line type net time \\srvdcXX (where XX is the number assigned to your neighbor’s computer), then press ENTER. Write down the time: ______

Next, you will schedule the execution of notepad.exe on your neighbor’s computer

8.  At the command line type at \\srvdcXX time /interactive “notepad.exe” (where XX is the number assigned to your neighbor’s computer, and time is the time you wrote down + 3 minutes to allow for a delay), then press ENTER.

Hint: Not using the /interactive switch with the At command will hide the starting of the process from your partner.

9.  If your neighbor has used the At command to start the notepad.exe process on your server, notepad will automatically open on your server as scheduled.

10. The notepad.exe process might not appear if your neighbor didn’t use the /interactive switch with the At command as mentioned in the Hint above. But you can still check the Task Manager to see that the notepad.exe process is running on your server.

11. Close all open windows.

Question: what kind of harm can be done using the At command. Explain.

______

______

______

______

Exercise 3: Manipulating the ARP table

Exhibit

In a P2P network where all computers are connected to a 2-layer switch, ARP tables (available on each computer) are used by stations to send messages to the switch, which forwards the messages to the destination station based on the MAC address. Consider the exhibit shown above. Suppose that the user who regularly uses Workstation 3 has physical access to Workstation 5. How could that user manipulate the ARP table in order to hijack all communications from Workstation 5 to Workstation 6 so that all messages destined to Workstation 6 are automatically forwarded by the switch to Workstation 3 instead? Explain.

______

______

______

______


Exercise 4: Ping-based attacks

1)  Open Wordpad (NOT Notepad) and create a file called FirstLastPing.rtf (where First and Last are your first and last names). Save the file in a folder to be called Lab2. Type in the following as the first lines in the file:

MIS 4850 Systems Security

Lab 2

First Last (where First and Last are your first and last names)

2)  Open Windows’ Command Prompt

3)  At the prompt, type ping /? to display the options you can use with Ping

4)  Make sure that your neighbor (or Lab partner) has a computer he/she is using. Write down the neighbor’s (or Lab partner’s) computer IP address: 10.1.10.___

5)  What command should you use to ping the computer that has the 10.1.10.30 IP address by pretending that the ping message originates from your neighbor’s computer? Assume that your neighbor IP address is an IPv6 address.

Answer (write the full command): ______

6)  Which of the following probe attack technique is used in the command you mentioned when answering previous question?

a.  Flooding

b.  SYN attack

c.  Fingerprinting

d.  spoofing

7)  In another exercise, you will use the NMAP tool to perform the same probe attack with an IPv4 IP address.

8)  Issue a basic Ping to ping the computer with the 10.1.10.30.

9)  What is the size in bytes of the ping message being sent to 10.1.10.30?

10) Answer: ______bytes

11) If needed use ping /? to display the options you can use with the Ping command. What command should you use to ping the computer that has the 10.1.10.30 IP address with a packet (or buffer) size that is 50000 bytes?

Answer (write the full command): ______

12) From the Command Prompt, type the command you mentioned when answering the question above to see its outcome. Then, capture the Command Prompt window (Ctrl-Alt-PrintScreen) with the command and its outcome displayed. Make sure you have captured the command and all its outcome. Switch to your FirstLastPing.rtf file. Create a blank line at the bottom of the file. Then, paste the screen capture right below.

13) If needed use ping /? to display the options you can use with the ping command. What command should you use to ping the computer that has the 10.1.10.30 IP address so that the IP address is revolved to the computer host name, allowing you to see the host name displayed in the command result?

Answer (write the full command): ______

14) From the Command Prompt, type the command you mentioned when answering the question above to see its outcome. Then, capture the Command Prompt window (Ctrl-Alt-PrintScreen) with the command and its outcome displayed. Make sure you have captured the command and all its outcome. Switch to your FirstLastPing.rtf file. Create a blank line at the bottom of the file. Then, paste the screen capture right below.

Write down the host name of the computer with the 10.1.10.30 IP address as it appears in the result you got: ______

15) If needed use ping /? to display the options you can use with the ping command. What command should you use to ping the computer that has the 10.1.10.30 IP address until you decide to stop the pinging yourself. Test your answer and, then, write down the command: