Comp690 BCNS Seminar Student exercises

(Note – this version is preliminary. check back for updates.

Lab 1) Cracking Passwords – First read the wikipedia article on password cracking

a) Download and install John the Ripper from the Openwall Project.

b) Obtain a file containing encrypted passwords using a tool such as pwdump. This may be easier in Unix.

c) Run john on the file and report back on the results.

Lab 2) Detecting intrusions

a) Download and install Snort.

b)

Lab 3) Public/Private key encryption

Students create a public/private key pair. They publish the public key and request others to send them documents. They decrypt using their private key.

Lab 4) Use a network sniffer. ex. Ethereal Open source. Doesn’t work on wireless networks. Have the students scan their own computer (host). Start scanning and watch internet activity. When you stop you see a page of statistics. When giving a password on telnet it is not encrypted. You can see it. Students can search for unencrypted passwords.

Students should do only local scans.

Lab 5) Network scan. Nessus – network vulnerability scanner. Primarily for Unix but also a Windows version. Can scan any other machine. Nessus is a server. Its Windows client is NessusWx. Can run server on Unix and client on Windows.

Lab 6) Steganography – have students encode and decode messages

Lab 7) Phishing Mail Frontier When you get a phish – type in nonsense numbers to see what happens. Expand the header to see IP site which sent it. http://www.crazybone.com/spoofmail/

Lab 8) Fine tune your web browser –Nikto – Shows loopholes in CGI scripting. problem when students ran Nitko on their office machines. Complaints (Unix), Hijack