Reference no: EM132315883
Activity 1:
Setting up NCAT Listener
Lab Objectives
This activity will address module outcome 1. Upon completion of this activity, you will be able to:
Discuss the pros and cons of governmental regulation of cryptography. (CO1, CO2, CO4)
For this assignment, we will use ncat, netcat, scp from the Kali, attacker, VM and netcat on Metasploitable, target, VM to send files and information over the network. We will use plain text protocols like telnet to send data in the clear as well as SSL/SSH to encrypt the data. Netcat will also be used as a backdoor on the Metasploitable system. To analyze the difference in the communication methods and detect the information sent through the netcat backdoor we will use Wireshark as a packet analyzer. Wireshark will help us inspect the packet contents and provide some human readable information. Additionally, we will use file hashing tools to compare the files before they are sent and after they are received to validate their integrity. The purpose of the lab is a demonstration of secure (encrypted) and insecure communication, backdooringlinux system, hashing files to verify integrity, and making sense of network communication with packet analyzer like Wireshark.
Lab Instructions
• Review the provided videos above
• Start the Kali VM
• Start Wireshark
• Capture traffic on the default interface eth0
• Refer to the provided web bookmarks, command file, and videos for assistance with specific tools used to complete the lab
• Create a text file with plain text content in the Metasploitable VM using nano or vi text editor
• Setup netcat/ncat as a listener on Kali
• Send the created text file from Metasploitable to the Kali VM using netcat
• Verify the integrity of the transferred file using MD5 and SHA hashes at the sender and receiver
• Inspect the contents of the received file AND execute commands between Kali and Metasploitable with Wireshark
• Create a new file in Kali using leafpad and transfer it using SCP to Metasploitable
• Create a reverse shell backdoor on Metasploitable using Netcat
• Send the Metasploitable /bin/bash shell to Kali using netcat
• Obtain the contents of the Metasploitable /etc/passwd file from Kali through the netcat backdoor
• Inspect the contents of the file transferred using SCP
• Save the packet capture in Wireshark to your Desktop
Lab Deliverables
• Write a brief summary of what are the uses for ncat, netcat, and Wireshark
• Write a brief summary of what are the differences between encoding, encryption, and hashing
• Complete the assigned lab activities using the provided video and instructions
• Provide a full-screen screenshot of the commands used to transfer the file from Metasploitable to Kali
• Provide a full-screen screenshot of the command and result of the transferred file integrity using MD5 and SHA hashes
• Provide a full-screen screenshot of the filters used in Wireshark and the results showing the plain text contents of the file transferred
• Provide a full-screen screenshot of the backdoor created on Metasploitable
• Provide a full-screen screenshot of the contents of the Metasploitable /etc/passwd file obtained through the Kali netcat backdoor shell
• Provide a full-screen screenshot of the transferred file via SCP from Kali to Metasploitable
• Provide a full-screen screenshot of the inspected SSH communication with Wireshark
NOTE: Make sure each screenshot is accompanied by a brief explanation of what you did in the screenshot
Compose your work in a .doc or .docx file type using a word processor (such as Microsoft Word, etc.) and save it frequently to your computer. For those assignments that are not written essays and require uploading images or PowerPoint slides, please follow uploading guidelines provided by your instructor.
Activity 2: Dissect the PCAP and Design an Appropriate Defense
Lab Objective
This activity will address module outcome 1. Upon completion of this activity, you will be able to:
• Use wireless sniffers to examine packet capture and network traffic. (CO1, CO2, CO4)
For this assignment, you will wear the hat of an investigator who will use Snort and Wireshark to inspect network traffic for indicators of malicious activity and compromise. You will have the opportunity to download, install, configure, create detection rules, and use it to replay saved packet capture. Snort will produce alerts which we can further investigate with Wireshark to help us put pieces of the puzzle together and figure out what happened in the scenario.
Lab Instructions
• Review all of the provided videos above
• Review any provide videos, bookmarks, tutorials, etc. before attempting the lab
• Start the Kali VM
• Change the Kali VM Network settings to allow Internet connection
• Download and install Snort
• Download the "exercise.pcap" file for the assignment; you can sign to Excelsior using the Kali VM and a browser
• After you downloaded "exercise.pcap file, change the network settings back to "Host-only"
• It is suggested to make a copy of the original snort.conf file and save it with extension BACKUP. Use text editor to edit the snort.conf configuration file:
o Include your host-only IP for Kali in the snort HOME_NET variable
o Add the custom.rules file to your included rule set for detection
o Save the config file as "snort.config"
• Create the custom.rules file
• Write/Copy the provided custom Snort rules into the custom.rules file and save it
o Make sure that you watch the video and create a rule with your name
• Start Snort in IDS mode to display real-time alerts using the new config
• Using your host computer or Metasploitable, send ping to Kali
• Create a netcat reverse shell on Kali and connect to it from Metasploitable
• Using the Metasploitable terminal and do the following:
o Type in your name, this should trigger Snort alert
o Type in /etc/passwd, this should trigger Snort alert
o Type in /etc/shadow, this should trigger Snort alert
• Use Snort to replay the "exercise.pcap" file, it should trigger some alerts
• Open the "exercise.pcap" file with Wireshark and provide a report with the requested information in 2) deliverable from the "Lab
Deliverables" section below
• Answer the presented questions in the "Lab Deliverables" section
• Provide any requested full-screen screenshots
Lab Deliverables
• Write a brief summary answering the following:
o What are Snort and Wireshark?
o How can Snort and Wireshark be used?
o Why is it important to know how to read Snort alerts and Wireshark traffic?
o Why is it important to know how to write custom Snort alerts?
• Provide a report of the investigation of the "exercise.pcap" file you analyzed to answer the following:
o What happened? What suspicious activities were recorded in the packet capture?
o Were there any indicators of compromise?
o If yes, show and briefly explain what they are
o Date/Time of event (ground zero for suspicious activity)
o Username/Account name/Computer name (target/victim)
o Host IP address (target/victim)
o Host MAC Address (target/victim)
• Complete the assigned lab activities using the provided video and instructions
• Provide full-screen screenshot that downloaded and installed Snort successfully
• Provide full-screen screenshot that you create the "snort.conf" file with the HOME_NET variable and inclusion of the custom.rules file
• Provide a full-screen screenshot of the results of steps 12), and all 14) a through c
• Provide a full-screen screenshot of any alerts for step 15) that are related to Trojan or bot activity
• Provide a full-screen screenshot of the artifacts that you discovered with Wireshark
• Attach your original assignment file AND the generated plagiarism report to your M4A2 Blackboard assignment dropbox in Blackboard
NOTE: Make sure each screenshot is accompanied by a brief explanation of what you did in the screenshot or the displayed result.
Attachment:- Activity.zip