Import the VM provided in the file MainDC.ova into your local Virtual Box lab. Make sure your own Kali Linux VM can communicate with it (you will need to change the network settings to match Kali’s)....

1 answer below »
Would you solve these assignment, please use the assignment resource to solve it , do not create extra resource and answer all questions



Import the VM provided in the file MainDC.ova into your local Virtual Box lab. Make sure your own Kali Linux VM can communicate with it (you will need to change the network settings to match Kali’s). Then, answer the questions below, giving an explanation of how or why even if not explicitly asked. Part A: Preparing the environment 1. In MainDC, open “Active Directory Users and Computers”. Create a new user with logon name [email protected] and assign the password “Herzing2022”, which should not be changed by the user. Capture a screenshot of the summary. Part B: Kerberos brute force 1. Using the provided tool kerbrute_linux_amd64, you will get Sam’s password. What command do you need from the list shown in the help (when -h is the argument)? 1. The use of the tool for this command is “./kerbrute_linux_amd64 COMMAND --dc IP_OF_MAINDC -d DOMAIN -v FILE_WITH_PASSWORDS USER”. However, we first need a text file with a list of possible passwords. This would be similar to /usr/share/wordlists/rockyou.txt, but this file is too long. How many lines does it contain? 1. Create a file with at least 10 random passwords. Then, add Sam’s real password (this is a trick you will not see in real life scenarios). Finally, execute the command and capture a screenshot of the result. Note: If you get an error “Clock skew too great”, then you will need to set the right data, time and timezone in MAINDC (clock settings in the Server Manager → Local Server) and try again. Anyway, the fact of seeing the error means these credentials were valid. Part C: Using mimikatz Reference tutorials: https://www.101labs.net/comptia-security/lab-84-how-to-use-mimikatz-to-extract-all-the-passwords-from-a-windows-machine/ https://www.varonis.com/blog/what-is-mimikatz 1. Mimikatz is available in your Kali Linux VM in /usr/share/windows-resources/mimikatz/x64/mimikatz.exe. Copy it to MainDC either by scp (you will need to enable the Windows capability OpenSSH) or by dragging and dropping. Then, execute it (please note Windows Defender will flag it as malicious). In the Mimikatz prompt, execute “privilege::debug” and capture a screenshot. 2. Dump all NTLM hashes from the system and capture another screenshot showing the command you used and a few hashes. 3. Try to obtain the password of hford using John the Ripper in Kali (you probably will not). What is the default password file used by john? 4. What the command sekurlsa::logonpasswords can be used for? What process is the information accessed from? Where is this information stored? 5. With sekurlsa::tickets you can obtain Kerberos tickets. Capture a screenshot of the last Ticket Granting Ticket. 6. Read more about Kerberos tickets (https://www.ibm.com/docs/en/sc-and-ds/8.2.1?topic=concepts-kerberos-ticket). What type of ticket is issued first? What happens next? How many tickets of each would be issued if a user is accessing a network share and a printer that requires authentication? _________________________ Part A: Questions about cryptography 1. In the network of seven nodes shown below, a one-on-one secure communication has to be established between every pair of nodes. That is, A and B have to securely communicate with each other, B and C have to securely communicate with each other, and so on. 0. What is the total number of keys required if symmetric key cryptography is used? 0. What is the total number of keys required if asymmetric key cryptography is used? 1. What cryptographic attack affects SSL 3.0? Would that attack be effective against TLS with no backward compatibility? 1. During a security association of IPSec, how many Diffie Hellman exchanges are performed? What are the resulting keys used for? 1. Identify the kind of attack for each scenario below. 3. Earlier IPSec messages are replayed. 3. An attacker interposes during key exchange, acting as the client to the server and as the server to the client. 3. An attacker sends TCP SYN messages to open half TCP connections. 1. Identify the IPSec prevention mechanism for each scenario above. Part B: Heartbleed Import the VM provided in the file SEEDUbuntu.ova into your local Virtual Box lab. Also, open the document Heartbleed.pdf, with general instructions on how to perform a Heartbleed attack. Reference: https://www.pcmag.com/news/heartbleed-how-it-works 1. What OpenSSL version is installed in the VM? 1. Follow the instructions on the section 3.1 of the PDF document to perform the attack. Capture a screenshot after adding Boby as a friend. 1. The Python script attack.py is available in your home. You will need execution permission. Execute it as per the instructions and capture a screenshot proving the site is vulnerable. 1. Try to get at least two out of the three types of information suggested in the instructions. 1. Try different variations of --length. What is the minimum payload length at which the attack is still successful? SEED Labs – Heartbleed Attack 1 Heartbleed Attack Lab Copyright © 2016 Wenliang Du, All rights reserved. Free to use for non-commercial educational purposes. Commercial uses of the materials are prohibited. The SEED project was funded by multiple grants from the US National Science Foundation. 1 Overview The Heartbleed bug (CVE-2014-0160) is a severe implementation flaw in the OpenSSL library, which en- ables attackers to steal data from the memory of the victim server. The contents of the stolen data depend on what is there in the memory of the server. It could potentially contain private keys, TLS session keys, user names, passwords, credit cards, etc. The vulnerability is in the implementation of the Heartbeat protocol, which is used by SSL/TLS to keep the connection alive. The objective of this lab is for students to understand how serious this vulnerability is, how the attack works, and how to fix the problem. The affected OpenSSL version range is from 1.0.1 to 1.0.1f. The version in the SEEDUbuntu 12.04 VM is 1.0.1. Readings and videos. Detailed coverage of the Heartbleed attack can be found in the following: • Chapter 20 of the SEED Book, Computer & Internet Security: A Hands-on Approach, 2nd Edition, by Wenliang Du. See details at https://www.handsonsecurity.net. • Section 11 of the SEED Lecture, Internet Security: A Hands-on Approach, by Wenliang Du. See details at https://www.handsonsecurity.net/video.html. Lab environment. This lab has been tested on our pre-built Ubuntu 12.04 VM, which can be downloaded from the SEED website. If you are using our SEEDUbuntu 16.04 VM, this attack will not work, because the vulnerability has already been patched. You can download the SEEDUbuntu12.04 VM from the SEED web site. If you have an Amazon EC2 account, you can find our VM from the “Community AMIs”. The name of the VM is SEEDUbuntu12.04-Generic. It should be noted that Amazon’s site says that this is a 64-bit VM; that is incorrect. The VM is 32-bit. However, this incorrect information does not cause any problem. 2 Lab Environment In this lab, we need to set up two VMs: one called attacker machine and the other called victim server. We use the pre-built SEEDUbuntu12.04 VM. The VMs need to use the NAT-Network adapter for the network setting. This can be done by going to the VM settings, picking Network, and clicking the Adaptor tag to switch the adapter to NAT-Network. Make sure both VMs are on the same NAT-Network. The website used in this attack can be any HTTPS website that uses SSL/TLS. However, since it is illegal to attack a real website, we have set up a website in our VM, and conduct the attack on our own VM. We use an open-source social network application called ELGG, and host it in the following URL: https://www.heartbleedlabelgg.com. We need to modify the /etc/hosts file on the attacker machine to map the server name to the IP ad- dress of the server VM. Search the following line in /etc/hosts, and replace the IP address 127.0.0.1 with the actual IP address of the server VM that hosts the ELGG application. SEED Labs – Heartbleed Attack 2 127.0.0.1 www.heartbleedlabelgg.com 3 Lab Tasks Before working on the lab tasks, you need to understand how the heartbeat protocol works. The heartbeat protocol consists of two message types: HeartbeatRequest packet and HeartbeatResponse packet. Client sends a HeartbeatRequest packet to the server. When the server receives it, it sends back a copy of the received message in the HeartbeatResponse packet. The goal is to keep the connection alive. 3.1 Task 1: Launch the Heartbleed Attack In this task, students will launch the Heartbleed attack on our social network site and see what kind of damages can be achieved. The actual damage of the Heartbleed attack depends on what kind of information is stored in the server memory. If there has not been much activity on the server, you will not be able to steal useful data. Therefore, we need to interact with the web server as legitimate users. Let us do it as the administrator, and do the followings: • Visit https://www.heartbleedlabelgg.com from your browser. • Login as the site administrator. (User Name:admin; Password:seedelgg) • Add Boby as friend. (Go to More -> Members and click Boby -> Add Friend) • Send Boby a private message. After you have done enough interaction as legitimate users, you can launch the attack and see what information you can get out of the victim server. Writing the program to launch the Heartbleed attack from scratch is not easy, because it requires the low-level knowledge of the Heartbeat protocol. Fortunately, other people have already written the attack code. Therefore, we will use the existing code to gain first-hand experience in the Heartbleed attack. The code that we use is called attack.py, which was originally written by Jared Stafford. We made some small changes to the code for educational purposes. You can download the code from the lab’s web site, change its permission so the file is executable. You can then run the attack code as follows: $ ./attack.py www.heartbleedlabelgg.com You may need to run the attack code multiple times to get useful data. Try and see whether you can get the following information from the target server. • User name and password. • User’s activity (what the user has done). • The exact content of the private message. For each piece of secret that you steal from the Heartbleed attack, you need to show the screen-dump as the proof and explain how you did the attack, and what your observations are. SEED Labs – Heartbleed Attack 3 3.2 Task 2: Find the Cause of the Heartbleed Vulnerability In this task, students will compare the outcome of the benign packet and the malicious packet sent by the attacker code to find out the fundamental cause of the Heartbleed vulnerability. The Heartbleed attack is based on the Heartbeat request
Answered 5 days AfterOct 09, 2022

Answer To: Import the VM provided in the file MainDC.ova into your local Virtual Box lab. Make sure your own...

Deepak answered on Oct 14 2022
60 Votes
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here