CSC347 Introduction to Information Security
Assignment 3

Due:December 4, 2017 at 11:50 PM
Late penalty: 0% for 2 days, not accepted after that (so if you are swamped, hand in by the 6th)
Hand in: Electronic submit here, your zip file a3.zip
Marking: It is possible that some questions will not be marked.
Groups: Groups of size 2. Both students receive the same mark.

Network Security

Note

For this assignment you will be making extensive use of supplied virtual machines, DSL, FC4, Ubuntu804, WindowsXP and Kali on dh2020pc0[1-4] Please let me know ASAP if you have any problem running these. cd /virtual mkdir $USER cd $USER scp -r $USER@dh2020pc01.utm.utoronto.ca:/virtual/arnold/347NetworkSecurity.zip . unzip 347NetworkSecurity.zip rm 347NetworkSecurity.zip scp -r $USER@dh2020pc01.utm.utoronto.ca:/virtual/arnold/Kali-Linux-2017.2-vm-amd64.zip . unzip Kali-Linux-2017.2-vm-amd64.zip Things to remember: You will setup the following network: ------------------------------------------------------------------------------------------------- Private Side: VMNET8, 192.168.0.0/255.255.255.0 Ubuntu: 192.168.0.100 Serving web and mail to the private network sudo bash for root arnold/password Kali: IP (dhcp) root/toor WindowsXP: 192.168.0.33 csc347/password DSL: 192.168.0.75 (To put this on the private network, you will need to switch to VMNET8) Administrators machine sudo su for root Setup networking by DSL->Setup->Net Setup->netcardconf Make the firewall the default gateway. Make sure you choose the correct side of the firewall depending on where you put this on the network. That is, either 10.10.10.10, or in this case 192.168.0.10 NOTE: To boot DSL, change the settings so that it boots off the CD iso. You may have to change the path to directly point to the dslXXXX.iso. FC4 Firewall/Gateway: eth1: 192.168.0.10 eth0: 10.10.10.10 root/password see /etc/sysconfig/myFirewall.bash Public Side: VMNET1, 10.10.10.0/255.255.255.0 NOTE: To boot DSL, change the settings so that it boots off the CD iso. You may have to change the path to directly point to the dslXXXX.iso. DSL_10: 10.10.10.128 (you can switch the IP of this machine manually) DSL: 10.10.10.75 DSL: 10.10.10.33 (CEO) Initially you can set this to default gateway through 10.10.10.10, but eventually you should change this to gateway through 10.10.10.99, so the public side knows nothing about the private network, but that comes later.
  1. [2 Marks] (Kali) Use zenmap to perform a network footprinting exercise on the private (192.168.0.*) network. Report all services and versions running all systems inside the network. Submit the zenmap report.
  2. [5 Marks] (Kali) It seems that 192.168.0.100 should be vulnerable to this. Try to exploit it using metasploit, by following this video. msf commands: use exploit... show options set RHOST ... set PAYLOAD .... set ... exploit It doesn't work!! Fill out vuln.txt for this vulnerability and explain why.
  3. [15 Marks] (Kali) Your scan of the WindowsXP machine shows many open ports. Take a look at all of the open ports and determine if any of them present potential vulnerabilities, and if metasploit can exploit them. See for example: rapid 7, search the web etc. Fill out vuln.txt for each open port. If any of the services are exploitable, your script should use SET PAYLOAD windows/meterpreter/reverse_tcp to control the machine. Note: If you exploit the WinXP machine, you should restart it before further investigations.
  4. [10 Marks] (FC4/DSL/Ubuntu/...) Configure your FC4 firewall using IP tables (see the lecture notes for my example firewall scripts).
    1. The 10.10.10.* network is the public network. The 192.168.0.* is the private network. The public side knows nothing about the private network, so all public hosts access 10.10.10.10 only.
    2. Configure your firewall so that external http and smtp traffic can get to your web/mail server (the Ubuntu box).
    3. Allow 192.168.0.75 to ssh into the firewall. No other access into the firewall is permitted.
    4. Allow 10.10.10.75 (outside the local network) to ssh into the web/mail server by using port 2222 on the external side side of the firewall. This is the only external ssh access allowed into the web/mail server.
    5. You might want to check that no other IPs outside can ssh into the web/mail server and the firewall.
    6. The CEO has a windows box inside the private network (192.168.0.33). The CEO (with fixed IP 10.10.10.33) would like to have remote desktop access to his desktop. Configure your firewall so that this is the case. The CEO's windows machine should have RDP restricted so that only their external machine can connect (discuss what should be done to make sure this is the case). On the DSL machine, execute rdesktop.
    7. Sid, would also like RDP access to his windows box (with fixed IP 192.168.0.37) from his home at fixed IP 10.10.10.211. Can IP tables be used to do this as well? What if we want both to use the same RDP port on the firewall? No access to any services from 10.10.10.128 should be allowed.
    8. All machines inside the private network have their default route set to 192.168.0.10. All external machines know nothing about the internal network. Their default route can be set to 10.10.10.99 (a non-real machine).
    9. Finally, imagine that the only routable IP is 10.10.10.10. All internal machines should share this IP for internet traffic.

    Submit your firewall script annotated so that it is clear which parts of your script accomplish which parts of this question.

  5. [4 Marks] I used wireshark to sniff a bit of traffic on my network. Take a look at the wiresharkCapture
    1. Report everything you know about my network and its systems.
    2. Riddle: Whats the question? Whats the answer?
  6. [0 Marks] (Not worth any marks, but good practice) Explore the network as follows:

Questions and Answers

Question:
I can't get Kali onto VMNET8
Answer:
If you downloaded before 2017-11-30 5:30 PM, then replace this file. Otherwise the new version of Kali appearing in pc01-pc04 have the new config file. That is, something similar to mv Kali-Linux-2017.2-vm-amd64.vmx /virtual/$USER/Kali-Linux-2017.2-vm-amd64
Question:
It appears that there is a conflict on DSL and WinXP on 192.168.0.33
Answer:
DSL_192 should be 192.168.0.75, fixed above.