Week 3 Lab 4

TASK 1:

In this task we used the windows 7 terminal command line to remotely connect to the windows 2k3 terminal and use that machine from the windows 7 machine. We did this by using the TELNET feature and by doing this we added a text file into the system and also created a new user with these commands.

1. What command can be used to show an active TELNET connection?


netstat -an | findstr 23 and the ip address connected with will say established.


2. What is the command that can be used to display files on a remote system when an administrator is connected via a TELNET session?


dir when connected to the telnet session.


3. How can you create a file on a remote system during a TELNET session?


echo with a  > in the command


4. What command can be used to determine if a remote system is running TELNET?
You use ipconfig to determine the address of the port then nmap "insert address" -p 23 to see if port 23 is open for telnet to be used.



TASK 2:




In this task we used the windows 7 terminal on the ssh port to connect to the Linux terminal by using the putty program as windows cannot use the ssh client on its own. We then used this program to connect to the Linux terminal, create a text files again and crate a user again. The main difference between the two machines is that the Linux machine is encrypted unlike the windows machine with displays information in clear text.

1. What port does Secure Shell use?

port 22

2. Is there a native SSH client or server on Microsoft Windows system?

No the system has to use imported programs such as putty to access this client.

3. What is the file in Linux that contains the password hash?

The Shadow file.

4. What are two methods that can be used for creating a file during a remote secure shell (SSH)
connection within Linux?


echo or the vi editor.



TASK 3:


In this task we used wireshark to view the connection between the terminals and see the difference between the Telnet and ssh clients. What was easily visible in the telnet communication was the password and login name used by the windows 2k3 terminal, however the ssh client wasn't in clear text and the communication was encrypted.

1. 0.61


2. There are no results on the frame contains shadow pane because the Linux system where the passwords are contained is the shadow file and so they are hidden on the ssh port. They can only be accessed directly on the Linux command system.


3. Administrator


4. securityplus.txt

Week 4 Lab 8

TASK 1:

In this task we used the windows 7 command prompt to access the windows 2k3 terminal and view files of that terminal. We also set up a mapping network and created a txt file within the windows 2k3 directory and viewed the text of that file. We then deleted the mapping network that we created.

1. What is the command to view your workgroup?

net config workstation allows you to see your work group next to the workstation domain panel.

2. What is the command to enumerate all of the domains on the network?

net view/domain

3. What is the command to map a drive?

net use x: \\win2k3dc\sysvol

4. What is the name of the share that will give you access to all resources on the remote machine?

change the drive to the x drive and the x:\>dir



TASK 2:

In this task we used PSEXEC program to so commands on the remote windows 2k3 system. Using this we created a text file with hello world in it, viewed that text, created a Y map drive and also deleted that drive after.

1. From where do you get the PSEXEC command?

You have to download it as it is not native to the windows command prompt.

2. Do you need to provide credentials when using PSEXEC?

If the IPC$ share is mapped, there is no need to provide credentials when you use the PSEXEC command and we mapped it in the last task. However it can be mapped with the login name and password.

3. What is the command to share a folder on your C: drive called share?

net share share=c:\share

4. What does an error code of 0 indicate when you are using PSEXEC?

That the command was completed successfully.


TASK 3:

In this task we used the PSEXEC command to access the windows 2k3 terminal to start and stop services using the net commands and also to instal and uninstall services by using the sc command. Using the sc command we stopped the internet service on the 2k3 terminal and then started it again.

1. What is the net command to stop the Windows Update Service?

net stop "Automatic Update"

2. What is the sc command to get the list of services on a remote machine

sc \\win2k3dc query | more

3. What is the sc command to stop the W3SVC service on a remote system?

sc \\win2k3dc stop w3svc

4. What is the sc command to start the W3SVC service on a remote system?

sc \\win2k3dc start w3svc

Lab 2 week 2 semester 2

Task 1:

In this task we had to use the back track Apache system to view things that were downloaded on the internet browser using the wget download or the internet browser download itself. We then used wireshark in the the backtrack system to view the files that had been downloaded from the windows terminal.

1. What is the command to check to see if the web server is running on Linux?

The command to see if the server is running is netstat -tan | grep 80

2. How do you parse HTTP objects out of Wireshark?

In wireshark you go to file export objects HTTP to view the objects downloaded.

3. How can you display all of the options for the wget command?

wget --help displays all the options available.

4. What does HTTP stand for and what port does it use?

HTTP stands for Hyper Text Transfer Protocol and it uses port 80.


Task 2:

We connected to the FTP server through the back track device and downloaded the windows background as a binary file to our system, we then had to change the settings to allow us to upload a picture. We then uploaded the file or the backtrack back ground to the windows system.

Back track background on the windows terminal

1. What are the two ports that FTP uses?

20 and 21.

2. What is the command to upload a file to an FTP server?

FTP put with the file name.

3. Which ftp command should be used before uploading a picture file?

FTP bin to change it to binary.

4. What is the default directory where Windows FTP files are stored?

On the ftproot in inetpub.


Task 3:

In this task we used the back track system to copy a picture of the camo background to the redhat terminal.

1. What port does SSH and SCP use by default?

port 22.

2. What does SCP stand for?

Secure Copy Protocol.

3. How is SCP different from the FTP protocol?

Sends the information not in clear text but is encrypted

4. What benefits does using SCP provide over other protocols?

The benefits of using this over FTP are that this is the secure way of sending files to each other.

Lab 1 week 1 semester 2

Task 1:

The first thing needed to do in the lab was connect to all of the virtual machines and apps. We then used the Linux sniffer to watch the two networks, one on the ip 192.168.100.5 and the other with the ip 10.10.19.202 this then meant we had to set up the sniffer to use these two networks to intercept the data and receive packages from each line. To do this we sent pings from one machine to the other and the sniffer received these pings at the same time as the other machine. We then used the wire shark in order to view the intercepted packages.

This shows the packages received by the sniffer

1. Does a network interface on a sniffer machine require an IP Address?

No, the sniffer doesn't require an IP address, it wants to remain invisible to the other machines in order to intercept messages undetected.

2. In what mode does a sniffer’s network interface operate?

The sniffer operates in promiscuous mode.

3. How do you determine available switches for tcpdump?

The command --help shows the switches.

4. How can you display all of the network interfaces in Linux?

The command ifconfig -a views all the available interfaces on the system.

Task 2:

This task we used the sniffer and wire shark to view the user name and password of the person logging onto the windows 7 terminal and the back attack 4 terminal using both sides of the networks. We used wireshark to start a connection with the line and then filter the packages received to ftp to get the username and password in clear text.  

1. Do FTP usernames and passwords appear in clear text?

They do when intercepted by wireshark on the Linux sniffer.

2. How do you choose the interface to capture on within Wireshark?

You select capture, interfaces and then select eth0 or eth1 depending what line you want to view.

3. How do you filter for a certain protocol within the Wireshark program?

There is a filter bar at the top which you type into, for example ftp.

4. How do you open the Wireshark program from the terminal in Linux?

Type Wireshark into the root@bt bar.


Task 3:

Task three we had to open network miner, start the program on a certain line, then view two internet pages. We then stopped the miner and viewed the files it had captured. When the files were opened, they were the two pages that were viewed on the internet which were captured.

1. What kind of tool is Network Miner?

Network Miner is a network forensic analysis tool, which can capture images and files.

2. On what operating systems will the Network Miner program run?

It runs on windows operating systems.

3. How do you parse out web pages of visited sites in Network Miner?

You go to the files tab and then open the available information there.

4. What needs to be configured within Network Miner prior to capturing data?

The network adapter need to be configured to the right network connection.