IFSM 430 Lab exercise Cuckoo's Egg: telnet to the Linux server and login with the ifsm430 account. Wait until I give the signal. Use the 'who' command to who's logged on. How many logins: _______ What are the different users that are logged in: ___________________ Where did user guest login from: ___________________ Use the 'ps aux' command to list all processes in the system. A process is an executing program. Every process has an owner (USER), a unique id (PID), a COMMAND which is the program that the process is executing, and other attributes. What is user guest doing: ____________________ Hold down the Ctrl Shift and Esc keys simultaneously to bring up Windows Task Manager. Click on Processes to see the processes in your Windows. How many processes are there now: _______________ Select the line with explorer.exe and click "End Process" and then Yes. What happens: _____________________________________ That was the process running the GUI desktop. Click Applications and New Task and type explorer to get a new desktop. How many attempts at logging in are allowed? Use 'telnet 192.168.0.197' to start the login, give ifsm430 as the user but then give a wrong password, repeat until the telnet command terminates. Number of login attempts allowed: ________ Use the 'whois' command to do an Internet lookup of a domain name. Stoll's use of 'whois wsmr' is obsolete; we won't get what he got. 'whois umuc.edu' will list who registered this domain. What is the email address of the administrative contact for this domain: __________ Do not do this next command if the sight of four-letter words are offensive to you. 'whois microsoft.com' will show domain names that contain "microsoft.com". People have spent money to officially register these domains. To get the actual information we want, do 'whois =microsoft.com' What's the telephone number of the technical contact for Microsoft: _______________ 'more /etc/passwd' displays the so-called password file (actually the passwords are not in this file anymore but it's still called the password file). Each system user has a one line record in this file. The format is: username:x:userID:groupID:realname:home directory:login shell What userid is the ifsm430 user: _______ Most of the usernames aren't actual people users, they're system accounts for running various services: user apache runs the web server, user mysql runs the MySQL database, you saw these in the 'ps aux' output. These "users" can't login. System administrator is "root". What is root's userid: _______ This userid defines the administrator, the name root is just the traditional name for this account. So where's the passwords? In the /etc/shadow file. 'more /etc/shadow' What happens: ___________________________ The permissions are set so that only root can see the file contents, so that password cracking attempts don't have the encrypted passwords. But for educational purposes there is a shadow_example file that contains two lines from the real shadow file: 'more /etc/shadow_example' !! means the account is disabled for login. The long string of characters is the encrypted password. When you login, the password you type is encrypted and then compared with your entry in the shadow file. The cleartext password is not stored on the system. 'mkpasswd' will generate a random password. Do the command 3 times and choose the password you like the best (or dislike the least): __________________ These are not really good passwords because it's impossible to remember them so they will be written down and thus vulnerable. 'gpw' will generate pronouncable random passwords. Run the command and choose your two favorites:_______________________________ The lack of digits and punctuation symbols make these only so-so security-wise. 'gpw 5 12' will generate 5 passwords of length 12. Read the treasure file and follow its instructions. What system are you telneting to: ____________________ From that system you went to :_________________ What does the potofgold file say: ___________________________ Encryption. We'll use GnuPG which is a free version of PGP. I've already initialized it for the ifsm430 account and created a public-private key pair. The private key is protected by a passphrase, meaning the passphrase must be entered to enable use of the private key. There's a subdirectory in the ifsm430 home directory with your name. 'cd thatname' to change to that directory. 'more hello' to see the file that will be encrypted. 'gpg -e hello' encrypts the file using a 1024 bit public key and the El Gamal public (asymmetric) key encryption algorithm, creating a file with ".gpg" appended to name. 'more' that file results in: _____________________________________ Decrypt the encrypted hello.gpg by 'gpg -d hello.gpg' you'll be prompted for the passphrase which is "hellothisismypassphrase". The decrypted contents are spewed on to the screen. To decrypt to a file do 'gpg -do arfarf hello.gpg' and then more the arfarf file, resulting in: _______________________________________ OS fingerprinting. On Linux use the nmap2 command to do an nmap scan including determining what the operating system of the target system is. 'nmap2 localhost' OS is :______________________________________ 'nmap2 yourPC'sIP' OS is :______________________________________ 'nmap2 192.168.0.1' (default gateway) OS is :_______________________________ 'nmap2 192.168.0.205 OS is :______________________________________