CprE231_Lab10_Jacob_Boicken

.pdf

School

Iowa State University *

*We aren’t endorsed by this school

Course

231

Subject

Computer Science

Date

Apr 3, 2024

Type

pdf

Pages

3

Uploaded by MasterSalamanderPerson1036 on coursehero.com

Jacob Boicken 1 Lab 10 Host discovery (3 points per row; 15 total points ) Host Machines IP Address Open Ports/Services Operating System Ambulance Laptop 42.49.30.158 135: msrpc 139: netbios-ssn 445: microsoft-ds 3389: ms-wbt-server 49664: unknown 49665: unknown 49666: unknown 49667: unknown 49671: unknown 49672: unknown 49674: unknown Windows 10 Reception Desktop 42.49.30.152 135: msrpc 139: netbios-ssn 445: microsoft-ds 3389: ms-wbt-server 49668: unknown Windows 10 Clinician Desktop 42.49.30.154 135: msrpc 139: netbios-ssn 445: microsoft-ds Windows XP Web Server 42.49.30.150 22: ssh 8000: http-alt 44245: telnet Ubuntu 18 Database 42.49.30.156 None Ubuntu 20
Jacob Boicken 2 Exploiting the machines (9 points per row; 45 total points Host Machines How did you gain access? What specific harm could be done? How can you remediate it? Ambulance Laptop I was able to dump the hashes of user credentials on the reception desktop. This allowed me to gain access to the Ambulance laptop by sending Tom’s hashed password to login through SMB, called passing the hash. I was able to view a list of reports containing information about paramedics responding to incidents. This information could be used to blackmail patients if tracked back to them. Since I was able to dump hashes on the reception desktop, one fix would be to reduce admin privileges on that device to only needed users. As well, utilizing NTLMv2 instead of LM/NTLM will prevent passing the hash from working. Finally, if Windows SMB service is not needed on the Ambulance laptop, it could be disabled. Reception Desktop I was able to gain access through remote desktop on the reception desktop, because the user Rachel’s password was weak and easily guessable. I was able to gain access to a list of HR records that contained employee addresses, emails, and phones. Using this information, I could phish these internal workers, among other crimes. Since the user’s password was simple and easy to guess, it should be set so that passwords must meet complexity requirements by editing the group policy in Windows. Clinician Desktop I was able to gain admin privileges and shell access to the clinician desktop by exploiting a remote code execution labeled as MS08-067. It affects Windows RPC on Windows 2000 through 2008. I was able to gain access to a list of patient data that includes their smoking habits, used medicine, and phone numbers. This information can be used against the patients by vishing them or other crimes. Since the clinician desktop is running Windows XP with an unpatched RPC service, I was able to exploit the RPC. To remediate this, installing the patch Windows put for the RPC service would prevent this. As well, another option is to update the machine to the latest version of Windows as XP is EoL. Web Server I was able to gain root access to the web server by connecting to the through SSH. It automatically logged me in as root with no password prompt. As well, hidden within the main page and going /llehs to the url there is a root access web shell within the application. I was able to access a json file that would contain a list of user credentials and a file showing a database at 42.49.30.202 with an admin username that has no password. I could login as any after decrypting the passwords using the available python script. As well, I could compromise the database storing the logins. Since I am able to gain root access through ssh and hidden webshells, modifying the sshd configuration to prevent root login and empty passwords would prevent this. Then, the root user & all users should be given strong passwords. As well, clearing out the web shells from the web page will prevent remote access through the web service. Database With physical access to the database, I booted a live Kali image and mounted the database’s hard drive. Then, I could read and modify all information on the drive. With physical access, I was able to gain access to a file userdata.ibd in the database that contained a list of people’s names, attached to SSNs and card numbers. I could sell this information or commit credit card fraud and identity theft against these users. Since I had physical access to the database and was able to mount the hard drive on a live image, a remediation for this would be full disk encryption on the hard drive. This would prevent me from mounting the drive without knowing its key/password. As well, since I could read the database’s data, its information should be encrypted as well.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Related Questions
Question 8 Network Address Translation (NAT) is method of remapping an IP address to a machine's physical address. O True O False Question 9 Routing algorithm determines end-to-end path through network. True O False Question 10 Dynamic Host Configuration Protocol (DHCP) allows host to dynamically obtain its MAC address from server when it joins a network. O True False
Number of needed usable hosts Network Address : 6Address class : 126.0.0.0Total number of subnets :Total number of host addresses :Number of usable addresses :Number of bits borrowed :What is the 2nd subnet range?What is the subnet number for the 5th subnet?What is the subnet broadcast address for the 7th subnet?What are the assignable addresses for the 10th :
Identify the address type for the following IPV6 addresses. i. :1/128 ii. ff02:1 ii. 2001:660:7307:6666:3797:f3f4:7500:24b6/64 iv. fda9:44c3:2f5e::10/64 fe80:5054:ff:fe20:1506/64 V.
Discuss the concept of NAT (Network Address Translation) and its use in private and public IP addressing.
Match the following port numbers with their uses :(a) 23 (i) World wide web(b) 25 (ii) Remote Login(c) 80 (iii) USENET news(d) 119 (iv) Emailcode (a)  (b)  (c)  (d) a. (iv)   (i)  (ii)  (iii) b. (ii)   (i)  (iv)  (iii) c. (ii)   (iv)  (iii)   (i) d. (ii)  (iv)   (i)     (iii)
71. Total number of layers in a Internet Protocol Stack are a. 7 b. 6 c. 5 d. 4
The physical path by which a message travels from sender to receiver * Transmission Medium Standards Network Architecture Protocols A telegraph multiplexer, which allowed signals from up to six different telegraph machines to be transmitted simultaneously over a single wire was invented by: Guiglielmo Marconi Emile Baudot Heinrich Hertz Samuel Morse
Private network addresses—why? Can a private network datagram ever appear on the public Internet? Explain.
Identify the default subnet mask and CIDR value for the IP address 13.75.137.90 •Please solve it with steps
QUESTION 57 Link layer uses IP for source and destination addresses   True False     QUESTION 58 SHA-1 is a Cryptographic hash function True False     QUESTION 59 CRC is a cryptographic hash function True False
Block Address: 192.168.16.0/24 Pont to Point Link WAN1 Usable #of Hosts: 2 Users LANG: Usable #of Hosts: 25 Network Address: ? LAN1 Usable #of Hosts: 100 Users Network Address: ? Point to Point Link WANZ Usable #of Hosts: 2 Users LANZ: Usable #of Hosts: 50 Network Address: ? The network given in the above figure consists of three local area networks and two wide area networks are connected with two serial links. With an ID range 192.168.16.0/24, design an IP plan for this network. Find the network address and broadcast address, and subnet mask for each network.
SaaS Architecture: • What does a client need in order to be able to contact a webserver? • What is an IP address? • Why is a port number necessary? • What is the system that makes it possible to contact web servers via friendly names instead of IP addresses? • What is the difference between an HTTP route and a URL/URI? • What are cookies and why are they useful? • What are common examples of HTTP clients? • What does REST stand for? • Who was REST invented by? • REST thinks about things in terms of [blank] and operations on those [blank]. • Know how to implement URLS for standard Create, Read, Update, and Delete Operations using REST.
IPV6 TUNNELING AND ENCAPSULATION Consider the network shown below which contains four IPV6 subnets, connected by a mix of IPV6-only routers(shaded blue), IPV4-only routers (shaded red) and dual-capable IPV6/IPV4 routers (shaded blue with red interfaces to IPV4 routers). Suppose that a host of subnet D wants to send an IPV6 datagram to a host on subnet A. Assume that the forwarding between these two hosts goes along the path: D --> E -> d--> c --> a --> C -->A 4FB4:297e:962F:179: 46a6:0:ACe:6F28 IPV6 subnet F 31.148.34. 160 67.74. 20. a b F 16.224,99.241 62.15. 168. 10L A D IPV6/v4 IPV4 IPV6/v4 IPV6 subnet D IPV4 IPV6 subnet A IPV6 101.20.229.229 E IPV6 135. 11.212.12 IPV6 IPV6/v4 IPV4 IPV4 IPV6/v4 subnet B 4.42.20T.201 C314:2371ISR31IE4C6:BEBF1351BI 958TIFIED What is the destination address of the D to E datagram? 4985:E8B9:6716:3F35:BF52:5ADE:113A:F5A3 C314:2371:5A31:E4CE:BEBF:351B:95B7:F4ED C911:AA28:691D:57DE:4117:3619:5867:8848 O 8AB4:568F:BDF5:3B61:CFD8:AE58:8562:6969
In peer to peer architecture the server has a permanent address and is always on to serve client A True B False
Block Address: 192.168.16.0/24 Pont to Point Link WAN1 Usable #of Hosts: 2 Users LAN3: Usable #of Hosts: 25 Network Address: ? LAN1 Usable #of Hosts: 100 Users Network Address: ? Point to Point Link WANZ Usable #of Hosts: 2 Users LANZ: Usable #of Hosts: 50 Network Address: ? The network given in the above figure consists of three local area networks and two wide area networks are connected with two serial links. With an ID range 192.168.16.0/24, design an IP plan for this network. Find the network address and broadcast address, and subnet mask for each network.
What is a private network's Internet address? Should a datagram with a private network's address ever appear on the public Internet? Explanation.
Explore the concept of NAT (Network Address Translation) and its role in optimizing IP address usage.
SEE MORE QUESTIONS
Recommended textbooks for you
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Text book image
LINUX+ AND LPIC-1 GDE.TO LINUX CERTIF.
Computer Science
ISBN:9781337569798
Author:ECKERT
Publisher:CENGAGE L
Text book image
MIS
Computer Science
ISBN:9781337681919
Author:BIDGOLI
Publisher:Cengage
SEE MORE TEXTBOOKS
Related Questions
SEE MORE QUESTIONS
Recommended textbooks for you
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Text book image
LINUX+ AND LPIC-1 GDE.TO LINUX CERTIF.
Computer Science
ISBN:9781337569798
Author:ECKERT
Publisher:CENGAGE L
Text book image
MIS
Computer Science
ISBN:9781337681919
Author:BIDGOLI
Publisher:Cengage
SEE MORE TEXTBOOKS