DOC PREVIEW
GT ECE 4112 - Lab2: Password Cracking, Network Sniffing

This preview shows page 1-2-3-4-5-6-7-8-9-61-62-63-64-65-66-67-68-123-124-125-126-127-128-129-130-131 out of 131 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 131 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 131 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 131 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 131 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 131 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 131 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 131 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 131 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 131 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 131 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 131 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 131 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 131 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 131 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 131 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 131 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 131 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 131 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 131 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 131 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 131 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 131 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 131 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 131 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 131 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 131 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 131 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

1 ECE4112 Lab 2 Lab2: Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks (VPN) Group Number: _________ Member Names: ___________________ _______________________ Date Assigned: January 24, 2012 Date Due: February 2, 2012 Please read the entire lab and any extra materials carefully before starting. Be sure to start early enough so that you will have time to complete the lab. Answer ALL questions in the Answer Sheet and be sure you turn in ALL materials listed in the Turn-in Checklist on or before the Date Due. Goal: This lab will introduce you to network security issues involving password cracking, sniffing, and Man-in-the-Middle attacks. Summary: This lab consists of two sections. In Section 1 you will be experimenting with some of the password cracking tools available for Windows and Linux, and you will also be using ethereal to sniff the network connection between your Linux and Windows boxes. Finally, in section 2, you will learn to use ARP and ettercap tools to perform a Man-in-the-Middle attack. In section 3 you will learn about virtual private networks (VPNs) and among other things, you will learn VPNs can prevent man in the middle attacks Background: Read “Hacking Exposed” Chapters 4 and 5 Prelab: To gain basic knowledge about ARP cache in Windows: 1. Find any windows machine (outside the lab is OK) and open the command prompt. 2. Type “arp”. This is the help screen on how to use ARP in windows. There are some example usages as can be seen on the last 2 lines of the help screen. Read about various flags that show up in the arp description. 3. Type “arp –a” in the prompt to display the ARP table. Note that the table stores 3 things per entry: internet address (IP), physical address (MAC address) and whether the entry is static or dynamic. Please take a quick look at the appendices so you are aware of what is in them. Lab Scenario: This lab requires the use of four machines on the same network: 1. RedHat Host Machine 2. RedHat 7.2 Virtual Machine 3. RedHat 7.2 Copy Virtual Machine2 4. Windows XP Virtual Machine Section 1 1.1. Installing and Using L0phtCrack on the Windows XP System Virtual Machine Take a look at http://www.eweek.com/c/a/Security/Symantec-Pulls-Plug-on-L0phtCrack/ to note that this tool is no longer sold as of March 3, 2006 and also to get an idea of its history and why it was pulled from the market by Symantec. This web site says that other available tools now include John the Ripper, RainbowCrack and Cain and Abel. To crack passwords on the Windows system, we will be using a program called L0phtCrack. We will be using a trial version of this software that is valid for 15 days. Obtain the installation file from the Tools on the NAS server. You should have copied the Windows directory under Tools to your drive already. If not, the steps are outlined below. Select Start->Run Type \\57.35.6.10\secure_class The username and password are both secure_class. Under the Windows directory, double-click on the “lc4setup” program. Run through the install program and do a “typical” install. Keep the default values for location where the program will be installed and what will be added to the Start Menu. How to create additional user accounts: For the exercises, you will need to create four new user accounts. Create account one with a simple word as the password. Create account two with a long word. Create a third account with a word that has additional characters added on to the end of it. In the fourth account, use a password that is random characters and numbers. The following steps should be followed for creating the user accounts: 1) Open up the Control Panel and click on User Accounts 2) Click on “Create a New Account” 3) Type in a name for this account and press Next 4) Check the circle next to Limited so that we create a limited account and click Create Account. 5) Repeat steps 2 through 4 and create 3 additional user accounts. 5) Click on “Change an Account” 6) Click on the first account you created 7) Click on “Create a password” 8) Type in a password based on the guidelines listed in above (e.g. if this is the first account, create a short password). Re-type the password and then click Create Password. 9) Click on Change Another Account 10) Repeat steps 6 through 9 for each account that you’ve created.3 Running L0phtCrack: 1) Select Lc4 from the Start Menu to start L0phtCrack. The Lc4 wizard should start up. Click Next 2) Select “Retrieve from local machine” and click Next 3) Select “Common password audit” and click Next 3) Select all the options on this screen and select Next 4) Check that all the options you selected are displayed here and then click Finish This should start L0phtcrack running. However, note that since this is a trial version, the brute force functionality does not work. Hence, the more complicated passwords might not be cracked. Of course, this is the beauty of having random passwords since it requires a long time for hackers to crack them. Q1.1.1. Fill in the table provided in the answer sheet. Note: You can detach the answer sheet provided at the end of the lab and fill it in as you go along. Deleting user accounts: Once you are done with the exercise, you should delete the user accounts that you created on your system (just a good security precaution). Follow the steps below to do this: 1) Open up the Control Panel and click on User Accounts 2) Click on one of the accounts you have created. 3) Click on “Delete the account” 4) Click on “Delete files” 5) Click on “Delete account” 6)Repeat steps 2 through 5 for each account that you created. Several other windows password cracking tools are just a Google search away. One of them is Cain and Abel (http://www.oxid.it). Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kinds of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weaknesses present in protocol's standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and


View Full Document

GT ECE 4112 - Lab2: Password Cracking, Network Sniffing

Documents in this Course
Firewalls

Firewalls

40 pages

Firewalls

Firewalls

126 pages

Load more
Download Lab2: Password Cracking, Network Sniffing
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Lab2: Password Cracking, Network Sniffing and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Lab2: Password Cracking, Network Sniffing 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?