CprE231_Lab10_Jacob_Boicken
.pdf
keyboard_arrow_up
School
Iowa State University *
*We aren’t endorsed by this school
Course
231
Subject
Computer Science
Date
Apr 3, 2024
Type
Pages
3
Uploaded by MasterSalamanderPerson1036 on coursehero.com
Jacob Boicken 1
Lab 10
Host discovery
(3 points per row;
15 total points
)
Host Machines
IP Address
Open Ports/Services
Operating System
Ambulance Laptop
42.49.30.158
135: msrpc
139: netbios-ssn
445: microsoft-ds
3389: ms-wbt-server
49664: unknown
49665: unknown
49666: unknown
49667: unknown
49671: unknown
49672: unknown
49674: unknown
Windows 10
Reception Desktop
42.49.30.152
135: msrpc
139: netbios-ssn
445: microsoft-ds
3389: ms-wbt-server
49668: unknown
Windows 10
Clinician Desktop
42.49.30.154
135: msrpc
139: netbios-ssn
445: microsoft-ds
Windows XP
Web Server
42.49.30.150
22: ssh
8000: http-alt
44245: telnet
Ubuntu 18
Database
42.49.30.156
None
Ubuntu 20
Jacob Boicken 2
Exploiting the machines
(9 points per row;
45 total points
Host
Machines
How did you gain
access?
What specific harm could be
done?
How can you remediate it?
Ambulance
Laptop
I was able to dump the
hashes of user
credentials on the
reception desktop. This
allowed me to gain
access to the Ambulance
laptop by sending Tom’s
hashed password to login
through SMB, called
passing the hash.
I was able to view a list of reports
containing information about
paramedics responding to
incidents. This information could be
used to blackmail patients if
tracked back to them.
Since I was able to dump hashes on
the reception desktop, one fix would be
to reduce admin privileges on that
device to only needed users. As well,
utilizing NTLMv2 instead of LM/NTLM
will prevent passing the hash from
working. Finally, if Windows SMB
service is not needed on the
Ambulance laptop, it could be disabled.
Reception
Desktop
I was able to gain access
through remote desktop
on the reception desktop,
because the user
Rachel’s password was
weak and easily
guessable.
I was able to gain access to a list of
HR records that contained
employee addresses, emails, and
phones. Using this information, I
could phish these internal workers,
among other crimes.
Since the user’s password was simple
and easy to guess, it should be set so
that passwords must meet complexity
requirements by editing the group
policy in Windows.
Clinician
Desktop
I was able to gain admin
privileges and shell
access to the clinician
desktop by exploiting a
remote code execution
labeled as MS08-067. It
affects Windows RPC on
Windows 2000 through
2008.
I was able to gain access to a list of
patient data that includes their
smoking habits, used medicine,
and phone numbers. This
information can be used against
the patients by vishing them or
other crimes.
Since the clinician desktop is running
Windows XP with an unpatched RPC
service, I was able to exploit the RPC.
To remediate this, installing the patch
Windows put for the RPC service
would prevent this. As well, another
option is to update the machine to the
latest version of Windows as XP is
EoL.
Web Server
I was able to gain root
access to the web server
by connecting to the
through SSH. It
automatically logged me
in as root with no
password prompt. As
well, hidden within the
main page and going
/llehs to the url there is a
root access web shell
within the application.
I was able to access a json file that
would contain a list of user
credentials and a file showing a
database at 42.49.30.202 with an
admin username that has no
password. I could login as any after
decrypting the passwords using the
available python script. As well, I
could compromise the database
storing the logins.
Since I am able to gain root access
through ssh and hidden webshells,
modifying the sshd configuration to
prevent root login and empty
passwords would prevent this. Then,
the root user & all users should be
given strong passwords. As well,
clearing out the web shells from the
web page will prevent remote access
through the web service.
Database
With physical access to
the database, I booted a
live Kali image and
mounted the database’s
hard drive. Then, I could
read and modify all
information on the drive.
With physical access, I was able to
gain access to a file userdata.ibd in
the database that contained a list
of people’s names, attached to
SSNs and card numbers. I could
sell this information or commit
credit card fraud and identity theft
against these users.
Since I had physical access to the
database and was able to mount the
hard drive on a live image, a
remediation for this would be full disk
encryption on the hard drive. This
would prevent me from mounting the
drive without knowing its key/password.
As well, since I could read the
database’s data, its information should
be encrypted as well.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Related Questions
Number of needed usable hosts Network Address : 6Address class : 126.0.0.0Total number of subnets :Total number of host addresses :Number of usable addresses :Number of bits borrowed :What is the 2nd subnet range?What is the subnet number for the 5th subnet?What is the subnet broadcast address for the 7th subnet?What are the assignable addresses for the 10th :
arrow_forward
Question 8
Network Address Translation (NAT) is method of remapping an IP address to a machine's physical
address.
O True
O False
Question 9
Routing algorithm determines end-to-end path through network.
True
O False
Question 10
Dynamic Host Configuration Protocol (DHCP) allows host to dynamically obtain its MAC address
from server when it joins a network.
O True
False
arrow_forward
Identify the address type for the following IPV6 addresses.
i. :1/128
ii. ff02:1
ii.
2001:660:7307:6666:3797:f3f4:7500:24b6/64
iv. fda9:44c3:2f5e::10/64
fe80:5054:ff:fe20:1506/64
V.
arrow_forward
71.
Total number of layers in a Internet Protocol Stack are
a.
7
b.
6
c.
5
d.
4
arrow_forward
Discuss the concept of NAT (Network Address Translation) and its use in private and public IP addressing.
arrow_forward
Match the following port numbers with their uses :(a) 23 (i) World wide web(b) 25 (ii) Remote Login(c) 80 (iii) USENET news(d) 119 (iv) Emailcode (a) (b) (c) (d)
a.
(iv) (i) (ii) (iii)
b.
(ii) (i) (iv) (iii)
c.
(ii) (iv) (iii) (i)
d.
(ii) (iv) (i) (iii)
arrow_forward
The physical path by which a message travels from sender to receiver *
Transmission Medium
Standards
Network Architecture
Protocols
A telegraph multiplexer, which allowed signals from up to six different
telegraph machines to be transmitted simultaneously over a single wire
was invented by:
Guiglielmo Marconi
Emile Baudot
Heinrich Hertz
Samuel Morse
arrow_forward
Identify the default subnet mask and CIDR value for the IP address 13.75.137.90 •Please solve it with steps
arrow_forward
Private network addresses—why? Can a private network datagram ever appear on the public Internet? Explain.
arrow_forward
SaaS Architecture:
• What does a client need in order to be able to contact a webserver?
• What is an IP address?
• Why is a port number necessary?
• What is the system that makes it possible to contact web servers via friendly names instead of IP
addresses?
• What is the difference between an HTTP route and a URL/URI?
• What are cookies and why are they useful?
• What are common examples of HTTP clients?
• What does REST stand for?
• Who was REST invented by?
• REST thinks about things in terms of [blank] and operations on those [blank].
• Know how to implement URLS for standard Create, Read, Update, and Delete Operations using
REST.
arrow_forward
Block Address: 192.168.16.0/24
Pont to Point Link
WAN1
Usable #of Hosts: 2 Users
LANG:
Usable #of Hosts: 25
Network Address: ?
LAN1
Usable #of Hosts: 100 Users
Network Address: ?
Point to Point Link
WANZ
Usable #of Hosts: 2 Users
LANZ:
Usable #of Hosts: 50
Network Address: ?
The network given in the above figure consists of three local area networks and
two wide area networks are connected with two serial links. With an ID range
192.168.16.0/24, design an IP plan for this network. Find the network address and
broadcast address, and subnet mask for each network.
arrow_forward
In peer to peer architecture the server has a permanent address and is always on to serve
client
A
True
B False
arrow_forward
QUESTION 57
Link layer uses IP for source and destination addresses
True
False
QUESTION 58
SHA-1 is a Cryptographic hash function
True
False
QUESTION 59
CRC is a cryptographic hash function
True
False
arrow_forward
What is a private network's Internet address? Should a datagram with a private network's address ever appear on the public Internet? Explanation.
arrow_forward
IPV6 TUNNELING AND ENCAPSULATION
Consider the network shown below which contains four IPV6 subnets, connected by a mix of IPV6-only routers(shaded
blue), IPV4-only routers (shaded red) and dual-capable IPV6/IPV4 routers (shaded blue with red interfaces to IPV4 routers).
Suppose that a host of subnet D wants to send an IPV6 datagram to a host on subnet A.
Assume that the forwarding between these two hosts goes along the path:
D --> E -> d--> c --> a --> C -->A
4FB4:297e:962F:179: 46a6:0:ACe:6F28
IPV6
subnet F
31.148.34. 160
67.74. 20.
a
b
F
16.224,99.241
62.15. 168. 10L
A
D
IPV6/v4
IPV4
IPV6/v4
IPV6
subnet D
IPV4
IPV6
subnet A
IPV6
101.20.229.229 E
IPV6
135. 11.212.12
IPV6
IPV6/v4
IPV4
IPV4
IPV6/v4
subnet B
4.42.20T.201
C314:2371ISR31IE4C6:BEBF1351BI 958TIFIED
What is the destination address of the D to E datagram?
4985:E8B9:6716:3F35:BF52:5ADE:113A:F5A3
C314:2371:5A31:E4CE:BEBF:351B:95B7:F4ED
C911:AA28:691D:57DE:4117:3619:5867:8848
O 8AB4:568F:BDF5:3B61:CFD8:AE58:8562:6969
arrow_forward
Block Address: 192.168.16.0/24
Pont to Point Link
WAN1
Usable #of Hosts: 2 Users
LAN3:
Usable #of Hosts: 25
Network Address: ?
LAN1
Usable #of Hosts: 100 Users
Network Address: ?
Point to Point Link
WANZ
Usable #of Hosts: 2 Users
LANZ:
Usable #of Hosts: 50
Network Address: ?
The network given in the above figure consists of three local area networks and
two wide area networks are connected with two serial links. With an ID range
192.168.16.0/24, design an IP plan for this network. Find the network address and
broadcast address, and subnet mask for each network.
arrow_forward
Explore the concept of NAT (Network Address Translation) and its role in optimizing IP address usage.
arrow_forward
SEE MORE QUESTIONS
Recommended textbooks for you
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
LINUX+ AND LPIC-1 GDE.TO LINUX CERTIF.
Computer Science
ISBN:9781337569798
Author:ECKERT
Publisher:CENGAGE L
Related Questions
- Number of needed usable hosts Network Address : 6Address class : 126.0.0.0Total number of subnets :Total number of host addresses :Number of usable addresses :Number of bits borrowed :What is the 2nd subnet range?What is the subnet number for the 5th subnet?What is the subnet broadcast address for the 7th subnet?What are the assignable addresses for the 10th :arrow_forwardQuestion 8 Network Address Translation (NAT) is method of remapping an IP address to a machine's physical address. O True O False Question 9 Routing algorithm determines end-to-end path through network. True O False Question 10 Dynamic Host Configuration Protocol (DHCP) allows host to dynamically obtain its MAC address from server when it joins a network. O True Falsearrow_forwardIdentify the address type for the following IPV6 addresses. i. :1/128 ii. ff02:1 ii. 2001:660:7307:6666:3797:f3f4:7500:24b6/64 iv. fda9:44c3:2f5e::10/64 fe80:5054:ff:fe20:1506/64 V.arrow_forward
- 71. Total number of layers in a Internet Protocol Stack are a. 7 b. 6 c. 5 d. 4arrow_forwardDiscuss the concept of NAT (Network Address Translation) and its use in private and public IP addressing.arrow_forwardMatch the following port numbers with their uses :(a) 23 (i) World wide web(b) 25 (ii) Remote Login(c) 80 (iii) USENET news(d) 119 (iv) Emailcode (a) (b) (c) (d) a. (iv) (i) (ii) (iii) b. (ii) (i) (iv) (iii) c. (ii) (iv) (iii) (i) d. (ii) (iv) (i) (iii)arrow_forward
- The physical path by which a message travels from sender to receiver * Transmission Medium Standards Network Architecture Protocols A telegraph multiplexer, which allowed signals from up to six different telegraph machines to be transmitted simultaneously over a single wire was invented by: Guiglielmo Marconi Emile Baudot Heinrich Hertz Samuel Morsearrow_forwardIdentify the default subnet mask and CIDR value for the IP address 13.75.137.90 •Please solve it with stepsarrow_forwardPrivate network addresses—why? Can a private network datagram ever appear on the public Internet? Explain.arrow_forward
- SaaS Architecture: • What does a client need in order to be able to contact a webserver? • What is an IP address? • Why is a port number necessary? • What is the system that makes it possible to contact web servers via friendly names instead of IP addresses? • What is the difference between an HTTP route and a URL/URI? • What are cookies and why are they useful? • What are common examples of HTTP clients? • What does REST stand for? • Who was REST invented by? • REST thinks about things in terms of [blank] and operations on those [blank]. • Know how to implement URLS for standard Create, Read, Update, and Delete Operations using REST.arrow_forwardBlock Address: 192.168.16.0/24 Pont to Point Link WAN1 Usable #of Hosts: 2 Users LANG: Usable #of Hosts: 25 Network Address: ? LAN1 Usable #of Hosts: 100 Users Network Address: ? Point to Point Link WANZ Usable #of Hosts: 2 Users LANZ: Usable #of Hosts: 50 Network Address: ? The network given in the above figure consists of three local area networks and two wide area networks are connected with two serial links. With an ID range 192.168.16.0/24, design an IP plan for this network. Find the network address and broadcast address, and subnet mask for each network.arrow_forwardIn peer to peer architecture the server has a permanent address and is always on to serve client A True B Falsearrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
- Fundamentals of Information SystemsComputer ScienceISBN:9781337097536Author:Ralph Stair, George ReynoldsPublisher:Cengage LearningSystems ArchitectureComputer ScienceISBN:9781305080195Author:Stephen D. BurdPublisher:Cengage LearningLINUX+ AND LPIC-1 GDE.TO LINUX CERTIF.Computer ScienceISBN:9781337569798Author:ECKERTPublisher:CENGAGE L
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
LINUX+ AND LPIC-1 GDE.TO LINUX CERTIF.
Computer Science
ISBN:9781337569798
Author:ECKERT
Publisher:CENGAGE L