CIS 76 Telnet Session Hijack. Admonition

Similar documents
Telnet Session Hijack

CIS 76 VLab Pod Setup

CIS 76 VLab Pod Setup

CIS 76 SSH Brute Force. SSH Brute Force Attack

Ethical Hacking as a Professional Penetration Testing Technique ISSA Southern Tier & Rochester Chapters

CIS 76 - Lesson 6. Slides and lab posted WB converted from PowerPoint Print out agenda slide and annotate page numbers

Post Connection Attacks

Lab 1.3.2: Review of Concepts from Exploration 1 - Challenge

n Describe sniffing concepts, including active and passive sniffing n Describe sniffing countermeasures n Describe signature analysis within Snort

Lab Configure Basic AP security through GUI

CHCSS. Certified Hands-on Cyber Security Specialist (510)

The Anatomy of a Man in the Middle Attack

Man in the middle. Bởi: Hung Tran

Lab - Examining Telnet and SSH in Wireshark

Practice Labs Ethical Hacker

FUJITSU Cloud Service S5 Connecting to a Virtual Machine (VM)

8.9.2 Lab: Configure an Ethernet NIC to use DHCP in Windows Vista

The following virtual machines are required for completion of this lab: Exercise I: Mapping a Network Topology Using

Jackson State University Department of Computer Science CSC 437/539 Computer Security Fall 2013 Instructor: Dr. Natarajan Meghanathan

SECURITY+ LAB SERIES. Lab 3: Protocols and Default Network Ports Connecting to a Remote System

Ethical Hacking and Prevention

3) Click the Screen Sharing option and click connect to establish the session

Web Applications Penetration Testing

Hacking Wireless Networks by data

CIS 76 Ethical Hacking Building an open source Pentest Sandbox, carrying out a Remote Code Execution exploit, and Remediating the RCE vulnerability.

Man In The Middle Project completed by: John Ouimet and Kyle Newman

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX

Project 3: Network Security

Network security - basic attacks

PracticeDump. Free Practice Dumps - Unlimited Free Access of practice exam

Wireless LAN Security (RM12/2002)

HikCentral V.1.1.x for Windows Hardening Guide

Lab - Remote Desktop in Windows 8

Authentication Security

Introduction to Networks: Case Study, Option 2

Skills Assessment Student Training

Wireless Network Penetration Testing Using Kali Linux on BeagleBone Black

ETHICAL HACKING LAB SERIES. Lab 15: Abusing SYSTEMS

Lab - Remote Desktop in Windows 7 and Vista

ECCouncil Certified Ethical Hacker. Download Full Version :

CCNP Switch Questions/Answers Securing Campus Infrastructure

Skills Assessment Student Training Exam

CIT 380: Securing Computer Systems. Network Security Concepts

Lab 2: Creating Secure Architectures

Lab Configure Basic AP Security through IOS CLI

Scanning. Introduction to Hacking. Networking Concepts. Windows Hacking. Linux Hacking. Virus and Worms. Foot Printing.

AN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM

Programming through Web browser:

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

Practical Network Defense Labs

Wireless Network Security

Course 831 EC-Council Certified Ethical Hacker v10 (CEH)

CISSP - Certified Information Systems Security Professional

Access Switch VLAN Y Y.1 /24

When does it work? Packet Sniffers. INFO Lecture 8. Content 24/03/2009

HikCentral V1.3 for Windows Hardening Guide

SYLLABUS. Departmental Syllabus. Applied Networking I. Departmental Syllabus. Departmental Syllabus. Departmental Syllabus. Departmental Syllabus

Firewall Identification: Banner Grabbing

Defeating All Man-in-the-Middle Attacks

NETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Vulnerability Assessment using Nessus

Man-in-the-Middle Laboratory

Configuration Guide. For Managing EAPs via EAP Controller

cs642 /introduction computer security adam everspaugh

Everyone will be working with a minimum of seven files on the network. All computers in the network must be able to connect to the laser printer.

Introduction to Computer Security

Lab 9.8.1: Address Resolution Protocol (ARP)

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. June 18, 2015

Lab Using the CLI to Gather Network Device Information Topology

GE Fanuc Intelligent Platforms

Introduction to Computer Networking Netkit lab Routing protocols: RIP and OSPF

IT Certification Exams Provider! Weofferfreeupdateserviceforoneyear! h ps://

Virtual-Machine-Based Network Exercises for Introductory Computer Networking Courses

Why bother? Causes of data breaches OWASP. Top ten attacks. Now what? Do it yourself Questions?

NETGEAR-FVX Relation. Fabrizio Celli;Fabio Papacchini;Andrea Gozzi

This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and

Certified Ethical Hacker Version 9. Course Outline. Certified Ethical Hacker Version Nov

Lab1. Definition of Sniffing: Passive Sniffing: Active Sniffing: How Does ARP Spoofing (Poisoning) Work?

Lab 4: Protocols and Default Network Ports - Connecting to a Remote System

Skills Assessment Student Training Exam

Retake - Skills Assessment Student Training (Answer Key)

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

Computer Network Routing Challenges Associated to Tackle Resolution Protocol

Hands-On TCP/IP Networking

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Chapter 11: It s a Network. Introduction to Networking

CISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks

GenCyber Networking. ARP Poisoning

Create a pfsense router for your private lab network template

Erasable Programmable Read-Only Memory (EPROM) Electrically Erasable Programmable Read-Only Memory (EEPROM) CMOS 2.2.

Remote Access to the CIS VLab (308)

Establishing secure connectivity between Oracle Ravello and Oracle Cloud Infrastructure Database Cloud ORACLE WHITE PAPER DECEMBER 2017

Skills Assessment Student Practice

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

Computer Network Vulnerabilities

Course 831 Certified Ethical Hacker v9

Preliminary steps before starting the experiment: 1) Click the Launch button to start the experiment. 2) Click OK to create a new session

202 Lab Introduction Connecting to the Lab Environment

Creating a Unifi Lab Network on your existing network

Exam Questions

Transcription:

Admonition 1

Unauthorized hacking is a crime. The hacking methods and activities learned in this course can result in prison terms, large fines and lawsuits if used in an unethical manner. They may only be used in a lawful manner on equipment you own or where you have explicit permission from the owner. Students that engage in any unethical, unauthorized or illegal hacking may be dropped from the course and will receive no legal protection or help from the instructor or the college. 2

Telnet Session Hijack Last updated 9/12/2016 3

Internet Server Network 172.30.5.0/24 NoSweat gateway and firewall.1.1.20 Opus.150 :af:e6:bd EH-Kali-05 Microlab Network 172.30.10.0/24.101 EH-OWASP-05 :af:63:bb.160.205 :af:f2:c3 EH-WinXP-05 EH-Centos.1 EH-pfSense-05 gateway and firewall EH-Pod-05 "EH-Pod-05 Network" 10.76.5.0/24.201.tbd :af:16:3a EH-TBD-05 4

Requirements 1. EH-Centos VM running with telnet service on Microlab network. 2. pfsense VM (baseline snapshot or greater). 3. Install Putty on pod WinXP VM (baseline snapshot or greater). Google putty download Download putty.exe to desktop. 4. Install Shijack on pod Kali VM (baseline snapshot or greater). Download shijack.tgz file from https://packetstormsecurity.com/ Use tar xvf shijack.tgz to extract files. 5

CIS 76 Network Topology Map Internet Server Network 172.30.5.0/24 NoSweat gateway and firewall.1.1.20 Opus.150 :e6:bd EH-Kali-05 fe80::92be:37:682a:33c1.160 Microlab Network 172.30.10.0/24.205.101 :63:bb EH-OWASP-05 fe80::250:56ff:feaf:63bb :af:f2:c3 EH-WinXP-05 EH-Centos.1 EH-pfSense-05 gateway and firewall EH-Pod-05 "EH-Pod-05 Network" 10.76.5.0/24.201.tbd :16:3a EH-TBD-05 6

EH-Centos Microlab EH-Pod-05 EH-Kali-05 telnet server attacker.150 :e6:bd :f2:c3 :16:3a.160.205.1.201 172.30.10.0/24 10.76.5.0/24 EH-pfSense-05 EH-WinXP-05 victim Scenario: The victim on EH-WinXP will be using telnet to log into the EH- Centos server. The attacker on EH-Kali will do a MITM attack by ARP poisoning EH-pfSense and EH-WinXP using Ettercap. The attacker will then intercept all traffic between them including capturing the telnet session username and password. Rather than making use of the username and password to login from EH- Kali, the attacker instead hijacks the telnet session. This leaves the attacker in control and the victim's connection is broken. The attacker leaves a new file in the victims home directory on EH-Centos. 7

Run Ettercap on EH-Kali 8

EH-Kali Perform Unified sniffing on eth0 9

EH-Kali Scan subnet to discover all online hosts 10

EH-Kali Show the list of discovered hosts 11

EH-Kali pfsense OWASP WinXP Hosts discovered on the Pod 5 LAN 12

EH-Kali pfsense OWASP WinXP Select pfsense router and add to Target 1 13

EH-Kali pfsense OWASP WinXP Select the WinXP VM and add to Target 2 14

EH-Kali Under the Mitm menu select ARP poisoning... The check Sniff remote connections 15

EH-WinXP http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html On the WinXP VM download the putty.exe file to your WinXP desktop 16

EH-WinXP Run Putty and Telnet (port 23) into eh-centos.cis.cabrillo.edu 17

EH-WinXP Log into EH-Centos as the cis76 user 18

EH-Kali pfsense OWASP WinXP Back on the Kali VM notice the attacker can see your username and password (blurred here) 19

Shijack https://packetstormsecurity.com/search/?q=shijack 20

EH-Kali Download shijack.tgz to eh-kali and extract the files 21

EH-Kali Record source port for the next step Run Wireshark on EH-Kali to capture Telnet traffic between EH-WinXP and EH-Centos 22

EH-Kali Get port from Wireshark Make your mark by changing into the visitors directory and create a file using your own name. Run shijack-lnx using the IP addresses and ports for EH-WinXP and EH-Centos 23

EH-WinXP Notice the victim on WinXP gets rudely disconnected by the hijack 24

EH-WinXP Victim logs back in and sees the attacker added a file to his visitors directory! 25

Credits Ethical Hacking: Session Hijacking by Malcom Shore (Lynda.com) 26

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback