1 For this exercise you must again be root. Login and obtain root privileges: sudo su Note that we use three computers for this exercise. C S H
2 Create an account on the server that can be used from the client: adduser username accept default answers to questions asked by adduser
3 Install a telnet daemon at the server aptitude install inetutils telnetd # activate telnetd in /etc/inetd.conf and reload telnet stream tcp nowait root /usr/sbin/telnetd telnetd /etc/init.d/openbsd inetd reload Make sure INPUT telnet and ssh connections are accepted by the server add rules to /etc/iptables/rules
4 Install tcpdump at the hacker's computer: aptitude install tcpdump Start tcpdump, let it write packages to /tmp/tcpdump.out tcpdump i eth0 w /tmp/tcpdump.out
5 At the client computer: use the account created earlier to login at the server using telnet: telnet ip address Enter some commands (ls, mkdir, cd, etc.) Eventually logout by entering exit or ctrl d
6 At the hacker's computer: end tcpdump (using ctrl C is OK) Use tcpdump to filter all telnet communication from the client computer telnet nxtqr /tmp/tcpdump.out host client ip Try to obtain the username and password... Find the login: and Password: prompts, then determine what was sent from the client to the server
7 At the hacker's computer: login at the server using the harvested username and password
8 At the server's computer: realize that clear text protocols requiring credentials are dangerous But not only those protocols. Any other reason why they could be dangerous? Change the server's configuration so that telnet no longer can be used Does this prevent the hacker from accessing the client's account?
9 At the server's computer: Change the server's configuration so that telnet no longer can be used aptitude purge inetutils telnetd /etc/init.d/openbsd inetd reload Does this prevent the hacker from accessing the client's account? No. Why not?
1 For this exercise you must again be root. Login and obtain root privileges: sudo su Note that we use three computers for this exercise. C S H
2 Create an account on the server that can be used from the client: adduser username accept default answers to questions asked by adduser
3 Install a telnet daemon at the server aptitude install inetutils telnetd # activate telnetd in /etc/inetd.conf and reload telnet stream tcp nowait root /usr/sbin/telnetd telnetd /etc/init.d/openbsd inetd reload Make sure INPUT telnet and ssh connections are accepted by the server add rules to /etc/iptables/rules
4 Install tcpdump at the hacker's computer: aptitude install tcpdump Start tcpdump, let it write packages to /tmp/tcpdump.out tcpdump i eth0 w /tmp/tcpdump.out
5 At the client computer: use the account created earlier to login at the server using telnet: telnet ip address Enter some commands (ls, mkdir, cd, etc.) Eventually logout by entering exit or ctrl d
6 At the hacker's computer: end tcpdump (using ctrl C is OK) Use tcpdump to filter all telnet communication from the client computer telnet nxtqr /tmp/tcpdump.out host client ip Try to obtain the username and password... Find the login: and Password: prompts, then determine what was sent from the client to the server
7 At the hacker's computer: login at the server using the harvested username and password
8 At the server's computer: realize that clear text protocols requiring credentials are dangerous But not only those protocols. Any other reason why they could be dangerous? Change the server's configuration so that telnet no longer can be used Does this prevent the hacker from accessing the client's account?
9 At the server's computer: Change the server's configuration so that telnet no longer can be used aptitude purge inetutils telnetd /etc/init.d/openbsd inetd reload Does this prevent the hacker from accessing the client's account? No. Why not? After a clear-text protocol requiring credentials has been removed, all users should be required to change their passwords