Open main menu

CDOT Wiki β


SRT210 Lab 5

2,644 bytes added, 01:26, 6 March 2019
= Objectives =
* Understand how DHCP works and set up aworking server/client.* Understand which types of traffic can be captured where, from the point of view of an attacker.* Practice capturing traffic, and browsing it using Wireshark.
* The dhcpserver.pcap file will not be human-readable, it's intended to be viewed with Wireshark. So copy the file to c7host using the scp command.
* Open dhcpserver.pcap in Wireshark, and browse through the DHCP packets, looking specifically for MAC and IP addresses.
== Apache traffic ==
* It is generally accepted that no website using authentication should run over plain-text (http://) but many do, and in this section we'll see why that's a bad idea.
* There are quite a few steps to set everything up, but essentially you'll be doing the same thing here as you did for the DHCP traffic above.
* First reconfigure your website on lin1 to require authentication. To do that:
** Edit /etc/httpd/conf/httpd.conf, and find the section for the /var/www/html directory. In that section replace <source>AllowOverride None</source> with <source>AllowOverride All</source>. Then restart Apache.
** Go to the /var/www/html directory and create a couple of files. The first one (.htaccess) will require credentials when visitors access the webpage:<source>AuthUserFile /var/www/html/.htpasswd
AuthGroupFile /dev/null
AuthName "Please Enter Password"
AuthType Basic
Require valid-user
</source> And the second one (.htpasswd) will have the credentials (andrew/test): <source>andrew:PGwvUbWUtmzqE</source>
* Test that your changes worked by accessing lin1.yourusername.ops using Firefox on c7host. It should prompt for credentials and let you see your page when you give it the username andrew and password test.
* Now we'll need to install a GUI on the alice machine so that we can do our packet capture on the router:<source>yum groupinstall "GNOME Desktop"</source>
* Then make it start automatically <source>ln -sf /lib/systemd/system/ /etc/systemd/system/</source> and reboot.
* This time the traffic will be between alice and lin1, and we'll do the packet capture on lin1a1, which is the gateway out of the asg1 network:<source>tcpdump -i eth1 tcp -w gatewaytcp.pcap</source>
* Which will capture all TCP traffic going through the gateway, including the communication we want to sniff.
* Open Firefox in the alice machine, close the extra tabs, and go to lin1.yourusername.ops. Type in the username and password to see your webpage.
* Stop the packet capturing on the gateway, scp the gatewaytcp.pcap file to c7host, and open it with wireshark.
* Look for a line with GET / HTTP/1.1 in the info column, and an "Authorization" line in the Hypretext Transfer Protocol section of that packet.
* With just a bit of browsing you should be able to find the username and password you've typed in when you logged in. Notice that no cracking of brute-forcing was needed.
= Lab completion =