Attack familiarization

My experience in the military has convinced me that in order to defend against attacks, you need to be able to see your defences the way that an attacker will. You therefore need to understand how an attacker does this. This assignment is intended to allow you to experiment in reconnaissance and attack tools in a safe (for everyone else) environment.

You still have an account named after your netid on the machine named ia-class.georgetown.edu. You will find that ia-class is now a different machine that is a modern linux distribution. Your password has been reset and is now your GoCard id. Your assignment is to log onto this and determine how you might break into the hosts machine, and to determine how you might break into the hosts named victim1, victim2, and victim3 all of which are on a private subnet that is only accessible from ia-class.

I would suggest the following strategy. First, try and determine what the OS on victim is, and what services are running. A tool named nmap is installed, and I am happy to install any other software you find that you might want to try, though it must run on Linux. Send me e-mail if there is something else you want to try. Note that nmap is suid root on this machine; this is so you can use the full range of capabilities. Don't use this fact to attack the local machine. To learn how to use nmap, try some of the links below:

Using the above information, determine what exploits are available and what is likely to work for the OS and services you found. Sites that can help are plentiful, but the canonical reference is http://cve.mitre.org/. Security focus is also good. In order to help you out, I have also installed a program called searchsploit which you can use to look up exploits.

By the due date submit to Canvas a single PDF file containing:

  • A list of the services and accounts on the system, and any other system information you have determined.
  • A terse list of the vulnerabilites of the system, based on your research into the above services and their vulnerabilites. Provide links to a description of the vulnerability

IMPORTANT

It is possible to use the scanning tools on ia-class against other hosts on the Georgetown Campus and on the Internet. This is forbidden (verboten, prohibited, not allowed, banned) by class policy and by the Georgetown Acceptable Use Policy, and anyone caught doing this will receive a severe grade penalty. Don't think that I am not watching.

Additionally, remember the goal of the assignment is not to turn you into a computer attacker. It is instead to allow you to learn the basics of how attackers operate so that you may more successfully defend your systems in the future. Breaking into other computers, even if it is easy to do so, is a crime and is punishable under many state and federal laws. I will happily testify against you in a court of law that you received this warning.

After the deadline

24 hours after the project deadline, you may attack the victim machines to see if you can break in. To help with this, I have installed metasploit. You will have to use the console version which you can run using mfsconsole.