mirror of
https://github.com/cliffe/SecGen.git
synced 2026-02-23 04:08:02 +00:00
lab sheet updates
This commit is contained in:
Z. Cliffe Schreuders
@@ -21,7 +21,7 @@ You don't need to login to the backup_server, but you will connect to it via SSH
|
||||
|
||||
### For marks in the module
|
||||
1. **You need to submit flags**. Note that the flags and the challenges in your VMs are different to other's in the class. Flags will be revealed to you as you complete challenges throughout the module. Flags look like this: ==flag{*somethingrandom*}==. Follow the link on the module page to submit your flags.
|
||||
2. **You need to document the work and your solutions in a workbook**. This needs to include screenshots (including the flags) of how you solved each Hackerbot challenge and a writeup describing your solution to each challenge, and answering any "Workbook Questions". The workbook will be submitted later in the semester.
|
||||
2. **You need to document the work and your solutions in a Log Book**. This needs to include screenshots (including the flags) of how you solved each Hackerbot challenge and a writeup describing your solution to each challenge, and answering any "Log Book Questions". The Log Book will be submitted later in the semester.
|
||||
|
||||
## Meet Hackerbot!
|
||||
|
||||
@@ -54,7 +54,7 @@ uptime
|
||||
15:32:38 up 4 days, 23:50, 4 users, load average: 1.01, 1.24, 1.17
|
||||
``
|
||||
|
||||
A common goal is to aim for "five nines" availability (99.999%). If you only have one server, that means keeping it running constantly, other than for scheduled maintenance.
|
||||
A common goal is to aim for "five nines" availability (99.999%). If you only have one server, that means keeping it running constantly, other than for scheduled maintenance.
|
||||
|
||||
==In your log book, list a few legitimate security reasons for performing off-line maintenance.==
|
||||
|
||||
@@ -84,7 +84,7 @@ Note (and take the time to understand) the differences in the output from these
|
||||
|
||||
## SSH (secure shell) and SCP (secure copy)
|
||||
|
||||
Using SSH (secure shell), scp (secure copy) can transfer files securely (encrypted) over a network.
|
||||
Using SSH (secure shell), scp (secure copy) can transfer files securely (encrypted) over a network.
|
||||
> This replaces the old insecure rcp command, which sends files over the network in-the-clear (not encrypted). Rcp should never be used.
|
||||
|
||||
==Backup your /etc/ directory to the backup_server== computer using scp:
|
||||
@@ -328,7 +328,7 @@ And ==make a new snapshot==, with copies of files that have changed:
|
||||
sudo rsync -avh --delete --link-dest=/tmp/etc_snapshot_full /etc /tmp/etc_snapshot2
|
||||
```
|
||||
|
||||
==Delete some files==, and ==make a new differential snapshot==. Although Rsync does not report a deletion, the deleted files will be absent from the new snapshot.
|
||||
==Delete some files==, and ==make a new differential snapshot==. Although Rsync does not report a deletion, the deleted files will be absent from the new snapshot.
|
||||
|
||||
==Recover a file from a previous snapshot.==
|
||||
|
||||
|
||||
@@ -21,7 +21,7 @@ You don't need to login to the backup_server, but you will connect to it via SSH
|
||||
|
||||
### For marks in the module
|
||||
1. **You need to submit flags**. Note that the flags and the challenges in your VMs are different to other's in the class. Flags will be revealed to you as you complete challenges throughout the module. Flags look like this: ==flag{*somethingrandom*}==. Follow the link on the module page to submit your flags.
|
||||
2. **You need to document the work and your solutions in a workbook**. This needs to include screenshots (including the flags) of how you solved each Hackerbot challenge and a writeup describing your solution to each challenge, and answering any "Workbook Questions". The workbook will be submitted later in the semester.
|
||||
2. **You need to document the work and your solutions in a Log Book**. This needs to include screenshots (including the flags) of how you solved each Hackerbot challenge and a writeup describing your solution to each challenge, and answering any "Log Book Questions". The Log Book will be submitted later in the semester.
|
||||
|
||||
## Hackerbot!
|
||||
|
||||
|
||||
@@ -22,7 +22,7 @@ You won't login to the hackerbot_server or web_server, but all the VMs need to b
|
||||
|
||||
### For marks in the module
|
||||
1. **You need to submit flags**. Note that the flags and the challenges in your VMs are different to other's in the class. Flags will be revealed to you as you complete challenges throughout the module. Flags look like this: ==flag{*somethingrandom*}==. Follow the link on the module page to submit your flags.
|
||||
2. **You need to document the work and your solutions in a workbook**. This needs to include screenshots (including the flags) of how you solved each Hackerbot challenge and a writeup describing your solution to each challenge, and answering any "Workbook Questions". The workbook will be submitted later in the semester.
|
||||
2. **You need to document the work and your solutions in a Log Book**. This needs to include screenshots (including the flags) of how you solved each Hackerbot challenge and a writeup describing your solution to each challenge, and answering any "Log Book Questions". The Log Book will be submitted later in the semester.
|
||||
|
||||
## Hackerbot!
|
||||
|
||||
|
||||
@@ -24,7 +24,7 @@ You won't login to the hackerbot_server or web_server, but all the VMs need to b
|
||||
|
||||
### For marks in the module
|
||||
1. **You need to submit flags**. Note that the flags and the challenges in your VMs are different to other's in the class. Flags will be revealed to you as you complete challenges throughout the module. Flags look like this: ==flag{*somethingrandom*}==. Follow the link on the module page to submit your flags.
|
||||
2. **You need to document the work and your solutions in a workbook**. This needs to include screenshots (including the flags) of how you solved each Hackerbot challenge and a writeup describing your solution to each challenge, and answering any "Workbook Questions". The workbook will be submitted later in the semester.
|
||||
2. **You need to document the work and your solutions in a Log Book**. This needs to include screenshots (including the flags) of how you solved each Hackerbot challenge and a writeup describing your solution to each challenge, and answering any "Log Book Questions". The Log Book will be submitted later in the semester.
|
||||
|
||||
## Hackerbot!
|
||||
|
||||
|
||||
@@ -25,7 +25,7 @@ You don't need to login to the backup_server or web_server, but you will connect
|
||||
|
||||
### For marks in the module
|
||||
1. **You need to submit flags**. Note that the flags and the challenges in your VMs are different to other's in the class. Flags will be revealed to you as you complete challenges throughout the module. Flags look like this: ==flag{*somethingrandom*}==. Follow the link on the module page to submit your flags.
|
||||
2. **You need to document the work and your solutions in a workbook**. This needs to include screenshots (including the flags) of how you solved each Hackerbot challenge and a writeup describing your solution to each challenge, and answering any "Workbook Questions". The workbook will be submitted later in the semester.
|
||||
2. **You need to document the work and your solutions in a Log Book**. This needs to include screenshots (including the flags) of how you solved each Hackerbot challenge and a writeup describing your solution to each challenge, and answering any "Log Book Questions". The Log Book will be submitted later in the semester.
|
||||
|
||||
## Hackerbot!
|
||||
|
||||
@@ -91,7 +91,7 @@ tcpdump -q
|
||||
```bash
|
||||
tcpdump -A
|
||||
```
|
||||
> Shows the packet content without the information about the source and destination.
|
||||
> Shows the packet content without the information about the source and destination.
|
||||
|
||||
When you ==access a web page in a browser on the desktop VM== (go ahead... ==reload this labsheet== webpage), Tcpdump will display the content, so long as the traffic is not SSL encrypted (for example, so long as the URL doesn't start with http**s**://).
|
||||
|
||||
@@ -167,7 +167,7 @@ vi /etc/snort/snort.conf
|
||||
|
||||
> ":wq" to write changes and quit)
|
||||
|
||||
==Comment out== the line starting with "`output` …"
|
||||
==Comment out== the line starting with "`output` …"
|
||||
> (Put a \# in front of it)
|
||||
|
||||
==Add the following line:==
|
||||
@@ -268,7 +268,7 @@ Add the following line below the other include rules (at the end of the file):
|
||||
`include $RULE_PATH/my.rules`
|
||||
|
||||
Save your changes to snort.conf
|
||||
> (For example, in vi, press Esc, then type ":wq").
|
||||
> (For example, in vi, press Esc, then type ":wq").
|
||||
|
||||
> Hint: you may find it easier to use Esc, then type ":w" to write your changes to disk and then type ":q" to exit (or "x" shorthand for "wq").
|
||||
|
||||
@@ -405,7 +405,7 @@ Create a rule that only triggers on loading the Webserver's homepage (http://<%=
|
||||
|
||||
---
|
||||
|
||||
Create a rule that triggers on the
|
||||
Create a rule that triggers on the
|
||||
|
||||
##TODO
|
||||
Create a Snort rule that detects visits to the Leeds Beckett website from the Kali VM, but does not get triggered by general web browsing.
|
||||
@@ -428,5 +428,3 @@ Randomly specified content
|
||||
Randomly generated content (requires network monitoring)
|
||||
attacks
|
||||
random port number (by service name?)
|
||||
|
||||
|
||||
|
||||
@@ -22,7 +22,7 @@ You won't login to the hackerbot_server or web_server, but all the VMs need to b
|
||||
|
||||
### For marks in the module
|
||||
1. **You need to submit flags**. Note that the flags and the challenges in your VMs are different to other's in the class. Flags will be revealed to you as you complete challenges throughout the module. Flags look like this: ==flag{*somethingrandom*}==. Follow the link on the module page to submit your flags.
|
||||
2. **You need to document the work and your solutions in a workbook**. This needs to include screenshots (including the flags) of how you solved each Hackerbot challenge and a writeup describing your solution to each challenge, and answering any "Workbook Questions". The workbook will be submitted later in the semester.
|
||||
2. **You need to document the work and your solutions in a Log Book**. This needs to include screenshots (including the flags) of how you solved each Hackerbot challenge and a writeup describing your solution to each challenge, and answering any "Log Book Questions". The Log Book will be submitted later in the semester.
|
||||
|
||||
## Hackerbot!
|
||||
|
||||
|
||||
@@ -28,7 +28,7 @@ Note that using hashes, there is no need to have the backup on-hand in order to
|
||||
|
||||
==Repeat the above two commands using shasum== rather than md5sum.
|
||||
|
||||
SHA1, SHA2, and SHA3 are considered to be more secure than the 'cryptographically broken' MD5 algorithm. Although MD5 is still in use today, it is safer to use a stronger hash algorithm, since MD5 is not collision-resistant, meaning it is possible to find multiple files that result in the same hash. SHA1 is considered partially broken, so a new algorithm such as SHA2, or the newest SHA3 are currently a good options. There are a number of related commands for generating hashes, named md5sum, shasum, sha224sum, sha256sum, and so on. These commands (as well as those in the next section) are readily available on most Unix systems, and are also available for Windows.
|
||||
SHA1, SHA2, and SHA3 are considered to be more secure than the 'cryptographically broken' MD5 algorithm. Although MD5 is still in use today, it is safer to use a stronger hash algorithm, since MD5 is not collision-resistant, meaning it is possible to find multiple files that result in the same hash. SHA1 is considered partially broken, so a new algorithm such as SHA2, or the newest SHA3 are currently good options. There are a number of related commands for generating hashes, named md5sum, shasum, sha224sum, sha256sum, and so on. These commands (as well as those in the next section) are readily available on most Unix systems, and are also available for Windows.
|
||||
|
||||
#### File integrity checkers
|
||||
|
||||
@@ -66,7 +66,7 @@ shasum -c /home/<%= $main_user %>/hashes/hash.sha
|
||||
==Make a change== to the end of <%= $example_file %>:
|
||||
|
||||
```bash
|
||||
echo "hello" >> *your-name*
|
||||
echo "hello" >> <%= $example_file %>
|
||||
```
|
||||
|
||||
Check whether anything has changed since we generated hashes:
|
||||
@@ -79,47 +79,46 @@ You should see a nice explanation of the files that have changed since generatin
|
||||
|
||||
#### Scripted integrity checking
|
||||
|
||||
The above can also be accomplished via a simple script (in this case a Perl script):
|
||||
The above can also be accomplished via a simple script (in this case a Ruby script):
|
||||
|
||||
```perl
|
||||
#!/usr/bin/perl
|
||||
# Copyleft Z. Cliffe Schreuders
|
||||
# Licenced under the terms of the GPLv3
|
||||
```ruby
|
||||
#!/usr/bin/ruby
|
||||
# Copyleft Z. Cliffe Schreuders
|
||||
# Licenced under the terms of the GPLv3
|
||||
|
||||
use warnings;
|
||||
use strict;
|
||||
require 'digest'
|
||||
|
||||
my %files_hashes = (
|
||||
"/etc/passwd"=>"69773dcef97bca8f689c5bc00e9335f7dd3d9e08",
|
||||
"/bin/ls"=>"9304c5cba4e2a7dc25c2d56a6da6522e929eb848",
|
||||
"/bin/bash"=>"54d0d9610e49a654843497c19f6211b3ae41b7c0",
|
||||
);
|
||||
hashes = {
|
||||
"/bin/ls" => "075e188324c2f4e54359128371a01e4d5e3b7be08382e4433bd53523f8bf6217",
|
||||
"/etc/passwd" => "8a9d9fa67078d83274fae27e4ffd3d100db51501dfdef42dde7b190c91a899ef",
|
||||
"/bin/bash" => "059fce560704769f9ee72e095e85c77cbcd528dc21cc51d9255cfe46856b5f02"
|
||||
}
|
||||
|
||||
foreach my $file_entry (keys %files_hashes) {
|
||||
my $hash = `sha1sum $file_entry|awk '{print \$1}'|head -n1`;
|
||||
chomp($hash);
|
||||
if($hash ne $files_hashes{$file_entry}){
|
||||
warn "FILE CHANGED: $file_entry (hash was $hash, expected $files_hashes{$file_entry})\n";
|
||||
} else {
|
||||
print "File unmodified: $file_entry (hash was $hash, as expected)\n";
|
||||
}
|
||||
}
|
||||
hashes.each { |filepath,hash|
|
||||
calculated_hash = Digest::SHA256.hexdigest File.read filepath
|
||||
puts "#{filepath}: #{calculated_hash}"
|
||||
if calculated_hash == hash
|
||||
puts "OK: file unmodified"
|
||||
else
|
||||
puts "FILE CHANGED: expected #{hash}"
|
||||
end
|
||||
}
|
||||
```
|
||||
|
||||
This script iterates over a list of file paths with SHA1 hashes (stored in an associative array), and runs sha1sum for each one to check whether the files are still the same.
|
||||
This script iterates over a list of file paths with SHA256 hashes (stored in an associative array), and calculates the hash for each one to check whether the files are still the same.
|
||||
|
||||
==Save the script as checker.pl==
|
||||
> Tip: you may wish to use the default KDE GUI text editor Kate. You should be able to copy the script and paste it into Kate to save it as checker.pl.
|
||||
==Save the script as checker.rb==
|
||||
> Tip: you may wish to use the default KDE GUI text editor Kate. You should be able to copy the script and paste it into Kate to save it as checker.rb.
|
||||
>
|
||||
> Alternatively you can type:
|
||||
> "cat > checker.pl"
|
||||
> "cat > checker.rb"
|
||||
> Paste with Ctrl-Shift-V.
|
||||
> Then, Ctrl-D, to end the input.
|
||||
|
||||
Then ==run the script== with:
|
||||
|
||||
```bash
|
||||
perl checker.pl
|
||||
ruby checker.rb
|
||||
```
|
||||
|
||||
==Lab book question: Are the files reported as unmodified, or have they changed? Why might they be different to when I wrote the script?==
|
||||
|
||||
@@ -25,7 +25,7 @@ sudo debsums -ac
|
||||
|
||||
Verify the files installed by a specific package:
|
||||
```bash
|
||||
sudo debsums firefox
|
||||
sudo debsums firefox-esr
|
||||
```
|
||||
|
||||
Choose any system file on the computer, such as /etc/securetty. To determine which package the file belongs to:
|
||||
@@ -47,7 +47,7 @@ sudo debsums -a *package-name*
|
||||
|
||||
Try to understand the cause of any files failing the integrity checks.
|
||||
|
||||
==Workbook question: What are the limitations of this approach?==
|
||||
==Log Book question: What are the limitations of this approach?==
|
||||
|
||||
- What files will (and won't) this approach to integrity management cover?
|
||||
- Are the hashes protected against tampering?
|
||||
|
||||
@@ -15,7 +15,7 @@ You won't login to the hackerbot_server, but the VM needs to be running to compl
|
||||
|
||||
### For marks in the module
|
||||
1. **You need to submit flags**. Note that the flags and the challenges in your VMs are different to other's in the class. Flags will be revealed to you as you complete challenges throughout the module. Flags look like this: ==flag{*somethingrandom*}==. Follow the link on the module page to submit your flags.
|
||||
2. **You need to document the work and your solutions in a workbook**. This needs to include screenshots (including the flags) of how you solved each Hackerbot challenge and a writeup describing your solution to each challenge, and answering any "Workbook Questions". The workbook will be submitted later in the semester.
|
||||
2. **You need to document the work and your solutions in a Log Book**. This needs to include screenshots (including the flags) of how you solved each Hackerbot challenge and a writeup describing your solution to each challenge, and answering any "Log Book Questions". The Log Book will be submitted later in the semester.
|
||||
|
||||
## Meet Hackerbot!
|
||||
|
||||
|
||||
@@ -47,7 +47,7 @@ sudo debsums -a *package-name*
|
||||
|
||||
Try to understand the cause of any files failing the integrity checks.
|
||||
|
||||
==Workbook question: What are the limitations of this approach?==
|
||||
==Log Book question: What are the limitations of this approach?==
|
||||
|
||||
- What files will (and won't) this approach to integrity management cover?
|
||||
- Are the hashes protected against tampering?
|
||||
|
||||
@@ -15,7 +15,7 @@ You won't login to the hackerbot_server, but the VM needs to be running to compl
|
||||
|
||||
### For marks in the module
|
||||
1. **You need to submit flags**. Note that the flags and the challenges in your VMs are different to other's in the class. Flags will be revealed to you as you complete challenges throughout the module. Flags look like this: ==flag{*somethingrandom*}==. Follow the link on the module page to submit your flags.
|
||||
2. **You need to document the work and your solutions in a workbook**. This needs to include screenshots (including the flags) of how you solved each Hackerbot challenge and a writeup describing your solution to each challenge, and answering any "Workbook Questions". The workbook will be submitted later in the semester.
|
||||
2. **You need to document the work and your solutions in a Log Book**. This needs to include screenshots (including the flags) of how you solved each Hackerbot challenge and a writeup describing your solution to each challenge, and answering any "Log Book Questions". The Log Book will be submitted later in the semester.
|
||||
|
||||
## Meet Hackerbot!
|
||||
|
||||
|
||||
@@ -22,7 +22,7 @@ You won't login to the hackerbot_server, but all the VMs need to be running to c
|
||||
|
||||
### For marks in the module
|
||||
1. **You need to submit flags**. Note that the flags and the challenges in your VMs are different to other's in the class. Flags will be revealed to you as you complete challenges throughout the module. Flags look like this: ==flag{*somethingrandom*}==. Follow the link on the module page to submit your flags.
|
||||
2. **You need to document the work and your solutions in a workbook**. This needs to include screenshots (including the flags) of how you solved each Hackerbot challenge and a writeup describing your solution to each challenge, and answering any "Workbook Questions". The workbook will be submitted later in the semester.
|
||||
2. **You need to document the work and your solutions in a Log Book**. This needs to include screenshots (including the flags) of how you solved each Hackerbot challenge and a writeup describing your solution to each challenge, and answering any "Log Book Questions". The Log Book will be submitted later in the semester.
|
||||
|
||||
## Hackerbot!
|
||||
|
||||
|
||||
@@ -23,7 +23,7 @@ You won't login to the hackerbot_server, but all the VMs need to be running to c
|
||||
|
||||
### For marks in the module
|
||||
1. **You need to submit flags**. Note that the flags and the challenges in your VMs are different to other's in the class. Flags will be revealed to you as you complete challenges throughout the module. Flags look like this: ==flag{*somethingrandom*}==. Follow the link on the module page to submit your flags.
|
||||
2. **You need to document the work and your solutions in a workbook**. This needs to include screenshots (including the flags) of how you solved each Hackerbot challenge and a writeup describing your solution to each challenge, and answering any "Workbook Questions". The workbook will be submitted later in the semester.
|
||||
2. **You need to document the work and your solutions in a Log Book**. This needs to include screenshots (including the flags) of how you solved each Hackerbot challenge and a writeup describing your solution to each challenge, and answering any "Log Book Questions". The Log Book will be submitted later in the semester.
|
||||
|
||||
## Hackerbot!
|
||||
|
||||
|
||||
Reference in New Issue
Block a user