CISC205 Project 6

docx

School

Northampton County Area Community College *

*We aren’t endorsed by this school

Course

180

Subject

Computer Science

Date

Feb 20, 2024

Type

docx

Pages

Uploaded by HighnessMeerkat3580

CISC205 – Project 6 Task 1: Overloading a Linux system (sample DoS) 1. Start your Kali VM 2. Open a terminal 3. Type the following text :(){ :|:& };: (Note: there is a space after the first curly brace and before the last curly brace) 4. What happens? 5. If nothing happens, you may need to type it again. Does the VM become unresponsive? 6. If you could execute this code on a remote server, what would be the probable outcome? Task 2: Overloading a Windows system 1. Warning – this is going to try to overload your PC, so make sure you save any work 2. Open notepad on your desktop computer 3. Type the following: :1 start goto 1 4. Save the file to the Desktop as test.bat (change file type to “all files” or notepad will save as a txt file) 5. Test.bat should now be on your desktop. The icon looks like two gears. 6. Double-click to start the batch file 7. What happens? 8. What can you do to terminate the batch file? 9. This one is a little easier to stop than part 1, but how do you think someone with only basic computer skills would react? Task 3: Malware Detection Malware, viruses, and Trojans are uncommon in Linux, although they are not unheard of. So, if you just require an antivirus once in a while, ClamAV is a great option. ClamAV is a free antivirus program that may be used for email scanning, online scanning, and endpoint security. It includes a multi-threaded daemon that is versatile and scalable, a command-line scanner, and a sophisticated tool for automated database updates, among other features. Installation of ClamAV and ClamTk ClamAV is available in the Ubuntu apt repository and is fairly easy to install. 1. Open your Kali VM and start a Terminal window 2. ClamAV may be installed using the following command: sudo apt-get install clamav If you’re looking for clamd (on access daemon, you should also try: sudo apt-get update

CISC205 – Project 6 sudo apt-get install clamav-daemon ClamAV is now installed on your computer. To see if it’s been installed, use the command below. clamscan --version ClamAV has been successfully installed if the above command returns the version. What version is installed? ClamTk is a ClamAV frontend. You can use Terminal to install it: sudo apt-get install clamtk Usage of ClamAV and ClamTk ClamAV Signature Database Updating: You’ve already installed ClamAV on your computer; now it’s time to update the ClamAV signature database. Follow the instructions below to install the ClamAV signature database. 1. The first step is to terminate the ClamAV-freshclam service using the following command in a terminal window. sudo systemctl stop clamav-freshclam 2. The signature database must now be manually updated in the Second Step . There are two options for accomplishing this. The first method entails using the terminal to enter the following command. sudo freshclam 3. The signature database will be installed on your PC using this command. Run the following command to create a directory called “clamav” at a specified location if it does not already exist. (You will get an error message if the folder is already there.) sudo mkdir /var/lib/clamav 4. The final step is to run the following command to start the clamav-freshclam service. sudo systemctl start clamav-freshclam clamscan --infected --remove --recursive /home/kali/Desktop

CISC205 – Project 6 We used certain parameters in the command above. The meanings of these choices are as follows:  –infected: only prints files that are infected  –remove: this command deletes infected files.  –recursive: the directory’s subdirectories will be examined as well. With this command, you have more alternatives. To view, all the choices, use the following command in the terminal window. clamscan --help ClamAV is mostly a command-line program. However, ClamTK , a third-party program, provides a very basic GUI that allows beginners who are not comfortable with the command-line interface to use it. When you first run ClamTk, you’ll see a simple interface with four primary components. Configuration, History, Updates and Analysis The first element is the setup area, which allows users to set up and adjust ClamAV and its behavior. For example, you can scan a folder but not its subfolders. You may whitelist files or folders to exclude them from scans, as well as scan huge files , hidden files , and password checkers . 1. The history area, which provides users with information about prior scans, is the second portion. In addition, there is a quarantine section where you may check for malicious files that have been confined as a result of scans. 2. Updates are the third segment. This is where ClamAV may import new viral definitions. The first thing you must do after installing ClamAV updates the virus definitions by selecting Updates. 3. The analysis part is the final portion. This is where your ClamAV scans begin. Select the required directory by selecting “Scan a directory” from the analysis group. Selectt the Documents directory and start the scan. ClamTK will scan the directory and present the results in the image below. Did ClamAV find any threats? Why or why not? ClamAV VS ClamTK in terms of performance There are no differences in performance between ClamAV and ClamTK. So you may use either of them, but ClamTK is the best option since it has a graphical user interface that makes it easier to use, particularly for novices. How effective is using ClamAV? ClamAV isn’t the finest antivirus software on the market, but if you’re on a Linux-only desktop, it’ll suffice for the most part. You may also experience false positives, which are often higher than those seen by other top antivirus software. ClamAV also received poor marks in a test of

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

CISC205 – Project 6 Linux antivirus conducted by AV-Test, an independent IT-security institution (detected just 15.3 percent of Windows malware and rated 16 out of 16). In terms of Linux malware, things were better, although not very amazing. ClamAV was able to identify 66.1 percent of the attackers that targeted it. ClamAV came in 13th place for Linux malware and viruses, beating out McAfee, Comodo, and F-port. Task 4: SQL injection 1. Go through the quick tutorial on SQL injection attacks https://www.w3schools.com/sql/sql_injection.asp 2. In this lab, you will view a PCAP file from a previous attack against a SQL database. SQL injection attacks allow malicious hackers to type SQL statements in a web site and receive a response from the database. This allows attackers to tamper with current data in the database, spoof identities, and miscellaneous mischief. A PCAP file has been created for you to view a previous attack against a SQL database. In this lab, you will view the SQL database attacks and answer the questions. 3. Download the PCAP file from week 6 (SQL_Lab.pcap) 4. Open Wireshark and load the PCAP file. 5. The PCAP file opens within Wireshark and displays the captured network traffic. This capture file extends over an 8-minute (441 second) period, the duration of this SQL injection attack. 6. What are the two IP addresses involved in this SQL injection attack based on the information displayed? ________________________________________________________________________ View the SQL Injection Attack. 7. In this step, you will be viewing the beginning of an attack. 8. Within the Wireshark capture, right-click line 13 and select Follow HTTP Stream. Line 13 was chosen because it is a GET HTTP request. This will be very helpful in following the data stream as the application layers sees it and leads up to the query testing for the SQL injection. 9. The source traffic is shown in red. The source has sent a GET request to host 10.0.2.15. In blue, the destination device is responding back to the source. 10. Click Find and enter 1=1. Search for this entry. When the text is located, click Cancel in the Find text search box. <Screen shot the HTTP stream results and paste here> 11. The attacker has entered a query (1=1) into a UserID search box on the target 10.0.2.15 to see if the application is vulnerable to SQL injection. Instead of the application responding with a login failure message, it responded with a record from a database. The attacker has verified they can input an SQL command and the database will respond. The search string 1=1 creates an SQL statement that will be always true. In the example, it does not matter what is entered into the field, it will always be true.

CISC205 – Project 6 12. What is the user name? 13. Close the Follow HTTP Stream window. 14. Click Clear to display the entire Wireshark conversation. The SQL Injection Attack continues... In this step, you will be viewing the continuation of an attack. 15. Within the Wireshark capture, right-click line 19, and select Follow HTTP Stream. 16. Click Find and enter 1=1. Search for this entry. When the text is located, click Cancel in the Find text search box. 17. The attacker has entered a query (1’ or 1=1 union select database(), user()#) into a UserID search box on the target 10.0.2.15. Instead of the application responding with a login failure message, it responded with the following information: 18. The database name is _____ and the database user is _______. There are also multiple user accounts being displayed, list one here: 19. Close the Follow HTTP Stream window. 20. Click “Clear” to display the entire Wireshark conversation. The SQL Injection Attack provides system information. 21. The attacker continues and starts targeting more specific information. 22. Within the Wireshark capture, right-click line 22 and select Follow HTTP Stream. In red, the source traffic is shown and is sending the GET request to host 10.0.2.15. In blue, the destination device is responding back to the source. 23. Click Find and type in 1=1. Search for this entry. When the text is located, click Cancel in the Find text search box. 24. The attacker has entered a query (1’ or 1=1 union select null, version ()#) into a UserID search box on the target 10.0.2.15 to locate the version identifier. Notice how the version identifier is at the end of the output right before the </pre>.</div> closing HTML code. 25. What is the version? ________________________________________________________________________ 26. Close the Follow HTTP Stream window. 27. Click Clear to display the entire Wireshark conversation. The SQL Injection Attack and Table Information. 28. The attacker knows that there is a large number of SQL tables that are full of information. The attacker attempts to find them. 29. Within the Wireshark capture, right-click on line 25 and select Follow HTTP Stream. The source is shown in red. It has sent a GET request to host 10.0.2.15. In blue, the destination device is responding back to the source. 30. Click Find and enter users. Search for the entry displayed below. When the text is located, click Cancel in the Find text search box. 31. The attacker has entered a query (1’or 1=1 union select null, table_name from information_schema.tables#) into a UserID search box on the target 10.0.2.15 to view

CISC205 – Project 6 all the tables in the database. This provides a huge output of many tables, as the attacker specified “null” without any further specifications. 32. What would the modified command of (1' OR 1=1 UNION SELECT null, column_name FROM INFORMATION_SCHEMA.columns WHERE table_name='users') do for the attacker? ___________________________________________________________________________ ___________________________________________________________________________ 33. Close the Follow HTTP Stream window. 34. Click Clear to display the entire Wireshark conversation. The SQL Injection Attack Concludes. 35. The attack ends with the best prize of all; password hashes. 36. Within the Wireshark capture, right-click line 28 and select Follow HTTP Stream. The source is shown in red. It has sent a GET request to host 10.0.2.15. In blue, the destination device is responding back to the source. 37. Click Find and type in 1=1. Search for this entry. When the text is located, click Cancel in the Find text search box. 38. The attacker has entered a query (1’or 1=1 union select user, password from users#) into a UserID search box on the target 10.0.2.15 to pull usernames and password hashes! 39. Which user has the password hash of 8d3533d75ae2c3966d7e0d4fcc69216b? ________________________________________________________________________ 40. Using a website such as https://crackstation.net/, copy the password hash into the password hash cracker and get cracking. 41. What is the plain-text password? ___________________________________________________________________________ ___________________________________________________________________________ 42. Close the Follow HTTP Stream window. Close any open windows. Reflection 43. What is the risk of having platforms use the SQL language? ___________________________________________________________________________ ___________________________________________________________________________ 44. Browse the Internet and perform a search on “prevent SQL injection attacks”. What are 2 methods or steps that can be taken to prevent SQL injection attacks? ___________________________________________________________________________ ___________________________________________________________________________

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

CISC205 Project 6

Related Documents