20-CS-6055-00X Cyber Defense Overview Fall 2017
Lab 1

Authentication, Availability, Confidentiality, Integrity, Defense Principles, Intrusion Detection, Attack vectors, more

 
Familarity With VirtualBox and PCAP Tools

Get and Install VirtualBox
If you have not done so, install VirtualBox on some computer with more than 4GB Ram, 250GB secondary storage, at least 2 cores, preferably 4 (hyperthreads don't count). The link for downloading this software is here for Windows and here for Linux distributions. Note: some students report problems with the latest VirtualBox release on Windows - you may have to downgrade. Also download the latest extension pack, which is also here. Put the extensions file in, say ~/Downloads, start VirtualBox by executing the command virtualbox from the command line or by clicking on a VirtualBox icon that was put on your machine when VirtualBox was installed. When started for the first time, VirtualBox looks like this:

You will build three virtual machines, most likely 64 bits - one will be Kali Linux and the other two will be chosen by you, and most likely will be Ubuntu. Prepare the install of each by clicking "New", then enter a name, select a type (say, Linux), and select an OS (with Kali Linux select "Ubuntu Linux (64-bit)"), and click "Next". Leave the memory size at 512 MB unless you have much more than 6 GB of RAM, and click "Next". Create the virtual hard drive now, click "Create". Choose VirtualBox disk image, click "Next". Choose "Dynamically allocated", click "Next". Choose the name and size for the disk, click "Create". After doing this for Ubuntu and Kali VirtualBox should look like this except perhaps some systems parameters are different:

Install the extensions as follows. Click on the "File" menu and select "Preferences". Click on "Extensions". The small topmost button on the right of the dialog box adds extensions. Click it, navigate to where the downloaded extensions file is (probably ~/Downloads) and select the extensions file. VirtualBox is now ready to install your virtual machines.

Download Operating System Install ISOs
Get the Ubuntu 14.04.3 LTS install iso from here. You probably will choose 64 bits. Assume in the following that the iso winds up in the ~/Downloads directory as ubuntu-14.04.3-desktop-amd64.iso. You can get the latest Kali Linux iso from here. You probably will choose "Kali Linux 64 bit ISO". Choose ISO or Torrent. Please note that I was unable to succeed with the installation of Kali linux but v.1.0.9, which is here did succeed for me. If one does not work, try the other. Your iso should land in the ~/Downloads directory as kali-linux-2.0-amd64.iso or kali-linux-1.0.9-amd64.iso.

Install the Virtual Machines
Highlight a Virtual Machine entry in the left margin of a running VirtualBox dialog. Above shows Ubuntu highlighted. Click "Settings" then click "Storage". To the right of "Controller: IDE" is a small round icon and a small square icon. Click on the small round one, click "Choose Disk" and navigate to where the Ubuntu ISO is, probably ~/Downloads. Click "OK". Highlight ubuntu-14.04.3-desktop-amd64.iso and click "OK" to close the box. Click on the "Start" arrow. The Live DVD will boot. Click on install, the only place to worry about during the install is where to put the OS. If you click on "Something else" when the time comes, you can check that the install target is /dev/sda and that the size of the target is only about 8 GB. Installation of Kali is similar. Note: you should not have to burn the downloaded iso files to any medium.

Try the Virtual Machines
Try Kali. Highlight the Kali entry in left margin of the VirtualBox dialog box and click the "Start" arrow. Choose your identity in the login window and supply your password. When kali is up, pull down the "Applications" menu and select "Kali Linux". Then select "Top 10 Security Tools". The result looks like this:

Explore more possiblilites by selecting other menus. This shows the wealth of tools that come with the Kali distribution. Many of these tools must be run as root or set up by root to allow non-root users to run. In addition, some like wireshark require being in promiscuous mode. One way to become root is to open a terminal (second icon to the right of "Places" in the menu bar) and run sudo su. Kali will ask for your password and then you become root. Kali can be set up to allow non-root users to run wireshark. As root, run

       dpkg-reconfigure wireshark-common
    
Select "Yes" and hit return. This creates a wireshark group but does not add any user to that group. The file /etc/group must be edited, as root, to do this. Just put the user's username after the last colon. If the VM network adapter is set to NAT and the host is on a wireless network then it will not be possible to enter promiscuous mode. In that case, before starting Kali, change the adapter to Internal network.

Lab Exercise
Set up three systems to be networked using VirtualBox using the following configuration:

  • Two virtual machines plus your laptop
Host-only networking should be used to configure the networking on a common interface (such as vboxnet0) so that all machines may see each other. To see how this is set up, visit this link.

Boot into Kali.

You will need to be able to demonstrate the ability to communicate from one host to another, and use the third host (Kali) to capture all of the network traffic into a file. The UI in Wireshark makes this relatively easy. If you want to do it using tcpdump, become root and do this:

      tcpdump -i eth0 -w your-output.pcap [options...]
    

The Exercise:
  1. Note: Completion of this exercise entails submitting a `capture' file and a report that specifies what was done to create this file. Submission instructions are here.
  2. You will need to utilize nmap to perform a scan, and that scanning activity should be captured by the third host. Use man nmap from the command line for documentation showing how to operate this utility.
  3. You will need to use the first two hosts to communicate a "flag" from one to the other using any method to your liking (use of the nc/netcat tool class is sufficient) and capture that communication. Use man netcat from the command line for documentation on netcat. Minimally, execute
    `netcat -l -p 8000 -u -v'
    on one machine to establish one end of a communication pipe, on port 8000 (-u means UDP, -l means listen but once a connection is made, it becomes 2-way), and
    `netcat <ip-address> 8000 -u'
    on another machine to establish the other end (where data is put into the pipe) of the connection (<ip-address> is the address of the first machine). Then, what is typed on the second machine is seen on the first machine. Redirect the output of netcat on the first machine to a file to save what is sent.
  4. In your report, describe the method used to accomplish 2 and 3 above.
  5. Use the PCAP analysis tools (wireshark, tcpdump, shark, etc.) to find the "flag" in the pcap file, and explain where it can be found. You may use timestamps, TCP sequence numbers, and/or references to packet data.
  6. Upload the PCAP to blackboard as the solution to lab 1 with the report.
The flag is the following sentence, a quote by Donald Knuth: We should forget about small efficiencies, say about 97% of the time: premature optimization is the root of all evil.

Submission instructions are here.