1ECE4112 Lab 2 Lab2: Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks (VPN) Group Number: _________ Member Names: __________________________________________ Date Assigned:January 27, 2011 Date Due:February 3, 2011 Please read the entire lab and any extra materials carefully before starting. Be sure to start early enough so that you will have time to complete the lab. Answer ALL questions in theAnswer Sheetand be sure you turn in ALL materials listed in theTurn-in Checkliston or before the Date Due. Goal: This lab will introduce you to network security issues involving password cracking, sniffing, and Man-in-the-Middle attacks. Summary: This lab consists of two sections. In Section 1 you will be experimenting with some of the password cracking tools available for Windows and Linux, and you will also be using ethereal to sniff the network connection between your Linux and Windows boxes. Finally, in section 2, you will learn to use ARP and ettercap tools to perform a Man-in-the-Middle attack. In section 3 you will learn about virtual private networks (VPNs) and among other things, you will learn VPNs can prevent man in the middle attacks Background: Read “Hacking Exposed” Chapters 4 and 5 Prelab: To gain basic knowledge about ARP cache in Windows: 1.Find any windows machine (outside the lab is OK) and open the command prompt. 2.Type “arp”. This is the help screen on how to use ARP in windows. There are some example usages as can be seen on the last 2 lines of the help screen. Read about various flags that show up in the arp description. 3.Type “arp –a” in the prompt to display the ARP table. Note that the table stores 3 things per entry: internet address (IP), physical address (MAC address) and whether the entry is static or dynamic. Please take a quick look at the appendices so you are aware of what is in them. Lab Scenario: This lab requires the use of four machines on the same network: 1.RedHat Host Machine 2.RedHat 7.2 Virtual Machine 3.RedHat 7.2 Copy Virtual Machine
24.Windows XP Virtual Machine Section 1 1.1. Installing and Using L0phtCrack on the Windows XP System Virtual Machine Take a look at to note that this tool is no longer sold as of March 3, 2006 and also to get an idea of its history and why it was pulled from the market by Symantec. . This web site says that other available tools now include John the Ripper, RainbowCrack and Cain and Abel. To crack passwords on the Windows system, we will be using a program called L0phtCrack. We will be using a trial version of this software that is valid for 15 days. Obtain the installation file from theToolson the NAS server. You should have copied the Windows directory under Tools to your drive already. If not, the steps are outlined below. Select Start->Run Type\\57.35.6.10\secure_class The username and password are bothsecure_class.
Want to read all 132 pages?
Previewing 3 of 132 pages Upload your study docs or become a member.
Want to read all 132 pages?
Previewing 3 of 132 pages Upload your study docs or become a member.
End of preview
Want to read all 132 pages? Upload your study docs or become a member.