Show page

Differences

This shows you the differences between two versions of the page.

--- cdci:exam [2020/05/22 15:04]
mihai.chiroiu
+++ cdci:exam [2022/06/03 12:12] (current)
mihai.chiroiu
@@ Line 1: / Line 1: @@
-====== Exam - 22 May 2020  ======
+====== Exam - 03 June 2022  ======
 Use OpenStack CDCI template to start a new VM. To access the VM, login to fep.grid.pub.ro using your UPB credentials, and from there ssh into the private IP from OpenStack using "ubuntu" as a username and your ssh key.
+First, you need to sync your CDCI directory from the git.
+<code>
+ubuntu@cdci-test:~$ cd cdci/
+ubuntu@cdci-test:~/cdci$ sudo su
+root@cdci-test:/home/ubuntu/cdci# git pull
+root@cdci-test:/home/ubuntu/cdci# cd containers/
+root@cdci-test:/home/ubuntu/cdci/containers# cd exam_docker/
+root@cdci-test:/home/ubuntu/cdci/containers/exam_docker# make
+[...] THIS TAKES ABOUT 5 MINUTE [...]
+root@cdci-test:/home/ubuntu/cdci/containers# cd ../snort_lab07
+root@cdci-test:/home/ubuntu/cdci/containers/snort_lab07# make
+[...] THIS TAKES ABOUT 10 MINUTE [...]
+</code>
+Second, start the topology from one terminal, and use three others to connect to the virtual nodes.
+<code>
+ubuntu@cdci-v2:~/cdci/labs/lab07$ cd /home/ubuntu/cdci/labs/lab07/
+ubuntu@cdci-v2:~/cdci/labs/lab07$ sudo python3 topology.py
+ubuntu@cdci-v2:~/cdci/labs/lab07$ sudo ./h1.sh
+ubuntu@cdci-v2:~/cdci/labs/lab07$ sudo ./h2.sh
+ubuntu@cdci-v2:~/cdci/labs/lab07$ sudo ./ids.sh
+</code>
 Due to the fact that we have to work remote, please make sure that you record your screen while working. Here is how.
@@ Line 40: / Line 65: @@
 {{ :cdci:labs:cdci_lab06-exfiltration-topology.png?direct&600 |}}
+===== Tasks =====
+==== 01. [2p] IMCP Payload ====
+Send the “CDCI-EXAM” payload from H1 to H2 using the ping command. Display the payload on H2 as it is received (using tcpdump).
+==== 02. [2p] MITM ====
+From H1 do a MITM attack against H2. Test it and make sure traffic can be displayed.
+==== 03. [1p] Encryption ====
+Use AES128 ECB mode and encrypt the “CDCI-EXAM-TODAY” string in. Save it as Base64 in a local file. Use any password for encryption.
+==== 04. [2p] ICMP Tunnel ====
+Create an ICMP tunnel between H1 & H2 and send the following string over the tunnel “CDCI-EXAM-TODAY”. Save the traffic and open it using Wireshark/tcpdump (on your personal computer).
+==== 05. [1p] Snort1 ====
+Write down a snort rule that matches any type of ICMP or TCP traffic. Snort is installed on the IDS. Make sure an alert is generated with the following message: “ICMP for CDCI-EXAM”.
+<note>You can run SNORT with the following command: “snort -A fast -b -p -v -c /etc/snort/snort.conf -k none -i IDS-eth0” for faster processing. </note>
+==== 06. [1p] Snort2 ====
+Write down a snort rule that matches any ICMP or TCP traffic with the “CDCI-EXAM” payload. Make sure an alert is generated with the following message: “PAYLOAD CDCI-EXAM”.
+==== 07. [1p] Snort3 ====
+Write down a snort rule that matches any ICMP or TCP traffic with the “EXAMCDCI-[A-Z]{3}“ payload encoded as Base64. Make sure an alert is generated with the following message: “EASY CDCI-EXAM”.
+<note> Note: “EXAMCDCI-[A-Z]{3}“  is a regex and will match something like: EXAMCDCI -AZI, EXAMCDCI -YES, etc. (https://regex101.com/). </note>

General info CDCI

Lectures

Labs

Assignments

Resources

Useful resources

cdci/exam.1590149095.txt.gz · Last modified: 2020/05/22 15:04 by mihai.chiroiu

Show page Old revisions

Media Manager Back to top