Show page

Differences

This shows you the differences between two versions of the page.

--- cdci:exam [2020/05/22 17:19]
mihai.chiroiu [Topology]
+++ cdci:exam [2022/06/03 12:12] (current)
mihai.chiroiu
@@ Line 1: / Line 1: @@
-====== Exam - 22 May 2020  ======
+====== Exam - 03 June 2022  ======
 Use OpenStack CDCI template to start a new VM. To access the VM, login to fep.grid.pub.ro using your UPB credentials, and from there ssh into the private IP from OpenStack using "ubuntu" as a username and your ssh key.
+First, you need to sync your CDCI directory from the git.
+<code>
+ubuntu@cdci-test:~$ cd cdci/
+ubuntu@cdci-test:~/cdci$ sudo su
+root@cdci-test:/home/ubuntu/cdci# git pull
+root@cdci-test:/home/ubuntu/cdci# cd containers/
+root@cdci-test:/home/ubuntu/cdci/containers# cd exam_docker/
+root@cdci-test:/home/ubuntu/cdci/containers/exam_docker# make
+[...] THIS TAKES ABOUT 5 MINUTE [...]
+root@cdci-test:/home/ubuntu/cdci/containers# cd ../snort_lab07
+root@cdci-test:/home/ubuntu/cdci/containers/snort_lab07# make
+[...] THIS TAKES ABOUT 10 MINUTE [...]
+</code>
+Second, start the topology from one terminal, and use three others to connect to the virtual nodes.
+<code>
+ubuntu@cdci-v2:~/cdci/labs/lab07$ cd /home/ubuntu/cdci/labs/lab07/
+ubuntu@cdci-v2:~/cdci/labs/lab07$ sudo python3 topology.py
+ubuntu@cdci-v2:~/cdci/labs/lab07$ sudo ./h1.sh
+ubuntu@cdci-v2:~/cdci/labs/lab07$ sudo ./h2.sh
+ubuntu@cdci-v2:~/cdci/labs/lab07$ sudo ./ids.sh
+</code>
 Due to the fact that we have to work remote, please make sure that you record your screen while working. Here is how.
@@ Line 41: / Line 66: @@
 {{ :cdci:labs:cdci_lab06-exfiltration-topology.png?direct&600 |}}
-===== Topology =====
+===== Tasks =====
+==== 01. [2p] IMCP Payload ====
+Send the “CDCI-EXAM” payload from H1 to H2 using the ping command. Display the payload on H2 as it is received (using tcpdump).
+==== 02. [2p] MITM ====
+From H1 do a MITM attack against H2. Test it and make sure traffic can be displayed.
+==== 03. [1p] Encryption ====
+Use AES128 ECB mode and encrypt the “CDCI-EXAM-TODAY” string in. Save it as Base64 in a local file. Use any password for encryption.
+==== 04. [2p] ICMP Tunnel ====
+Create an ICMP tunnel between H1 & H2 and send the following string over the tunnel “CDCI-EXAM-TODAY”. Save the traffic and open it using Wireshark/tcpdump (on your personal computer).
+==== 05. [1p] Snort1 ====
+Write down a snort rule that matches any type of ICMP or TCP traffic. Snort is installed on the IDS. Make sure an alert is generated with the following message: “ICMP for CDCI-EXAM”.
+<note>You can run SNORT with the following command: “snort -A fast -b -p -v -c /etc/snort/snort.conf -k none -i IDS-eth0” for faster processing. </note>
+==== 06. [1p] Snort2 ====
+Write down a snort rule that matches any ICMP or TCP traffic with the “CDCI-EXAM” payload. Make sure an alert is generated with the following message: “PAYLOAD CDCI-EXAM”.
+==== 07. [1p] Snort3 ====
+Write down a snort rule that matches any ICMP or TCP traffic with the “EXAMCDCI-[A-Z]{3}“ payload encoded as Base64. Make sure an alert is generated with the following message: “EASY CDCI-EXAM”.
+<note> Note: “EXAMCDCI-[A-Z]{3}“  is a regex and will match something like: EXAMCDCI -AZI, EXAMCDCI -YES, etc. (https://regex101.com/). </note>
-==== 02. [5p] Internet connectivity ====
-Before you begin, make sure that you have Internet connectivity on all two nodes (attacker and victim). R1 should be the gateway for the Attacker and Victim. Write down the MAC and IP addresses of all 3 nodes (including the gateway). Use the provided scripts to access the nodes.
-<code>
-root@ip-172-30-0-165:/# ./attacker_bash.sh
-root@attacker:/#
-root@ip-172-30-0-165:/# ./victim_bash.sh
-root@victim:/#
-</code>

General info CDCI

Lectures

Labs

Assignments

Resources

Useful resources

cdci/exam.1590157191.txt.gz · Last modified: 2020/05/22 17:19 by mihai.chiroiu

Show page Old revisions

Media Manager Back to top