|
INLS 187 - Information
Security For the purposes of this assignment I will evaluating one of Dr. Greg Newby's servers that resides in his office of Manning Hall at the University of North Carolina at Chapel Hill. The name of this server is "Blue" and its IP address is 152.2.81.93. We, the INLS 187 class, were granted permission to "attack" and probe this server by Dr. Newby. I want to make this point clear before I precede on this assignment less anyone think that I have malicious intents and desires. So without further ado here comes the systematic attack plan and its implementation. I am not an experienced "hacker" or "cracker" under any stretch of the imagination. While I think that many of us have fantasy and daydreams of being outlaws and desperado it is rare that any of us act on these wild thoughts. I could go on a tangent here and discuss how these visions of banditry are ground into us by our American society in the myth of the west but I will be strong and carry on with the assignment. I will be using SSH2 to connect to Blue for the duration of this assignment from either my Ruby account or isis. So here is my thought process leading up to this probing: We were introduced to Blue in class on January 22, 2003 (Dr. Newby had mentioned it earlier but this was the first proper introduction). Because of this I knew that his username was gbnewby. I don't take this information as an insider because I would have guessed this one pretty quickly on my own. Because Dr. Newby wanted to show us the server he logged onto his Ruby account on the SILS server. I tried to watch him plug in his password from seat in the class, ala the movie Sneakers. The only thing that I can tell from this is that Dr. Newby operates on the right quadrent of the keyboard when logging in. I can't tell if he is using the shift key or not and it would be too obvious and illegal if I placed keystroke recording software on the computer in the classroom, that and Scott Adams would have my head on a pike. This was unsuccessful and thus makes it harder to crack the server. So what is my criteria for evaluation? First I am going to try a manual guessing strategy based on what I know about Dr. Newby. A little social engineering is just what the doctor ordered. Following this manual guessing technique, which is bound to fail, I will search the web for password cracking tools and utilities. I will then attempt to download them, compile them, and run them. As I am a novice at this I doubt I am going to get far. I also don't want to get my name associated with some of these places, which have got to be watched by white hats and government agencies, so I am looking at them on campus rather than my personal computer. I have also spoken to several other students about their search and crack strategies in the class and they are having little success. We have talked about trying to overload the server so one of could get in but I doubt that this comes to fruition. So if the server passes my meager attempts at entry I will have to assume that it is secure. My first strategy was to just try and guess Dr. Newby's password. I tried the following passwords for gbnewby on the Blue server:
I gave up after 20 attempts because it seemed rather illogical that I would just come out and guess a password. Espically considering that the server that I am trying to open up belongs to a information security instructor. This is where some of the social engineering took place. I know that Dr. Newby has/had a server named "Underdog", which goes along with his love of dogs that he has mentioned in class. So I tried various combinations of the word "underdog" with upper and lower case letters. I also tried some obvious character substitutions like the "^" character for a "U" or "u". I also tried underdog with various blue combinations. For obvious reasons based on our readings I tried "root" and "normal" as passwords but neither of these worked. Alas, this home grown brute force did not get me anywhere. I tried to run nmap on my computer but it did not like the program for some reason. It would intilize but then it would give a giant "QUITING!" exclamation and end. So I gave up. I will try it at SILS to see if it is installed on any of their computers. This will allow me to see what ports are open and running on Blue. Based on this I can then analyze the weaknesses that Blue has. The next part of the strategy was to do a simple online search for password cracking tools. Surprisingly there are quite a few that are available over the Internet. I was led to Password Portal which has multiple password cracking tools hyperlinked on it. One of these, John the Ripper, comes packaged with our Real World Linux Security textbook for password evaluation. These are brute force programs that continually try to log onto a server using a dictionary of commonly used passwords. This did not work, but is something to keep in mind if and when I end up as a security person on a netowork. A mutual friend said that I should try running Etheral to try and "sniff" the password. While I am tempted to run this program to try and break the system I am concerned about the legality of doing so. While I could run it to "sniff" my own password I don't feel right running it to watch someone else. As a network administrator I would have no problem doing this on my own network to watch people who were attaching to the server over insecure means, but don't feel right using it in this instance. I did eventually try to run LC4 which is a great password evaluation program. Unfortuantly you must have access to the foreign server if you want to run it on or against its hased passwords. As I do not have access to Blue this served little function. However, I did run it against my home computer and my password seems to be rather secure. It did not find any of the letters/characters. Makes me feel pretty good about my password manufacturing skills. As far as I can tell Blue is a secure server, but this assessment is coming from an inexperienced person when it comes to this type of activity. What did I walk away from this assignment with? Well I learned that there are quite a few tools available for white hats and black hats and the system admin needs to be aware of what is going on. They should also be subscribed to multiple listservs that discuss bugs and hacks to fix and secure systems that they are in charge of operating. |