Your SlideShare is downloading. ×
Internet Information Services
Internet Information Services
Internet Information Services
Internet Information Services
Internet Information Services
Internet Information Services
Internet Information Services
Internet Information Services
Internet Information Services
Internet Information Services
Internet Information Services
Internet Information Services
Internet Information Services
Internet Information Services
Internet Information Services
Internet Information Services
Internet Information Services
Internet Information Services
Internet Information Services
Internet Information Services
Internet Information Services
Internet Information Services
Internet Information Services
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Internet Information Services

2,449

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,449
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
17
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. ECE4112 Internetwork Security Lab 12: Internet Information Services (IIS) Group Number: _________ Member Names: ___________________ _______________________ Lab Authors: Scott McCans, Peter Mehravari Date Assigned: ??????? Date Due: ???????? Last Edited: ???????? Please read the entire lab and any extra materials carefully before starting. Be sure to start early enough so that you will have time to complete the lab. Answer ALL questions in the Answer Sheet and be sure you turn in ALL materials listed in the Turn-in Checklist on or before the Date Due. Goal: The goal of this lab is to introduce the Windows based platform Internet Information Services (IIS) as a viable web server. In particular, emphasis will be placed upon getting to know the vulnerabilities of the application as well as how to protect the server against black hat attacks. Summary: This lab consists of two main sections plus a section dedicated to setup and one to further research. The two major experimental sections will be dealing with IIS version 5.0 and 5.1. For both of these versions, exploits will be presented and explained, and also information on how to harden both of these web servers to prevent the vulnerabilities will be discussed. Background and Theory: • Read “Hacking Exposed” Web Server Hacking pg 536-561 • Read Wikipedia’s entry on IIS (see Reference [1]) • Read about ASP and the role of the global.asa file (see Reference [2]) Prelab Questions: PLQ1. Give a summary of all the versions of IIS and what operating system they run on. PLQ2. What is the role of the global.asa file in ASP? 1
  • 2. Equipment: This lab requires the use of four machines on the same network: 1. RedHat 4.0 WS Host Machine 2. Windows XP Virtual Machine 3. Preconfigured Win2kServer Virtual Machine 4. Preconfigured Win2k3Server Virtual Machine Equipment needed: 1. Windows XP Professional CD Section 1: Setup 1.1 Setting up the IIS server on Windows XP Virtual Machine 1. Put the Windows XP CD in the drive. If the CD isn’t recognized by the virtual machine right click on the CD drive with the red X over it (located at the bottom right of the VMware window) and click enable. 2. Go to the Control Panel. Click on Add/Remove Programs 3. Click on the Add/Remove Windows Components button on the left side of the window. 4. Put a check in the box next to “Internet Information Services (IIS)” and click Next. Let IIS install. 5. When it’s done installing restart Windows. 6. After Windows reboots, try to access the web server from Red Hat WS 4.0. Open a web browser and try to connect to the address http://<Windows XP IP address>. If IIS is properly running you should get a page saying the site is under construction. 1.2 Setting up the IIS Win2k and Win2k3 Server Virtual Machines Copies of the virtual machines, created by the TAs, are available on the NAS server. You will be creating virtual machines out of them. Copy the files called Win2k.zip and Win2k3.zip from the NAS server to your Red Hat 4.0 WS root directory. Unzip these files using the unzip command to your /root/vmware/ folder. Look at appendix A for instructions on how to install these images in Vmware if you have forgotten. 2
  • 3. When creating the virtual machine, you may be prompted about upgrading. If so, click on the upgrade button. Configure the IP addresses as follows • WinXP = 56.35.6.(x+2) • Win2kServer = 56.35.6.(x+3) • Win2k3Server = 56.35.6.(x+4) See appendix B for configuring windows machine IP addresses Section 2: IIS 5.0 Power on the Win2kServer virtual machine, which was installed in the previous section. This section of the lab will be dealing exclusively with this virtual machine. The login is “Administrator” and the password is “pass” for this virtual machine. 2.1 IISHACK2000 http://downloads.securityfocus.com/vulnerabilities/exploits/iishack2000.c This exploit takes advantage of a printer buffer overflow on the Windows 2000 version of IIS. The result of running this overflow is a file created on the C: drive. Copy the file iishack2000.c from the NAS to a location on your Red Hat 4.0 WS local machine. Using the terminal window locate the file. Compile and run the .c code using the following commands: gcc iishack.c –o iishack ./iishack 57.35.6.(x+3) 80 0 Look in the C: directory of the Win2kServer machine and observe its contents. Q2.1.1. What new file is now located in the Win2kServer’s C: folder? Screenshot #1: Take a screenshot of the C: drive showing the added file. Look at the actual code being implemented by iishack2000. This program has the ability to take in any shell code and run it using a buffer overflow. The file created is just a default file which is used to prove the exploit works Q2.1.2. What sort of files would be more useful to a hacker to use along with this exploit instead of the default file. 3
  • 4. Q2.1.3. Look at the outputted text after the program is run. What does this suggest to you might be ways of preventing this exploit from affecting your server. 2.2 Double Decode Directory Traversal Attacks http://www.unleashedportal.com/Article1033.html Exploits do not always need a specific tool or code file; in this case all an attacker needs is a web browser. Open Ethereal in Red Hat 4.0 WS and set start capturing packets. Open the Firefox web browser on the Red Hat 4.0 WS host machine and enter the following in the address line: http://57.35.6.x+3/Scripts/..%%35%63..%%35%63..%%35%63..% %35%63winnt/system32/cmd.exe?/c+dir+c: If a save file prompt appears click cancel. Stop ethereal and follow the TCP stream to find the commands sent and the response given. Screenshot #2: Take a screenshot of the TCP stream showing the contents of C: drive The exploit works because the “Scripts” directory on the web server has execute permissions. The “..%%35%63” tells the server to move up a folder. In this example it goes up four directories and ends up in C:. The “winnt/system32/cmd.exe” part of the URL tells the server to run that program, which is the windows shell program. Everything after the “?/c+” is what is run by cmd.exe. In this case the command “dir c:” is run, which is why we see the listing of the C: directory in the ethereal capture. Q2.2.1. Using the method described above, how would you go about deleting a file, test.txt, located in the C:/ directory? Make a test.txt file on the Win2kServer virtual machine and test it out. Now we want to run something other than “cmd.exe.” As a blackhat, one might want to run such programs as rootkits, Trojans, or viruses. However for simplicity we will try to run Notepad. Locate the Notepad program and use the above techniques to run it. Q2.2.2. What would the URL be to run this application? 4
  • 5. Screenshot #3: Take a screenshot of the Win2kServer Task Manager showing the NOTEPAD.exe running 2.3 IIS 5.0 Search Buffer Overflow http://www.securiteam.com/windowsntfocus/5JP0C203PQ.html The most important aspect of a web server is for it to be up and running at all times. If attackers are then trying to inflict the most damage to a web server, they should implement a denial of service attack. In this exercise we will be running such an attack and seeing how it affects the server’s operation. Once the symptoms of an attack are known, administrators can keep a watchful eye out for these attacks and hopefully prevent future ones. Copy the iis50dos.pl file to your root directory on your Red Hat 4.0 WS machine. From that directory run the following command: perl iis50dos.pl 57.35.6.x+3 80 You will notice that nothing substantial occurs. Now open out the task manager on the Win2kserver virtual machine and find the processes called “inetinfo.exe.” This is the IIS process. Bring up the Red Hat 4.0 WS terminal where you just executed the exploit so that you can also see the task manager. As you execute the code again, watch what happens to the “inetinfo.exe,” and also look at the total CPU usage at the bottom of the task manager window. Q2.3.1. Describe what happens to the server when the DoS exploit is run. Now we would like to actually see what is going on. Click on the start menu on the Win2kserver -> Select Programs -> Select Administrative Tools -> Select Event Viewer Select system log from the list of the left side. Double click on one of the errors that were caused by the exploit. Screenshot #4: Take a screenshot of one of the event logs in Event Viewer created by the exploit 2.4 IIS Lockdown http://www.microsoft.com/technet/security/tools/locktool.mspx 5
  • 6. Note: Be sure to complete the previous sections before installing IIS Lockdown. It makes some changes that aren’t easily reversed, which may interfere with the exploits used. • Copy the file “iislockdown.exe” to the Win2kServer virtual machine • Run the executable • Click Next then Next again to accept the agreement • Select “Static Web server” from the list of server templates then click Next • Click Next, then Next again • After installation finishes, click Next then click Finish Now that the lockdown hardening tool has been installed, we will try some of the exploits we used in the previous sections. Open up a browser on the host machine and enter the code you used to look at the contents of the C drive http://57.35.6.x+3/Scripts/..%%35%63..%%35%63..%%35%63..% %35%63winnt/system32/cmd.exe?/c+dir+c: Q2.4.1. Are you able to see the Win2kServer’s C: directory? Now try to run the denial of service attack from the last section again. Q2.4.2. Does the exploit still work? To further understand how the lockdown program makes IIS more secure look over the program’s website at http://www.microsoft.com/technet/security/tools/locktool.mspx and any other websites you can find. Q2.4.3. How does IIS Lockdown prevent exploits such as the ones used in this lab? Section 3: IIS 5.1 This section will be dealing primarily with the WinXP machine. Make sure that this virtual machine is the only one running. We will also be using the 4.0 WS machine to access data on the XP server. 6
  • 7. Even though IIS is always running the background, we would like to actually see what is going on in order to understand its functionality better. To access the IIS program: Click on the Start menu -> Click on Control Panels -> Click on Administrative Tools -> Click on Internet Information Services. This should bring up the IIS screen. Now that you can see the interface, open up all the folders in the default website to better see what is being kept on the server. 3.1 Malformed URL http://ingehenriksen.blogspot.com/2005/12/microsoft-iis-remote-dos-dll-url.html From your Red Hat WS 4.0 machine open a web browser and load the following address: http://<Windows XP IP address>/_vti_bin/.dll/*~0. You should get a page that says “The filename, directory name, or volume label syntax is incorrect” Hold Ctrl and click the refresh button. The page will stay the same. Keep clicking on the refresh button Q3.1.1. How many times did you need to load the page before something different happened? Look at the Windows XP virtual machine. You should have a message indicating that “Internet Information Services has encountered a problem.” The reason it takes four refreshes to crash the server is because the command accesses a counter in the inetinfo.exe process. This entry decrements itself each time the refresh button is pressed. Once the counter reaches 0x0 address, counted down to zero, the ntdll.dll is not able to properly read this value and reacts by crashing the entire IIS server. [7] Screenshot #5: Take a screenshot of the error message that occurs when IIS crashes on the WinXP Virtual Machine. Examine the address typed into the host’s web browser. You will notice that it tries to access the _vti_bin folder which is one of the default folders IIS makes. Try to use some of the other default folders instead of _vti_bin. Q3.1.2. Does accessing these other folders also cause to server to crash? You can take a closer look at the properties of these folders in the IIS manager running on the Windows XP virtual machine by right clicking on them and selecting “Properties.” In particular take a look at the Application Settings of the folders 7
  • 8. Q3.1.3. What makes the _vti_bin folder different from the other default folders? Since you have found why the _vti_bin folder is vulnerable to malformed url attacks, can you find a way to make it secure? (Hint: it has something to do with what makes it different than the other folders) Once you have fixed the vulnerability try once again by running the original exploit Q3.1.4. Does the exploit still make the server crash? Screenshot #6: Take a screenshot of the host machine’s webpage after the exploit was run against the secured web server. Before moving on to the next section, reset all changes made in order to secure the server. Test the exploit to ensure IIS is now vulnerable again. 3.2 URL Scan http://www.microsoft.com/technet/security/tools/urlscan.mspx Copy “urlscanSetup.exe” from the NAS to the WinXP virtual machine. Run the program. Click “Yes” to accept the license -> Click Ok when it finishes installing. Retry the exploit in the previous section by entering “http://<Windows XP IP address>/_vti_bin/.dll/*~0” on the Red Hat 4.0 WS machine’s web browser. Q3.2.1. Does the exploit now make the server crash after URL Scan has been installed? The URL Scan works by checking all incoming messages to the server for certain “catch phrases.” These catch phrases are mostly commonly known exploits but allow administrators to actively add suspicious text as new vulnerabilities come to light. Some of the phrases URL Scan look for are as follows and can be found on Microsoft’s website dealing with URL Scan Version 2.0 [9]: • reject requests in the form of "/abc.dll/foo.bar.htm" • look for the first recognizable extension in the string (.exe, .dll, .com) • log output for URLs changed to pre-pended with the instance ID of the site • [AllowExtensions] and [DenyExtensions] now supported by the administrator entering "." as an extension to give them a way to include extensionless URLs. 8
  • 9. • administrator can specify a URL to return to the client in the case of a rejected request By looking out for these extensions and dealing with them appropriately, administrators of web servers will be able to protect themselves from the initial vulnerabilities that came with the application. To take a further look into how the actual code works, open up the URL Scan configuration file located in c:WINDOWSsystem32inetservurlscan. Open the file called urlscan.ini. Look through the code and try to understand how the program works. Q3.2.2. List all of the URL sequences which URL Scan blocks? Take a look at all of the extensions which URL Scan also blocks. You will notice that there are too many to list. One thing which URL Scan does run into problems with is denying some extensions which might be useful to white hat users of the web server. Q3.2.3. What are some extensions that might limit usage of a web server because they are blocked by URL Scan and why are they important? Let’s say we now want to allow ASP pages in our web server without wanting to turn URL Scan off. Load up in a browser on the 4.0 WS machine and access http://57.35.6.x+2/iisstart.asp Q3.2.4. Can the page be found? Open up the urlscan.ini as found above and search through the file till you find the section titled “Deny ASP Requests.” Following the title it should list four extensions that will be denied by the program. Comment out the first of the extensions by adding a semicolon before the extension. It should look as follows ;.asp Save the file and close it. Run urlscan.exe which also resides in the same folder as urlscan.ini. A window should come up stating that it has been successfully installed. Press OK. This causes the changes made in the urlscan.ini to take effect. Load up the http://57.35.6.x+2/iisstart.asp page again on the 4.0 WS machine and view the result. 9
  • 10. Q3.2.5. What does the page now display? Screenshot #7: Take a screenshot of the web browser after accessing the iisstart.asp page. Uninstall URL Scan through the Control Panel’s “Add/Remove Programs” to be sure it doesn’t interfere with the next section. 3.3 Remote IIS Server Name Spoof http://ingehenriksen.blogspot.com/2005/08/remote-iis-5x-and-iis-60-server-name.html Due to the way IIS handles errors based on the “SERVER_NAME” variable, attackers can spoof the server name to get sensitive information, such as logins and passwords. In this section you will be doing such a spoof and looking at what information is giving as a result of this flaw. Copy the “test.asp” file from the NAS to the C:Inetpubwwwroot directory on your Windows XP virtual machine. On your Red Hat 4.0 WS machine open up a terminal window. Telnet into the WinXP web server using the following command: telnet 57.35.6.x+2 80 Type in the following command to retrieve the test.asp webpage: GET /test.asp HTTP/1.0 Hit enter again and the server should return the result of the page. Open up the test.asp file in a text editor. Q3.3.1. What IP address did the server return when accessing the test.asp page? Why is this? Telnet into the WinXP web server again. This time retrieve the test.asp page using the following command: GET http://localhost/test.asp HTTP/1.0 Q3.3.2. What value is returned by the variable “SERVER_NAME” from the test.asp code? 10
  • 11. Q3.3.3. Where does the server think the request is coming from, and why is this a problem? Now we will take advantage of this flaw. Copy the “global.asa” file from the NAS to the C:Inetpubwwwroot directory on your WinXP virtual machine. This file stores functions and variables that can be accessed by all .asp files. Again, telnet into the WinXP web server and type in the following command: GET / HTTP/1.0 Near the bottom of the page returned, look for the “Error Type” and the line that starts with “Microsoft VBScript compilation”. Create a text file on your RedHat 4.0 WS and copy the text between the <li> and </li> tags that include the “Error Type”. This will be used to compare the differences between accessing remotely and as localhost. Telnet into the Windows XP web server again. Q3.3.4. Remembering what we previously did to spoof the server name, what command would be used to get sensitive information? Once you have seen the results of the spoofed page, look for the same “Error Type” section of text you copied before. Copy the new text between the <li> and </li> tags containing the Error Type again and paste it into the text file with the previous results. Attachment #1: Attach the requested text from the telnet sessions showing the difference between remote and localhost requests. Q3.3.5. What sensitive data was returned when using the localhost request and what were the actual values returned? Section 4: IIS 6.0 http://www.microsoft.com/WindowsServer2003/iis/default.mspx Power on the Win2k3Server virtual machine, which was installed in the first section. The login is “Administrator” and the password is “password” for this machine. In order to view the IIS GUI: Click on the Start Menu -> Click the Administative Tools -> Click on Internet Information Services. This will bring up the IIS control console. Spend a few minutes getting familiar with the contents of the default webpage and the options this version of IIS provides 11
  • 12. To view the default page in a browser, on your Red Hat 4.0 WS machine, enter http://57.35.6.x+4/ into a browser. This will bring up the IIS default webpage. Unlike the previous versions of Internet Information Services, version 6.0 is much more dedicated to the security aspect of web hosting. In versions 5.0, 5.1, it was more up to the user to reinforce their server with add-ons and personal modifications whereas in 6.0 it is a more complete package that comes with already built in security measures. Please follow this link and read the article which details all of the built in security features of IIS 6.0. http://www.securityfocus.com/infocus/1765 Since IIS 6.0 is much more secure, there have not been very many exploits to date for this service. Also, because of the more recent release, there has been a limited amount of time for vulnerabilities to be found. Try out some of the exploits used on IIS 5.0 and 5.1 earlier in this lab to see if they work on IIS 6.0. Section 5: Lab Addition Suggestions You may have noticed that this lab was somewhat introductory and limited to only exploits on IIS versions 5.0 and 5.1. This is because hacking of 6.0 is still under development. The list below specifies topics that we would like groups to implement: • Additional exploits and vulnerabilities for versions 5.0 and 5.1 (See Reference [13] for a comprehensive list of exploits) • Directions hackers are moving to hack 6.0 • Research the new versions of IIS as they come out and how secure they are 12
  • 13. References [1] “Wikipedia – Internet Information Services,” http://en.wikipedia.org/wiki/Internet_Information_Services [2] “ASP The Global.asa file,” http://www.w3schools.com/asp/asp_globalasa.asp [3] “iishack 2000 - eEye Digital Security – 2001,” http://downloads.securityfocus.com/vulnerabilities/exploits/iishack2000.c [4] “Hacking IIS 5.0: The Complete Guide,” http://www.unleashedportal.com/Article1033.html [5] “SecuriTeam IIS 5.0 SEARCH method overflow,” http://www.securiteam.com/windowsntfocus/5JP0C203PQ.html [6] “Microsoft Security: IIS Lockdown Tool,” http://www.microsoft.com/technet/security/tools/locktool.mspx [7] “Inge Henriksen's Technology Blog: Microsoft IIS Remote DoS .DLL Url exploit,” http://ingehenriksen.blogspot.com/2005/12/microsoft-iis-remote-dos-dll- url.html [8] “UrlScan Security Tool,” http://www.microsoft.com/technet/security/tools/urlscan.mspx [9] “UrlScan Security Tool 2.0,” http://www.microsoft.com/windows2000/downloads/recommended/urlscan/ [10] “Inge Henriksen's Technology Blog: Remote IIS 5.x and IIS 6.0 Server Name Spoof,” http://ingehenriksen.blogspot.com/2005/08/remote-iis-5x-and-iis-60- server-name.html [11] “Internet Information Services,” http://www.microsoft.com/WindowsServer2003/ iis/default.mspx [12] “IIS 6.0 Security,” http://www.securityfocus.com/infocus/1765 [13] “SecuriTeam.com Exploits Archive 2006,” http://www.securiteam.com/exploits/archive.html 13
  • 14. APPENDIX A Vmware Image Installation Instructions • Follow the steps below to create a [virtual machine name] virtual machine.  Select File->New->New Virtual machine to create a new virtual machine  Choose Custom machine and click Next  Select legacy since these images were created with an older version of VMware  Select appropriate virtual machine operating system and also select version.  Change the name of the machine to [virtual machine name] and change the directory to /root/vmware/[virtual machine name]  You will be warned now that you already have a machine at that location, answer yes (this is what we just copied to there). If you aren’t warned about this then you have the image files in the wrong location. Go back and make sure they are in the right place.  Leave the virtual memory setting as it is. If it gives you problems, you can increase or decrease the amount of memory for each machine later.  Select Bridged networking and click Next.  Choose “Use an existing virtual disk” and click Next.  On the I/O adapter screen just click next  Click Browse, go into the /root/vmware/[virtual machine] directory and choose the filed called “[virtual machine].vmdk”  Click Finish. 14
  • 15. APPENDIX B Configuring IP Addresses for Windows Machines • Choose Start->Control Panel. • Click on Network and Internet Connections and then Network Connections. • Right click on the LAN connection that comes up and choose properties. • Choose TCP/IP and click properties. • Change the IP address to two more than your host machine. E.g. 57.35.6.x+2 where x is the last number in your host IP address. • Make sure the other settings look something like below. Netmask: 255.255.255.0 Default Gateway: 57.35.6.1 DNS server: 57.35.7.254 • Click OK and then OK again. Exit the control panel window. • Your windows virtual machine is configured properly now. Now open up a command window (type cmd in Start->Run) and ping your Red Hat 4.0 WS host machine’s IP address. Press control+c to stop it. 15
  • 16. ECE4112 Internetwork Security Lab 12: Internet Information Services Group Number: _________ Member Names: ___________________ _______________________ Answer Sheet Prelab Question: PLQ1. Give a summary of all the versions of IIS and what operating system they run on. PLQ2. What is the role of the global.asa file in ASP? 16
  • 17. Section 2.1 Q2.1.1. What new file is now located in the Win2kServer’s C: folder? Screenshot #1: Take a screenshot of the C: drive showing the added file. Q2.1.2. What sort of files would be more useful to a hacker to use along with this exploit instead of the default file. Q2.1.3. Look at the outputted text after the program is run. What does this suggest to you might be ways of preventing this exploit from affecting your server. Section 2.2 Screenshot #2: Take a screenshot of the TCP stream showing the contents of C: drive Q2.2.1. Using the method described above, how would you go about deleting a file, test.txt, located in the C:/ directory? Make a test.txt file on the Win2kServer virtual machine and test it out. 17
  • 18. Q2.2.2. What would the code be to run this application? Screenshot #3: Take a screenshot of the Win2kServer Task Manager showing the NOTEPAD.exe running Section 2.1 Q2.3.1. Describe what happens to the server when the DoS exploit is run Screenshot #4: Take a screenshot of one of the event logs in Event Viewer created by the exploit Section 2.4 Q2.4.1. Are you able to see the Win2kServer’s C: directory? Q2.4.2. Does the exploit still work? 18
  • 19. Q2.4.3. How does IIS Lockdown prevent exploits such as the one use in the lab? Section 3,1 Q3.1.1. How many times did you need to load the page before something different happened? Screenshot #5: Take a screenshot of the error message that occurs when IIS crashes on the WinXP Virtual Machine. Q3.1.2. Does accessing these other folders also cause to server to crash? Q3.1.3. What makes the _vti_bin folder different from the other default folders? Q3.1.4. Does the exploit still make the server crash? 19
  • 20. Screenshot #6: Take a screenshot of the host machine’s webpage after the exploit was run against the secured web server. Section 3.2 Q3.2.1. Does the exploit now make the server crash after URL Scan has been installed? Q3.2.2. List all of the URL sequences which URL Scan blocks? Q3.2.3. What are some extensions that might limit usage of a web server because they are blocked by URL Scan and why are they important? Q3.2.4. Can the page be found? 20
  • 21. Q3.2.5. What does the page now display? Screenshot #7: Take a screenshot of the web browser after accessing the iisstart.asp page. Section 3.3 Q3.3.1. What IP address did the server return when accessing the test.asp page? Why is this? Q3.3.2. What value is returned by the variable “SERVER_NAME” from the test.asp code? Q3.3.3. Where does the server think the request is coming from, and why is this a problem? 21
  • 22. Q3.3.4. Remembering what we previously did to spoof the server name, what command would be used to get sensitive information? Attachment #1: Attach the requested text from the telnet sessions showing the difference between remote and localhost requests. Q3.3.5. What sensitive data was returned when using the localhost request and what were the actual values returned? General Questions GQ1. How long did it take you to complete this lab? GQ2. Was it an appropriate length lab? GQ3. What corrections and or improvements do you suggest for this lab? Please be very specific and if you add new material give the exact wording and instructions you would give to future students in the new lab handout. You may cross out and edit the text of the lab on previous pages to make minor corrections/suggestions. General suggestions like add tool xyz to do more capable scanning will not be awarded extras points even if the statement is totally true. Specific text that could be cut and pasted into this lab, completed exercises, and completed solutions may be awarded additional credit. Thus if tool xyx adds a capability or additional or better learning experience for future students here is what you need to do. You should add that tool to the lab by writing new detailed lab instructions on where to get the tool, how to install it, how to run it, what exactly to do with it in our lab, example outputs, etc. You must prove with what you turn in that you actually did the lab improvement yourself. Screen shots and output hardcopy are a good 22
  • 23. way to demonstrate that you actually completed your suggested enhancements. The lab addition section must start with the title “Lab Addition”, your addition subject title, and must start with a paragraph explaining at a high level what new concept may be learned by adding this to the existing laboratory assignment. After this introductory paragraph, add the details of your lab addition. Turn-in Checklist 1- Answer Sheet with answers 2- 7 Screenshots 3- Attachment with telnet output from Section 3.3 4- Your detailed proposed laboratory enhancements. 23

×