IT6843 Lab13 scheerla - Lab Assignment PDF

Preview

Summary

Lab Assignment...

Description

IT 6843 ETHICAL HACKING SAI SANNIHITH CHEERLA NOVEMBER 07,2018 Hands on Labs [10 points] Part I: Rootkit tool [7 points] In this lab, you will install the following root kit detection tools in kali VM. Then, do a check of your local Kali VM for presence of rootkit.

 

chkrootkit: A tool to locally check for signs of a rootkit. [4] Rootkit Hunter: A tool that scans for rootkits, backdoors and local exploits. [5]

chkrootkit: chkrootkit is a tool to locally check for signs of a rootkit. It consists of a shell script and various tools which check for lastlog, wtmp, wtmpx and utmp deletions as tools to check for signs of LKM rootkits. [4] Installation Installing chkrootkit is simple and can be done in one of two ways: using pre-built packages through the Linux distrubution's package manager repository, or downloading and building the source tarball. To download straight from the command line you can use this wget command: $ wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

Then you use the following commands to extract the archive, and execute make in order to compile its bundled binary tools:

$ tar -xzvf chkrootkit.tar.gz $ cd chkrootkit-0.49 $ make

Usage Once chkrootkit is compiled it can be run without any options to check for signs of a rootkit on the system. $ ./chkrootkit

Provide screenshot of the report for chrookit. [2 points]

Rootkit Hunter: Rootkit Hunter is a tool that scans for rootkits, backdoors and local exploits. It

uses a combination of cryptographic hash comparison and path-based methods to check for signs of a rootkit on the system [5]. Installation To install Rootkit Hunter visit the website http://rkhunter.sourceforge.net (from Iceweisel browser) and download the latest version available.

Use the following command to extract the downloaded archive: $ tar -xzvf rkhunter-1.4.2.tar.gz

Change to the extracted directory: $ cd rkhunter-1.4.2

To install Rootkit Hunter run the 'install.sh' shell script with the options '--layout default – install' which will install it to '/usr/local': $ ./installer.sh --layout default --install

Usage Prior to scanning the system with Rootkit Hunter you need to update its data files to ensure you are using the latest available. To do this run it with the '--update' option: $ rkhunter –-update

It's also important to run it with the '--propupd' option to initialize the MD5 hash database which it will use to perform cryptographic hash comparisons: $ rkhunter –-propupd

To perform a scan run rkhunter with '--check --skip-keypress --summary': [allow at least 10 minutes or more to complete the checking]. Run the command from Kali VM

$ rkhunter --check --skip-keypress --summary

Provide screenshot of the summary report from Rootkit hunter (an example is shown below). How many rootkits were found in your Kali VM? [3 points]

Among the tools, which one you think is the best? Why? [2 points]

For me rkhunter is the best. Although it didn’t take 10 minutes to scan the scan went thoroughly along with a final summary. It also provides details where there is a warning.

Part II: SMSD Labware [3 points] In this part, you will be practicing a labware developed as part of Secure Mobile Software Development project. It has three steps: (i)

Complete a prelab survey, provide a screenshot of the survey completion. [1 point] https://kennesaw.co1.qualtrics.com/jfe/form/SV_3VnDAbyHHfsp0Tb

(ii)

Practice the labware from M6 module on SQLite Cipher, https://sites.google.com/site/smsdproject/home/secure-mobile-database/sqlite-cipher You can setup an android development environment in your computer, see instructions here https://sites.google.com/site/smsdproject/home/getting-started. There is no deliverable from the labware, just add a screenshot during your practice. [1 point] I used to have Android Studio installed but after the ransomware attack I should reinstall it which is a time consuming process with the internet I have. I went through the java code and build.gradle code and understood what the application is.

(iii)

Complete a postlab survey at this link, ht t ps : / / k ennes aw. c o1. qual t r i c s . com/ j f e/ f or m/ SV_3Obv BkDz 9l 96RCJ Provide a screenshot of completing the survey. [1 point]

Feedback: • Difficulty (-2 - too easy ... 0 - just right ... 2 - too hard) __-2_________________ • Interest level (-2 - low interest ... 0 - just right ... 2 - high interest) _2__________ • Time to complete the lab (min) _____5______________________________ Make a suggestion on how to improve this lab assignment...