Changes

Jump to: navigation, search

SRT210 First Half Review

3,194 bytes added, 10:10, 15 February 2019
Created page with "This week we'll review everything we've done in the course so far, in order to prepare you for the test. * Start by downloading [https://scs.senecacollege.ca/~andrew.smith/sr..."
This week we'll review everything we've done in the course so far, in order to prepare you for the test.

* Start by downloading [https://scs.senecacollege.ca/~andrew.smith/srt210/review.qcow2 this KVM virtual machine disk image].
* Create a new virtual machine, name it "review", and select the downloaded image to use as a virtual disk.
* Do at least all the BASIC exercises below. If you still have time, do the intermediate ones as well. The advanced ones are intended to be the biggest challenges.
* If you find any of the basic ones are challenging - spend more time on that material before the test.

= Offline access =
* BASIC There are some documents in /home/hr on your image. Since you don't have the credentials to log in to the machine - use a different technique to retrieve them to your c7host.
* BASIC Reset the root password on the VM so that you can log into it as root.
* INTER Copy the shadow file from the VM's image and ron John the Ripper on it to see whether you can crack any of the users' passwords.
* ADV This VM has Wordpress set up on it. Get the password for the user andrew from the wordpress configuration.
* ADV Set up the system so that you will get an email whenever a user logs in (you decide whether any user or a specific user).
* CRA Find the mysql root password. It's there somewhere but not in an immediately obvious place.

= Networking =
* BASIC Set up the VM to work on your network1, and using opendns directly (not via your Bind setup).
* BASIC Get MAC address of c7host, lin1, lin2 from the new VM without SSHing to those machines.
* BASIC Try to get the MAC address of the Seneca gateway from new VM. If you can't do it - you should be able to explain why.
* BASIC Use traceroute in the new VM to find the host's default gateway.
* INTER Spoof the MAC address of the network card in your VM.
* ADV Capture all network traffic on the new VM's default gateway on the virbr interface and save it in a file.

= Firewall =
* BASIC Set up iptbles to serve as a useful firewall with just two rules.
* BASIC Allow DNS queries from internal subnet only.
* BASIC Run /root/iptables-dns-fail-setup.sh which will reconfigure your firewall and find what's causing DNS queries to fail.
* BASIC Run /root/iptables-ssh-fail-setup.sh which will reconfigure your firewall and find why SSH traffic is not allowed in.
* INTER List ports the VM is listening on and scan for whether they are exposed externally.
* ADV Set up a new chain in the filter table to allow only specific machines access to MySQL.

= SELinux =
* BASIC Check whether it's enabled.
* BASIC Find the security context of several files, determine whether web server should be able to read them.
* INTER Modify security context for web server to be able to write to the wordpress upload directory.
* ADV Verify that the above worked.

= DNS =
* BASIC Use host to find A records
* BASIC Use dig/nslookup to find A vs CNAME records
* BASIC Use dig to find authoritative name servers for gmail.com
* BASIC Use dig to get authoritative MX records for gmail.com
* BASIC Configure Bind on lin2 with reverse DNS records for senecacollege.ca, google.com, ietf.org and check that they work in firefox anyway

Navigation menu