Using BackTrack Linux in the Cyber Security Lab

The following provides various tips for configuring the workstations in the Cyber Security Lab in PHO309.

Create a new user account

Creating a user can be done in two ways, using the GUI of backtrack or by using the command window directly.

Using GUI:

  • Click on the K menu (analogous to start menu on Windows)
  • Go to System > Users and Groups
  • Click on Add User. The rest is straight-forward, define a username and password.

Using the terminal:

  • Use the following command: useradd –d [username] (The ‘-d’ parameter defines a login Home Directory for the username specified).
  • By default, the password for the newly made account is undefined. The first time you try to login, the system will ask you to define a password for the account.

Connecting a machine to the managed wireless network

  • Run wicd network manager from GUI, by first clicking into “Internet” from start menu.
  • Find the wlab-managed network, click the triangle to expand the options.
  • Open Advanced settings, enable encryption, enter the WEP hex key and then press connect.

Resetting the wireless base station

  • Physically reset the base station by pushing the point of a pen into the tiny hole at the back of the base station.
  • Access the base station from any machine in the lab by typing into a Web browser http://192.168.1.1 (prior to that, make sure that the machine has an IP address, by running dhclient).
  • The login should be left blank, pwd is admin.

Using Wireshark to capture packets in IEEE 802.11 ad-hoc networks

  1. Choose three machines, say 169.254.1.1, 169.254.1.2, 169.254.1.3.
  2. Set 169.254.1.1 and 169.254.1.2 to wireless ad-hoc mode, ssid=”WLAB”, and channel=1.
  3. Set 169.254.1.3 to wireless monitor mode, ssid=”WLAB”, and channel=1.

You can now sniff packets on the 169.254.1.3 machine using wireshark (interface wlan0). Apply the following filter to isolate packets only sent and received by the other two nodes:

Filter: ip.addr ==169.254.1.4 and ip.addr ==169.254.1.5

Enabling telnet, ftp, and SSH

Telnet

For the following procedure, an Internet connection is required. Bring up the Ethernet adapter, and run the dhclient command to reset all the system configurations.

First, make sure that the telnet is installed on your workstation. If telnet is unavailable or is outdated, use the following command: apt-get install telnetd

The next step is to configure the telnet daemon to be enabled by default. This is done by entering this command:  Update-rc.d /inetutils-inetd defaultsIt is advisable to run this command from the root directory. Note that filenames and directories may differ between different versions of linux – the above command was used with “Backtrack 4”.

The final step is to restart the ‘inetd’ service to apply the configured settings, by entering the following command (from the home directory):/etc/init.d/inetd restart

To attempt a telnet connection, just enter: telnet IP Address of Server You can also specify which port to use by specifying the port number after the IP address. You will be asked for a username and password. Enter one that exists on the server side, and you should be able to access that user’s account.

FTP

FTP, just like Telnet, can be installed on the workstations. With the same pre-settings as mentioned above, enter the following command in the terminal to install or update ftp: Apt-get install ftpd

Enter the following command to start the FTP server: ftp IP Address of Server

SSH

  1. Install/update ssh on your terminal, by issuing the following command: apt-get install ssh
  2. Generate the ssh daemon keys, if they already exist, overwrite them just to be sure:sshd-generate

3. Start SSH. This can be done in two ways, one which would start immediately and the second would set the startup defaults to have SSH running on startup by adding it to the boot sequence:

  • /etc/! init.d/ssh start OR
  • update-rc.d ssh defaults

4. Make sure the two nodes are connected either via ethernet or wirelessly and have a predefined IP address.

5. A target username on the server side is required (i.e. joeuser). Run the following command to initiate the ssh connection, if successful you will be asked for the specified username’s password. Suppose Node A is the client and Node B is the server. Then, on Node A:

 ssh [username on Node B]@[IP address of Node B]