Transcript midterm
Network Discovery Midterm
• Instructor: Dr. Mark Stamp
• CS Technician: Kevin Ross
• Equipment:
– Linksys WRT54G WAP
– Via Mini-ITX PC
– Cords, powerstrip, etc.
WAP
SSID: jasmine
WEP Key: c0ffee2020
IP: 192.168.20.1
Running DD-WRT firmware
Gives out IP addresses in range: 192.168.20.100-150
WAP
Open Ports:
Port:
22
53
80
Service:
ssh
(secure shell access)
dns
(ipmasq)
http
(config tool)
Firewall
Ports open (forwarded to static IP 192.168.20.120):
23
8080
Networked computer
Hostname: bob-desktop
IP Address: 192.168.20.120
Running Ubuntu 7.10
Form factor: mini-itx
Hardware condition: deceased
Networked computer
Open ports:
Port
23
8080
Service
SSH
(OpenSSH)
HTTP (lighttpd web server)
Bob-desktop port 8080:
Web root
folder
images
music
stuff
Web root folder
index.html
links to other
directories
robots.txt
excludes directory:
stuff
images
index.html
music
index.html
stuff
index.html
info.txt.bfa
info.txt.bfa
• blowfish encrypted file
• Internet search: “.bfa extension”
• Many command line programs will decrypt
info.txt.bfa
• Password: frequently mentioned word
from web pages
• Contents: bob’s password, among others
Tools:
• nmap, nmapfe, nessus
• wget, or remember to check for robots.txt
and use web browser
Problems:
• Firewall scan difficult because all laptops were 1
hop from WAP—needed IP of internal machine
or to perform scan one team at a time.
• WAP DHCP server temporarily assigned what
was supposed to be the static IP of internal
machine, 192.168.20.120, to a user’s laptop.
• Via hardware died a premature death.
Questions: