Task1: Netcat Turn on Kali VM and Metasploitable VM. Log into Kali VM and start a terminal. Log into Metasploitable as (msfadmin as user name and password) Administrator. Then, complete the following tasks. Respond to the questions in the boxes below. 1.1 Use Netcat to perform a banner grabbing on the Telnet service on the Metasploitable VM. a)

by Posted on

A. Circumstances Where False Negatives Hold More Gravity Than False Positives

  1. Medical Testing (e.g., Cancer Screening):
    • False Negative: A patient is told they do not have cancer when they actually do. This can lead to delayed treatment, worsening of the condition, and potentially fatal outcomes.
    • False Positive: A patient is told they have cancer when they do not. While this can cause psychological stress and unnecessary medical procedures, it is generally less severe than missing a life-threatening condition.
  2. Airport Security Screening:
    • False Negative: A dangerous item or person is allowed through security, potentially leading to a terrorist attack or other security breach.
    • False Positive: A harmless item or person is flagged as suspicious, leading to inconvenience and additional screening. While frustrating, the consequences are far less severe than a security breach.

B. Scenario Where a Simple and Less Robust Password Might Suffice

  • Temporary Access: A simple password might suffice for temporary access to a non-critical system, such as a guest Wi-Fi network or a temporary account for a short-term project. The risk is low because the access is limited in time and scope, and the system does not contain sensitive information.

C. Description of Password Attacks

  1. Rainbow Tables:
    • Description: Rainbow tables are precomputed tables used to reverse cryptographic hash functions, primarily for cracking password hashes. They contain a large set of possible passwords and their corresponding hash values, allowing attackers to quickly look up a hash and find the corresponding password.
  2. Dictionary Attacks:
    • Description: A dictionary attack involves systematically entering every word in a dictionary (or a list of common passwords) as a password to gain unauthorized access to a system. This method relies on the likelihood that users will choose common words or simple passwords.
  3. Brute Force Attack:
    • Description: A brute force attack involves trying every possible combination of characters until the correct password is found. This method is computationally intensive and time-consuming but is guaranteed to eventually find the password.

D. Mitigation of Password Attacks

  1. Rainbow Tables:
    • Mitigation: Use salting, which involves adding a random value to each password before hashing. This ensures that even if two users have the same password, their hashes will be different, making rainbow tables ineffective.
  2. Dictionary Attacks:
    • Mitigation: Enforce strong password policies that require a mix of uppercase and lowercase letters, numbers, and special characters. Additionally, implement account lockout mechanisms after a certain number of failed login attempts.
  3. Brute Force Attack:
    • Mitigation: Implement rate limiting to restrict the number of login attempts within a certain time frame. Use CAPTCHA to prevent automated scripts from performing brute force attacks. Additionally, encourage the use of long and complex passwords.

E. Role of SAML in Identity Federation and Comparison to OpenID

  • SAML (Security Assertion Markup Language):
    • Role: SAML is an XML-based standard for exchanging authentication and authorization data between parties, particularly between an identity provider (IdP) and a service provider (SP). It is commonly used for single sign-on (SSO) solutions, allowing users to log in once and gain access to multiple systems without needing to log in again.
    • Comparison to OpenID: SAML is more complex and robust, often used in enterprise environments. It provides strong security features and is well-suited for scenarios requiring detailed authentication and authorization data. OpenID, on the other hand, is simpler and more user-friendly, often used for consumer-facing applications. OpenID Connect, a layer on top of OAuth 2.0, is more modern and easier to implement than SAML but may not offer the same level of detail in assertions.

Task 1: Netcat

1.1 Banner Grabbing on Telnet Service

a) Command to Perform Banner Grabbing:

bash
Copy
nc -vn <Metasploitable_IP> 23

b) Telnet Server Software:

  • Based on the output, the Telnet server software used in the Metasploitable VM is likely “Linux telnetd”.

c) Version Number:

  • The version number might be something like “telnetd 0.17” (this can vary depending on the specific version of Metasploitable).

1.2 Banner Grabbing on Web Service

a) Command to Perform Banner Grabbing:

bash
Copy
nc -vn <Metasploitable_IP> 80

b) Web Server Software:

  • The web server software used in the Metasploitable VM is likely “Apache”.

c) Version Number:

Published by howdy