CSCI 7000 - Ethical Hacking - Fall 2014

Homework #1

Due: Sep 22nd, 2014 in class


For all homework submissions, you must show your method as well as your solution. A one-sentence answer, even if correct, is unlikely to earn many points.

1. What are the kernel versions and distros (plus versions) of Kali, elra*, and moxie? (Tell me how you found out!)

2. Use ssh to open a port on moxie that serves a shell on Kali. Connect to the port on moxie from another machine and show that you can log in to Kali. Explain what you had to do to accomplish this.

3. Suppose a friend opened apache on port 80 on Kali while connected to campus wireless. How would you, using your own laptop on campus wireless, expose your friend's port 80 on moxie?

4. Using metasploit, generate a reverse shell for Kali then execute it in a C wrapper and demonstrate that it will connect to a server on moxie and give shell access.

Note: For the following problems, it may be helpful to read this or something like it.

5. Open two windows in Kali. In the first window, type 

$ mkfifo f
$ exec < f
In the 2nd window, type 
$ echo ls > f
(a) Explain why the first window shows its directory on stdout.
(b) Explain why the first window's shell died

6. Open two windows in Kali. In the first window, type 

$ mkfifo f
$ exec < f
In the 2nd window, type 
$ exec 3>f
$ echo ls >&3
(a) Why doesn't the first window die now?
(b) Explain how to recover stdin on the first window without killing and restarting its shell.

7. Explain how to use mkfifo to get a reverse shell with netcat when -e and -c are unavailable. You can google this if you like, but be sure and explain how it works.

8. Write a program that reads 4 unsigned ints sent in host byte order from hitchens.cs.colorado.edu port 1234 adds them up, and sends them back to that port. (This is a little-endian machine. Recall that "network order" is big-endian.)

When you successfully accomplish this task, you will get a username and password as output. Write these down and save them somewhere safe. You will possibly need them later.

Also, you turn these in as the answer to this problem.
If the service goes down (ie, you cannot connect to port 1234) let me know so I can restart it.

9. Find a Sayler 6-Collision in md5. A "Sayler 6-Collision" is a pair of distinct inputs whose md5sum matches in the first 6 and last 6 printed characters. For example this is a Sayler-6 Collision. 

$ md5sum file1
d41d8ce1987fbb152380234511f8427e  file1
$ md5sum file2
d41d8cd98f00b204e9800998ecf8427e  file2
Do not run your search code on moxie. Use your own computer or a lab computer. Turn in your code with your solution.

Extra Credit: Find a Sayler 10-collision; that is, two inputs that match in the first 10 and last 10 printed characters. You will probably have to be a lot more clever here. (http://people.scs.carleton.ca/~paulv/papers/JoC97.pdf could help. My solution using their technique takes 200 core-hours to complete, but I wrote it in Java for the thread-safe tree data structure provided there; it would likely be much faster in C.)