 |
 |
|
|
HW5 Question
From: CS 591 class email list [mailto:cs591-l@uccs.edu] On Behalf Of Chow, Edward
Sent: Monday, April 16, 2007 8:40 AM
To: CS 591 class email list
Subject: [CS591-l]Re: Problem to Connection Internet
Rajshri,
For your vm, if you select vm | settings menu-item, you will see the Ethernet (the first one) of vm hardware is set to "Custom" connection type with vmnet2 (host-only). As I indicated in the email to Kunal, you should set it to Bridged so that the vm's Local Area Connection 3 can really send packets out.
Also you have 3 local area connections with your windows xpup15,
Local area connection 3
Local area connection 4
Local area connection 5
You tried to set the last (Local area connection 5) with external IP address 128.198.60.225.
That is not correct. Note that the above three connections are mapped to your vm's Ethernet connections as follows:
Local area connection 3 --> Ethernet (Currently Custom vmnet2 host only; should be changed to Bridged connection)
(Should be enabled; IP address/netmask/gateway set to 128.198.60.225/255.255.255.128/128.198.60.128)
Local area connection 4 --> Ethernet 2 (Hostonly; not used in this exercise)
Local area connection 5 --> Ethernet 3 (Custom vmnet3 host only;
(currently enabled should be disabled; IP address should be changed back to 10.0.8.2)
To see how this is map, you can right click on the Local area connection 5, the general properties will show “connection using” AMD PCNET Family PCI Ethernet Adapter #3. That is Ethernet #3 of your vm hardware.
Give it a try. Let me know if you have further question.
Edward
-----Original Message-----
From: Rajshri Vispute [mailto:rvispute@uccs.edu]
Sent: Sunday, April 15, 2007 11:41 PM
To: Chow, Edward
Subject: Problem to Connection Internet
Dr Chow,
I can't connect to internet from windows(xpup15). I had set the ip
address and gateway. Also I had set dns servers as 128.198.1.250 and
128.198.60.194. I guess I had given something worng so couldn't able
to connect it.
Could you please take a look on it.
Thanks,
Rajshri
-----Original Message-----
From: CS 591 class email list [mailto:cs591-l@uccs.edu] On Behalf Of Chow, Edward
Sent: Sunday, April 15, 2007 7:36 PM
To: CS 591 class email list
Subject: [CS591-l]Re: Problem with login
Kunal,
You have two IP addresses allocated to you 128.198.60.143 and 213 for hw4 and 5.
You can change the first network interface of xpup to bridged type and assigned with 143 or 213 (different than that assigned for fc6se3). Change the vm local network connection to have the right IP address. Then your xpup can access Internet directly. You can also use your home pc. Make sure in both cases, type the target address carefully. Do not scan target machine without permission.
You have permission to scan 128.198.60.0/24 and 128.198.61.0/24. For hw5 part1, you only
need to scan your own fc6se server so that its IDS detect the scanning from nessus.
Edward
On Sun, 15 Apr 2007 15:10:16 -0600
"Chow, Edward" <chow@eas.uccs.edu> wrote:
> I would suggest after
> Entering
> mysql -u root -pxyzabcdef
>
> use the following SQL command to set the snort password using the
>same
> password
>
> SET PASSWORD FOR snort@localhost=PASSWORD('xyzabcdef');
>
>
> Edward
> -----Original Message-----
>From: Chow, Edward
> Sent: Sunday, April 15, 2007 3:00 PM
> To: Rajshri Vispute
> Cc: Chow, Edward
> Subject: RE: Mysql Login Problem
>
> Rajshri,
>
> During the steps,
>
> mysql
> mysql> SET PASSWORD FOR root@localhost=PASSWORD('password');
>>Query OK, 0 rows affected (0.25 sec)
> mysql> create database snort;
>>Query OK, 1 row affected (0.01 sec)
> mysql> grant INSERT,SELECT on root.* to snort@localhost;
>>Query OK, 0 rows affected (0.02 sec)
> mysql> SET PASSWORD FOR
> snort@localhost=PASSWORD('password_from_snort.conf');
>>Query OK, 0 rows affected (0.25 sec)
> mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to
> snort@localhost;
>>Query OK, 0 rows affected (0.02 sec)
> mysql> grant CREATE, INSERT, SELECT, DELETE, UPDATE on snort.* to
>snort;
>>Query OK, 0 rows affected (0.02 sec)
> mysql> exit
>>Bye
> Execute the following commands to create the tables
> mysql -u root -p < ~/snortinstall/snort-2.6.0/schemas/create_mysql
>snort
> Enter password: the mysql root password
> Now you need to check and make sure that the Snort DB was created
> correctly
> mysql -p
>>Enter password:
> mysql> SHOW DATABASES;
> (You should see the following)
> +------------+
> | Database
> +------------+
> | mysql
> | Snort
> | test
> +------------+
> 3 rows in set (0.00 sec)
> mysql> use
>
> you set the snort password for snort and root password for msyql
>access
> Did you remember what you enter?
>
> Edward
>
> -----Original Message-----
>From: Rajshri Vispute [mailto:rvispute@uccs.edu]
> Sent: Sunday, April 15, 2007 2:22 PM
> To: Chow, Edward
> Subject: Re: Mysql Login Problem
>
> Dr Chow,
>
> How I can set the snort password?
>
> Rajshri
>
> Now how can I set the On Sun, 15 Apr 2007 13:59:39 -0600
> "Chow, Edward" <chow@eas.uccs.edu> wrote:
>> Rajshri,
>>
>> You need to let me know what mysql root password you set.
>> Look you can still use snort as mysql login. You did not set the
>>password
>> for snort account so I can login.
>> You may want to set it to your SID to protect that.
>> After setting the snort password, you can edit the snort.conf
>>accordingly.
>>
>> Edward
>>
>> -----Original Message-----
>>From: Chow, Edward
>> Sent: Sunday, April 15, 2007 1:30 PM
>> To: Rajshri Vispute
>> Cc: Chow, Edward
>> Subject: RE: Mysql Login Problem
>>
>> Rajshri,
>>
>> You need to give me more context for me to diagnose the problem.
>> What machine you work on, ip address.
>> How you set your mysql password?
>>
>> Edward
>>
>> -----Original Message-----
>>From: Rajshri Vispute [mailto:rvispute@uccs.edu]
>> Sent: Saturday, April 14, 2007 7:51 PM
>> To: Chow, Edward
>> Subject: Mysql Login Problem
>>
>> Dr Chow,
>>
>> I am trying to access mysql but I am getting error "Access Denied
>>for
>> user root@localhost(Using password No)". I think, I had set some
>> different password while installing mysql. But I wrote down and
>>using
>> same in snort.conf file but not working.
>>
>> Could you please take a look on it.
>>
>> Thanks,
>> Rajshri
>
________________________________
From: Kunal Bele [mailto:kbele@uccs.edu]
Sent: Sun 4/15/2007 4:16 PM
To: Chow, Edward
Subject: Re: Problem with login
Yes Dr. Chow,
I was able to login.. thanks...
I have a question thou'
The part 2 of the posted Hw5 was regarding the Windows.
This Windows is our Home PC or the xpup that we used in the Hw4? If we
use xpup, can we set up the internet directly for that xpup using one
of the given IP address by you?
Can we use our Home PC?? am not sure thou'....
Lemme know.
Thanks,
Regards,
Kunal
On Sun, 15 Apr 2007 15:25:57 -0600
"Chow, Edward" <chow@eas.uccs.edu> wrote:
> Kunal,
>
> Look like after walrus reboot, you were able to login now.
> Let me know if you have further problem.
>
> Edward
>
> -----Original Message-----
>From: Kunal Bele [mailto:kbele@uccs.edu]
> Sent: Sunday, April 15, 2007 1:32 PM
> To: Chow, Edward
> Subject: Problem with login
>
>
> Hello Dr. Chow,
> I was trying to login to walrus today with be login
>name
> & student-ID with no dashes as password. But it says wrong
> login\password.
> I was able to do the first part of the Hw5 with the same
>login\password.
> Is the password changed after that??
>
> Please lemme know,
>
> Thanks,
> Regards,
> Kunal
Dr. Chow,
Attached it screen output for Exercise 3.1 exploit6 and I am also attching the temp6 which created by this program. Do think, just this info you wants ?
Please let me know.
Thanks,
Rajshri
Hint: Please read the smashing.doc for detailed steps in using gdb to understand the smashing stack problems in hw2
http://cs.uccs.edu/~cs591/bufferOverflow/smashing.doc
Note that internal rh72 and fc4 virtual machines were created for you inside viva.uccs.edu. In case rh72.csnet.uccs.edu and fc4.csnet.uccs.edu crashes. You can first login to viva.uccs.edu and then use "ssh -l <login> rh72int" or "ssh -l <login> fc4int" to login. Here <login> is your CS Unix machine login. The password is your SID (no dash). rh72int maps to 192.168.174.72 and fc4int to 192.168.174.44 by /etc/hosts file.
Just restart it. It should work now.
Somehow the password checking was not functioning right. I also see a lot of scans and brute force account guessing attacks in /var/log/secure.
Since this is an old OS, we never know when it will be hacked. In case it crashes, you can use another virtual machine which is shielded by viva very much like a firewall.
I have set up another rh72 and fc4 virtual machines only accessible through viva (which fc5 better patched).
To access that internal rh72, first login to viva.uccs.edu, then use “ssh –l <login> 192.168.174.72” to login. Where <login> is your login on CS Unix or viva.
To access that internal fc4, first login to viva.uccs.edu, then use “ssh –l <login> 192.168.174.44” to login.
See an example below.
[cs591@viva ~]$ ssh -l chow 192.168.174.72
chow@192.168.174.72's password:
Last login: Thu Feb 1 14:42:41 2007 from 192.168.174.1
[chow@rh72 chow]$
192.168.174.0/24 is a host-only subnet set up by vmware server.
192.168.174.1 is the gateway and used by the host. We configure internal rh72 to use 192.168.174.72
The ifconfig command on viva show the following interface entry.
vmnet1 Link encap:Ethernet HWaddr 00:50:56:C0:00:01
inet addr:192.168.174.1 Bcast:192.168.174.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fec0:1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2795 errors:0 dropped:0 overruns:0 frame:0
TX packets:3377 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Edward
From: Rajshri Vispute [mailto:rvispute@uccs.edu]
Sent: Friday, February 02, 2007 10:31 AM
To: Chow, Edward
Subject: Login problem
Dr. Chow,
Today I am trying to login at rh72.csnet.uccs.edu using username as rvispute and password as xxxxxxxx(no dashes) but I am not able to login. Until yesterday it was working but today I am having problem.
Do you know what to do now?
Thanks,
Rajshri
From: CS 591 class email list on behalf of Chow, Edward
Sent: Thu 2/1/2007 9:02 PM
To: CS 591 class email list
Subject: [CS591-l]Re: CS591 Que regarding paper
Dr. Chow,
From the paper I was trying to execute the command (gdb) disassemble __execve. But I am getting error. Could you please let me know about __ this? Is it underscore? I am sorry but I am not understanding this.
Thanks,
Rajshri
Rajshri,
It would help you can include the actual text output on your console and the program and directory you are in. That will be help diagnose the problem.
I just login and found the problem can be solved by re-compiling the program.
The original executable code probably generated in different version of Linux OS.
[rvispute@rh72 bufferOverflow]$ gdb example2
GNU gdb Red Hat Linux 7.x (5.0rh-15) (MI_OUT)
Copyright 2001 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...Dwarf Error: Cannot handle DW_FORM_strp in DWARF reader.
(gdb) quit
[rvispute@rh72 bufferOverflow]$ gcc -g -o example2 example2.c
example2.c: In function `main':
example2.c:7: warning: return type of `main' is not `int'
[rvispute@rh72 bufferOverflow]$ gdb example2
GNU gdb Red Hat Linux 7.x (5.0rh-15) (MI_OUT)
Copyright 2001 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
(gdb)
Edward
-----Original Message-----
From: Rajshri Vispute [mailto:rvispute@uccs.edu]
Sent: Tuesday, January 30, 2007 6:35 PM
To: Chow, Edward
Subject: RE: Regarding GDB
Dr Chow,
I was using rh72.csnet.uccs.edu.
Rajshri
-----Original Message-----
From: Chow, Edward [mailto:chow@eas.uccs.edu]
Sent: Tuesday, January 30, 2007 5:59 PM
To: Rajshri Vispute
Cc: Chow, Edward
Subject: RE: Regarding GDB
Rajshri,
You should recompile the .c source code with gcc The executable code could be generated by different verison of the operating systems.
In our case, we will run gdb on rh72.csnet.uccs.edu (rh72 OS) not on viva
(fc5 OS).
Let me know what machine you run gdb on.
Edward
-----Original Message-----
From: Rajshri Vispute [mailto:rvispute@uccs.edu]
Sent: Tuesday, January 30, 2007 4:31 PM
To: Chow, Edward
Cc: rvispute@uccs.edu
Subject: Regarding GDB
Dr Chow,
Today I was practicing the http://cs.uccs.edu/~cs591/bufferOverflow.html.
And when I typed gdb example1 , I am getting error like Dwarf Error: Cannot handle DW_FORM_strp in DWARF reader."
So I can't execute the commands like run or break.
Please let me know what I am doing wrong. I tried to search about error in google but couldn't find out any solution.
Thanks,
Rajshri
From: CS 591 class email list on behalf of Chow, Edward
Sent: Tue 1/30/2007 2:11 PM
To: CS 591 class email list
Subject: [CS591-l]CS 591 HW#1 Solution
Ankur,
The solution web page is at
http://cs.uccs.edu/~cs591/hw/solution/hw1S2007Sol.html
Use cs591 as login and xxxxxxx as password.
Note that this password protection only against un-authorized access from
web, it does not prohibit local user from peeping into the directory. We
need to allow apache to access that directory.
Edward