ComputerSecurityStudent (CSS) [Login] [Join Now]




|SECURITY TOOLS >> Trojan Horse Creation >> Current Page |Views: 11387

(Trojan Horse 1: Lesson 3)

{ Placing the Trojan Horse on a Web Server }


Section 0. Background Information
  • Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • Your are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.

 

Section 1. Start Up BackTrack5R1
  1. Start Up BackTrack5R1.
    • Instructions:
      1. Start Up your VMware Player
      2. Play virtual machine

     

  2. Login to BackTrack
    • Instructions:
      1. Login: root
      2. Password: toor or <whatever you changed it to>.

     

  3. Bring up the GNOME
    • Instructions:
      1. Type startx

     

  4. Start up a terminal window
    • Instructions:
      1. Click on the Terminal Window

     

  5. Obtain the IP Address
    • Instructions:
      1. ifconfig -a
    • Notes:
      • My IP address 192.168.1.105.  In your case, it will probably be different.
      • You will later use this IP Address when you SFTP the Trojan Horse from your Windows Client to this BackTrack Machine.

 

  • Section 2. Set Up BackTrack Trojan Horse Web Directory

     

    1. Check if Apache Web Server is Running
      • Instructions:
        1. ps -eaf | grep apache | grep -v grep | wc -l
          • "0" was returned because the Apache Webserver is not running.
        2. /etc/init.d/apache2 start
          • This is the Apache Webserver start up script.
        3. ps -eaf | grep apache
      • Notes:
        • Apache2 comes standard with BackTrack5R1.
        • If your version of BackTrack5R1 does not come with Apache, then do the following:
          1. dpkg --get-selections | grep apache2
            • If you do not see apache2 as installed, then continue to the next step..
          2. apt-get install apache2

       

    2. Create Trojan Horse Web Directory
      • Instructions:
        1. mkdir -p /var/www/html/games
          • Apache2's rootdir is /var/www in BackTrack5R1.
        2. grep www /etc/passwd
          • Subsequent directories under /var/www should be owned by user "www-data" or whatever is the username for Apache.
        3. chown -R www-data:www-data /var/www/html
          • Change ownerships from root to user www-data for everything under and including /var/www/html
        4. ls -ld /var/www/html
        5. ls -ld /var/www/html/games

     

  • Section 3. Start Up SSHD on BackTrack5R1

     

    1. Start Up SSHD
      • Instructions:
        1. On BackTrack5R1, open a Console Terminal
        2. If you are not root, become root.
        3. ps -eaf | grep sshd | grep -v grep | wc -l
          • Check to see if SSHD is running.
          • A "0" is returned, because not SSHD processes are running.
        4. which sshd
          • The which command tells us that (1) sshd is located at /usr/sbin/sshd, and (2) that ssh is installed on the system.
        5. ls -l /etc/init.d | grep ssh
          • /etc/init.d is where all the tradition startup scripts result for sysvinit.
          • We are searching this directory to see if there is a start up script for ssh.

       

    2. Create RSA Key
      • Instructions:
        1. ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
        2. Press <Enter>
        3. Press <Enter>
      • Note:
        • In order to prevent a connection reset from the peer sshd server both RSA and DSA keys must be set up.

       

    3. Create DSA Key
      • Instructions:
        1. ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
        2. Press <Enter>
        3. Press <Enter>
      • Note:
        • In order to prevent a connection reset from the peer sshd server both RSA and DSA keys must be set up.

       

    4. Start Up SSHD
      • Instructions:
        1. /etc/init.d/ssh start
        2. ps -eaf | grep sshd | grep -v grep

     

  • Section 4. Start Up Windows Machine

     

    1. Booting up WindowsVulerable01
      • Instructions:
        1. Start up VMware Player
        2. Select WindowsVulerable01
        3. Play Virtual Machine
      • Note:
        • For those of you that are not part of my class, WindowsVulernable01 is a Windows XP Machine.
        • Any version of Windows can be used.
        • But you must have first completed the pre-requisite labs listed in the overview section.

       

    2. WindowsVulerable01 Authentication
      • Instructions:
        1. Login as administrator

     

    Section 5. Start up FileZilla

     

    1. Start Up FileZilla.
      • Instructions:
        1. On WindowsVulnerable01
        2. Bring Up Internet Explorer
        3. Start --> All Programs --> FileZilla FTP Client --> FileZilla
      • Notes (If Not Installed):
        • If FileZilla is not installed, you can obtain the client from the following location: http://filezilla-project.org/download.php
        • Make Sure you install it on WindowsVulnerable01 or the machine that contains your Trojan Horse.

       

    2. Establish a Connection to Backtrack5R1
      • Instructions:
        1. Host: 192.168.1.105
          • Your IP Address was obtained in Section 0, Step 5.
        2. Username: root
        3. Password: <Supply your root password>
        4. Port: 22
      • .

       

    3. Unknown host key
      • Instructions:
        1. Click OK

       

    4. Unknown host key
      • Instructions:
        1. Local Site: C:\tools
        2. Remote Site: /var/www/html/games
        3. Drag and Drop snowcraft.zip from C:\tools to /var/www/html/games.

     

    Section 6. Proof of Lab

     

    1. Open a Command Prompt
      • Instruction(On BackTrack5R1):
        1. cd /var/www/html/games
        2. ls -l
        3. date
        4. echo "Your Name"
          • Replace the string "Your Name" with your actual name.
          • E.g., echo "John Gray"
      • Proof of Lab Instructions
        1. Do a PrtScn
        2. Paste into a word document
        3. Upload to Moodle

       



  • Help ComputerSecurityStudent
    pay for continued research,
    resources & bandwidth