6.10.

2022

Questions

Lab6 – Q17

Create a script that gets two files as $1 and $2 and prints the different lines; download the text files and
find the number missing in file1.

bash Finder.sh <filename1> <filename2>

Netcat

-l listen

-v verbose

-p port

1. Chat

2. Transfer files

Server:

Client:
 3. Get control

Server:

Client:
Lab7: Q4,5,8,11,13
tcp.port==

ip.addr==

ip.src==

ip.dst==

CNC servers and Botnets

CNC / C2 / Command and Control

NR Project

1. Check if I’m anonymous

2. Connect to the remote server (automatically)
a. Enter the password???? Solution: sshpass

b. How to pass the fingerprint? -o StrictHostKeyChecking=no

 c. How to automate my commands on the remote server?
3. Execute remote commands automatically
About connections

a. Straight

b. Proxy
 c. VPN (Virtual Private Network) [pureVPN, NordVPN]

VPN vs. Proxy

1. Proxy saves logs for longer time | VPN usually saves the logs up to 48 hours.
2. With Proxy you connect to a device | VPN you connect to a network.
3. The “big brother” can still see everything when using proxy, but not when using VPN.

* not every VPN is the same

d. TOR (The Onion Router)

About the DarkNet – the encrypted network

The best way to stay anonymous is to use VPN + TOR.

How to make your connections go through the TOR network:

Another way for Whois:

Check if I’m anonymous
General Questions

1. Why is it that we can connect to CNN from anywhere in the network, but no one can connect
from the outside to inside the network??

Outside connections don’t know where to go once they reach the router.. but when internal
connections go out, the router knows to send the response back.

2. How can someone OUTSIDE a network connect to a specific computer inside the network?

Port Forwarding

Shodan:

daveshif

12345677
Trojans

1. What does each connection type mean?

Bind – once executed, the trojan opens a vulnerable port so the attackers can connect.

Attacker(2) won’t be able to connect to the NEW port A created (while running BIND type connection).

Reverse – the victim calls the attacker – no geographic limitation.

 2. Why Reverse is more common?

it allows external connection – attackers don’t have any need for port forwarding.

3. How do we create these trojans?

Steps:

a. Create the payload (Reverse) [msfvenom]

b. Create the listener [msfconsole]

c. Transfer the file to the victim [http.server]

d. Execute and get control

 • How can the victim see that the payload is running on their computer?

Bind – Netstat

Reverse - Wireshark

• Different Payloads

• What options for the different payloads?

DHCP Starvation

LLMNR Attacks