Scribd
Upload
46 views5 pages

Computer Security Testing Guide

This document presents a practical work on the security of computer systems, including exercises on antivirus testing with the Eicar file, password cracking with John the Ripper, and setting up a virtual network. It also describes the use of network diagnostic tools like Nmap and Wireshark to scan ports and analyze traffic. The steps for installing and using these tools are provided to help strengthen the security of systems.

Uploaded by

ScribdTranslations
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
46 views5 pages

Computer Security Testing Guide

This document presents a practical work on the security of computer systems, including exercises on antivirus testing with the Eicar file, password cracking with John the Ripper, and setting up a virtual network. It also describes the use of network diagnostic tools like Nmap and Wireshark to scan ports and analyze traffic. The steps for installing and using these tools are provided to help strengthen the security of systems.

Uploaded by

ScribdTranslations
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

TP1: Security of Computer Systems

Exercise 1: Test your antivirus

To test your antivirus safely, you can use the test [Link]. This
the file is detected as a virus by antivirus software but it is not one, it does not contain
no viral code. If the fake virus is detected, it means your antivirus is active and protecting you.

1. To create this fake virus, you just need the Windows Notepad. Click
on the Start button, on Programs, Accessories and then on Notepad.

2. Then copy the following string into the notepad:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-
FILE!$H+H*

3. Then save the file by clicking on the File menu and then on Save As.

4. Roll down the Type list and select the option All files.

5. Then enter [Link] in the Filename text box. Choose


the location to save the file in the context of Explorer and then click on the button
Record.

6. If your antivirus is correctly activated, it should then instantly alert you to the
presence of the Eicar virus.

1
7. Then ask your antivirus to delete the file.

If your antivirus sees nothing, there is a problem. Either you installed it incorrectly, or
Well, the permanent protection is misconfigured. Therefore, please consult your documentation.
software to fix this problem.
If the fake virus is still not detected, you should seriously consider changing your
antivirus software.

Exercise 2: Crackingof a password

Tools like those listed at this link exist to decrypt weak passwords:
[Link]
how-to-better-secure-yours/
For this lab session,

I- create 5 new user accounts for the occasion with a password


weak or without a password.

francois Password:
albert Password: bertal
firmin Password: nimrif
alice Password: alice
paul Password: Paula4518
II- Installation and use of John the Ripper

John The Ripper is a local password cracker. It is available on several


distributions.

2
Its main feature lies in its speed in breaking various encryptions (DES,
BSDI, MD5, SHA-256, SHA-512, bcrypt, LM Windows...) while consuming very little
resources, which ranks it among the best tools. It will initially attempt to
detect weak passwords (Dictionary attack), then act accordingly
ingenious (Hybrid Attack).

John the Ripper uses the following 3 modes:

Single mode (1): John tests password combinations based on logins


users. For example: alicelinux, ALICELINUX, alicelinux1, linuxalice…
John tests all the passwords in his provided wordlist.
by default (more than 3000 popular passwords) or another predefined in the file
[Link]
Incremental mode (3): John will then test all possible combinations according to
predefined rules. This mode is extremely long and usually does not end
never.

Download John from his official [Link]/john

Follow the following instructions:


[root@linux1 ~]#tar xzf [Link]
[root@linux1 ~]#chmod 777 john-1.8.0
[root@linux1 ~]#cd john-1.8.0/src
[root@linux1 src]# make
[root@linux1 src]# make linux-x86-any or make clean generic or make clean linux-x86-64
[root@linux1 src]#cd ..
[root@linux1]#run/john

Create the password file


[root@linux1] #sudo run/unshadow /etc/passwd /etc/shadow > passwd.l
[root@linux1]#chmod 777 passwd.l
[root@linux1]#run/john passwd.l
[root@linux1]#run/john passwd.l --format=crypt

What remark do you make?

Exercise 3:
Set up the following network after installing the Ubuntu virtual machines.

[Link] [Link]
eth0 [Link] eth1 [Link]

Internal Client Firewall External client

3
Exercise 4: Network Diagnostic Tools

Network scanner

It is sometimes useful to scan the open ports on a network or a machine, when


For example, an application does not work as it should. Even when everything seems
To function, it is useful to run diagnostics on the network to check that there is nothing abnormal.

A port scan aims to indicate which ports are open on a machine.

I- Use of nmap

a- Installation of Nmap

To install Nmap on a Debian-based distribution, open a terminal and run the


next command:

sudo apt-get install nmap

b- Main use of nmap

nmap is somewhat the equivalent of netstat, but it can be used remotely. It indeed allows for
sweep a set of classic ports from one or more remote servers and list among
these ports are the ones on which an application responds to incoming connections. nmap is furthermore
able to identify certain applications, sometimes with the corresponding version.

Example

#nmap [Link]

#nmap -A localhost

Some nmap options

#nmap -sS [Link]


The -sS option specifies that we want to perform a scan with SYN segments, so we only scan.
TCP ports.

See all the open UDP ports on a machine: #nmap -sU [Link]

Know the operating system of the machine (TCP/IP fingerprint) : #nmap -O [Link]

Scan a specific port. Here, it's the http port: #nmap -p 80 [Link]

Scan a range of ports. Here we scan from port 0 to 80: #nmap -p 0-80 [Link]

II- Wireshark

To install Wireshark, run: apt-get install wireshark

4
Launch the utility and scan the network.
To filter packets, type for example:
icmp allows you to see only ICMP packets
DNS or ICMP allows you to see only ICMP or DNS packets.
- [Link]==[Link] and dns allows you to see only the dns packets containing the address
[Link]
- [Link]>10 and [Link]<50 allows you to see only the packets whose
numbers are between 10 and 50

You might also like