CEH Lab Manual Cloud Computing Module 17ON KEY © Valuable information AF Fes your knowledge Bi Web exercise 1) Workbook review Module 17 - Cloud Computing Cloud Computing Cloud computing is Internet-based computing in which large groups of remote servers are networked to allow sharing of data-processing tasks, centralized data storage, and online access fo computer services or resourees. Lab Scenario Cloud computing is an emerging technology that delivers computing services such as online business applications, online data storage, and webmail over the Internet. Cloud implementation enables distributed workforce, reduces organization expenses, provides data security, and so on, As many enterprises are adopting cloud services, attackers make clouds their targets of exploits to gain unauthorized access to valuable data stored in them. Therefore, it is important to perform cloud pen testing regularly to monitor its security posture. Security Administrators claim that clouds are more vulnerable against DoS assaults, because they have numerous individuals or elients, making DoS assaults potentially very harmful. Because of the high workload on a flooded service, it will attempt t0 provide more computational power (more virtual machines, more service instances) to cope, and will eventually fil In this way, cloud systems try to work against attackers by providing more computational power; however, they inadvertently aid the attacker by enabling the greatest possible damage to the service's availability—a process that all started from a single flooding-attack entry point. ‘Thus, attackers need not flood all servers that provide a certain service, but merely flood a single, cloud-based address to the service unavailable. Thus, adequate security is vital in this context, because cloud- compating services are based on sharing, ‘Asan expert ethical hacker and penetration tester, you must have sound knowledge of how to develop a cloud server and which cloud service you need to enforce, depending on the type of organization. Lab Objectives ‘The objective of this lab is to help students to build a cloud server, secure it with OpenSSL Encryption, and exploit java vulnerability to harvest user credentials. In this lab, you will: "Build a cloud server, + Secure it with OpenSSL Encryption "Perform Java Applet attack in attempt to harvest the user credentials = Perform Security Assessment on a Cloud Server, (CEH Tab Manual Page 185 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet PeckbiedModule 17 - Cloud Computing Lab Environment ‘To complete this lab, you will need: * A computer running Windows Server 2012 as Host machine = A computer running Windows Server 2008 as Virtual machine + A computer running Windows 8.1 2s Virtual machine * A. computer running Windows 7 as Virtual machine * A computer running Kali Linux as Virnual machine * Android running as Virtual machine + Aweb browser with Internet access * Administrative privileges to run tools Lab Duration ‘Time: 80 Minutes Overview of Cloud Computing Cloud computing is an on-demand delivery of IT capabilities in which IT infrastructure and applications are provided to subscribers as metered services over 2 network. Cloud services are classified into three categories namely infrastructure-as- a-service (Laa5), platform-as-a-service (PaaS), and software-as-a-service (SaaS), which offer different techniques for developing a cloud. Gitasx 1 Lab Tasks Overview ——_ Recommended labs to assist you in Cloud Computing: "Building a Cloud Using ewnGloud and WampServer "Transferring Cloud Data Over Seeure Channel "Harvesting Cloud Credentials by Exploiting Java Vuiner ity "Performing Cloud Vulnerability Assessment Using Mobile Based Security Scanner 2ANTI Lab Analysis Analyze and document the results related to this lab exercise, Provide your opinion of your target's security posture and exposure, PLEASE TALK TO YOUR INSTRUCTOR IF YOU HAVE QUESTIONS RELATED TO THIS LAB (CEH Tab Manual Page 185 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet PeckbiedON KEY Valuable information A Test your knowledge BL Wor exercise 1D Workbook ceview ‘Module 17 - loud Computing Building a Cloud Using ownCloud and WAMPServer Cloud servers are those bil, hosted, and delivered through a cloud computing environment. Lab Scenario ownCloud is an open-source application used to sync documents, and provides tools to users, as well as substantial undertakings and administration suppliers working. ownCloud gives protected, secure, and consistent record synchronization, and imparting arrangement on servers that you control. As an expert Security Professional and Penetration Tester, you should possess knowledge on building a cloud server, creating user accounts, and assigning user tights to each of them in accessing files and directories. You also need to have knowledge of sharing files online and ofifine using ownCloud Desktop Client. Lab Objectives “The objective of ths lab is to help students learn how to build a cloud server. In this lab, you will eatn to: "Build a server using ownCloud Create users and assign user rights "Share files and directories both online and offline using ownCloud Desktop Client application Lab Environment To carry out the lab, you need: = ownCloud, Microsoft Visual C++ 2010 and WAMP Server located at DACEH-Tools|CEHv9 Module 17 Cloud Computing "= ownCloud Desktop Client located at DACEH-Tools\CEHv9 Module 17 Cloud ComputinglownCloud Desktop Client (CEH Tab Manual Page 1487 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet PeckbiedTASK 4 Stop IS Service and World Wide Web Publishing Service Module 17 - Cloud Computing = You can download the latest version of WAMP Server from hup://www.Wampserver.com/en/ and Mlerosoft Visual C++ 2010 from hitp:/ /www.microsoft.com/en- in/download /derails.aspx?id=5555 = You can download the latest version of ewnCloud and ewnCloud Desktop Client from htip://owncloud.org/install = If you decide to download the latest version, screenshots and steps might differ in your lab environment. "A Windows Server 2012 host machine "A Window Server 2008 virtual machine "A Window 8.1 virtual machine "Administrative privileges to run the tool = A.web browser with Internet access in both the machines Lab Duration ‘Time: 15 Minutes Overview of a Cloud Server Cloud servers are also known as virtual dedicated servers (VDS), and they possess similar capabilities and functionality to a typical server. However, they are accessed remotely from a cloud service provider. Lab Tasks Note: Before running this lab, ensure that you stop IIS admin service and World Wide Web Publishing Service Gf you have the service installed on the machine}. To stop the service, go to Start > Administrative Tools > Services, right-click HS ‘Admin Service and click Stop, right-click World Wide Web Publishing Service and click Stop. Also ensure that you stop Intemet Information Services (IIS) Manager and Intemet Information Services (LIS) 6.0 Manager. To stop Internet Information Services (IIS) Manager, g0 to Start > Administrative Tools > Intemet Information Services (US) Manager, right-click on the server name in the left pane and click Stop to stop the manager. To stop Internet Information Services (TIS) 6.0 Manager, go to Start > Administrative Toots > Internet Information Services (IIS) 6.0 Manager, right-click on the server name in the left pane and click Disconnect to disconnect the manager. ‘Make sure that you delete all the cookies in the browser in which you will be hosting ‘ownCloud and make sure that WampServer is kept online throughout this lab. ‘CEH Lab Manual Page 188 “Eical Hacking and Coumermenvares Copy © by EE Counell “Al igh Revcved. Reproduction Set Peobted‘Module 17 - loud Computing task 2 1, Log in to Windows Server 2008 virtual machine. Install 2. Yo install Wamp server without errors, you first need to install Microsoft WampServer and Visual C++ 2010 Redistribute, Microsoft Visual CH+ 2010 x64 3. Navigate to Redistributable ZACEHV9 Module 17 Cloud Computing\Microsoft Visual C++ 2010 and double-click veredist x64,exe, 4, Microsoft Visual C++ 2010 x64 Redistributable Setup window appears. Accept the license terms and click install, Tee or ich fn Wirral en HinAh Scop neue 0 IThese license terms are an agreement between Microsoft [Corporation (or based on where you live, one of its affiliates) and ou. Please read them. They apply to the software named above, »{ S| a) FIGURE 1.4: Mist Vinal + 20104 Rehr Stp dons (CEH Tab Manual Page 189 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet Peckbied‘Module 17 - loud Computing On completion of the installation, click Finish, Installation Is Complete Sicotof Viusl C++ 2030 xesResrbtaie hasbeen recs ou con cack for more race versone ct he paciage on SEES ine shave [FIGURE 12 Islan Completed -EHV9 Module 17 Cloud Computing\WAMP Server and 2emysql5.5.24- 6. Navigate to double-click wampserver2.2e-php5.4.3-httpd- x64, 7. The WAMPServer setup wizard appears; click Next, Welcome to the WampServer 2 Setup Wizard ‘Th wl neal Wanesewer 2:20n you conocer Iesreconmerded that you cose a othe appcaten before Powered by entrar. Alter Way. it Nee nant, Cane nt a ‘The French ‘Open Source WampServer Service Provider ttpillvwmw.alterway.tr pache TIGURE 13: WampServer erp wizard (CEH Tab Manual Page 1490 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet Peckbied‘Module 17 - loud Computing In the License Agreement step, accept the license agreement, and click Tn OD Please read the folowing License Agreement. You must accept the terms of ths + Roman Bourdon JMsntane: / Ungrade/Rosoman : Herve Lecere -hervelederc@aiternay. ft (GAL GENERAL PUBLIC LICENSE Verson 2, une 1991 Copyright () 1988, 1991 Free Softnere Foundation, Ie 7 Tao nak accept the agreement FIGURE 4 WampSerse sep za License Agreement 9. The Select Destination Location step appears; specify a location in which to install the server, and click Next. ee Select Destination Location Where shoud WampServer 2beinstaed? Jip see nitnsta weraserver2into the folowing fer. Tocontrue, cick Next. IF you nou ike to slact afferent flder, ek Browse Atleast 258.78 of free dick space required, FIGURE 15 WampServer setup wie: Dessiaton Location ‘CEH Lab Manual Page 1051 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet Peckbied‘Module 17 - loud Computing 10, 'The Select Additional Tasks step appears; click Next. See! Select Additional Tasks OO wy Which additonal tasks should be performed? ‘Select the additonal tasks you would ke Setup to perform whle instaling WampServer 2, then dick Next. ‘Additonal icons: FIGURE 16 WarpSerer setup wsad Select Additional Tsk 1. The Ready to Install step appears; click Install See Ready to Install Setup now ready to begin instaling WampServer 2.0n your computer ‘CickInstal to continue with the instalation, or cick Back if you want to review or change eny settings. Destraton locaton: a ewemp ad aa FIGURE 1.7, WampServe setup wzad: Sect Additonal Tasks (CEH Tab Manual Page 1492 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet Peckbied‘Module 17 - loud Computing 12, Ir cakes some time for the server to install. 13. During installation, a window appears, asking you to choose your default browser. Click Open. sina 9 same aa sams essa sao Sa raaaoie re some 7a2se Sinan 209 same 2338 som Poza ssa ana snaaniesee, rote saat same 3a FIGURE 1.8 Choosing def browser 14, The PHP mail parameters step appears; eave the default options and click Next. FIGURE 19; WampSerer stp wats PHP mal parmeess (CEH Tab Manual Page 1095 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AU Righs Reserved Reproduchon i Swit Probie‘Module 17 - loud Computing 15. Once setup is complete, the option Launch WampServer 2 is checked by default. Click Finish. Completing the WampServer 2 Setup Wizard etun has frehed nating Vianaserve WampServer She axshaton ay be bunced by slctng te stale Powered by Alter Way’ ‘The French Open Source ClckFins text Sen. FIGURE 1.10 Launching WampServer 16, WampServer icon appears in the notification area, Wait tll the icon turns from red color to green. task a TIGURE 1.11: WampServer acta 17.Once the ~—icon—stums_— green, — navigate. to ‘CAWamp\biniapacholapache2.4.2\conf, open httpd.conf with Notepad++ (ic., rightclick on httpd.conf file and select Edit with Notepadt+). (CEH Tab Manual Page 154 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet Peckbied‘Module 17 - loud Computing 18, Scroll down to line 265 and change the script from Require local to Require all granted. (-eqlcacal= afew) calane > Reguise ait ae ( burectonyiedent seco che file chat apacte Vini weve Lf a directory Directeryincen indents tndensptes FIGURE 1.12 Seving Permissions 19. Click File from the menu bar, and then click Save. ‘Note: You can instead press Gtr¥#8 to save the file. FIGURE 113 Swing the cont Sie (CEH Tab Manual Page 1095 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AU Righs Reserved Reproduchon i Swit Probie‘Module 17 - loud Computing 20. Glese the file and all open folders. Click Wamp server icon from the system tray, and then click Restart All Services. na nN ny & 5 & 2 8 = FIGURE 1.14 Resting l he series 21. Wait until the icon turns green. 22. Click WampServer in the notification area, and select Lecalhest, N La & 3 25 4 = FIGURE 1.15: Launching Looaiont (CEH Tab Manual Page 1095 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet Peckbied‘Module 17 - loud Computing 23. As soon as you click the icon, the WAMPSERVER home page appears in the default browser. Click phpmyadmin link, under Tools. Server Configuration ‘ache Vrs 282 Aoadedttemions: coe Soom Bonane Rom hee Beer ae hi Bro Ree ra Bickcon acer Bevsios anc oe ao Ren roo Bnet Beate mamma Bem Reweendhmens ee ered Boon Besant ress Hee Balen FIGURE 1.16 Selecting phpznyadi oa! task 4 24. phpMyAdmin webpage appears; click mysql in the left pane. Editing privileges in mysql phpMyAdmin aeeode ‘Dewanee| Lj SOL | de Sno | 25 nae Enpor 3} por > Moe Eiteseereorn l= 5 Sees Fa Une © none panne 3 aol Pes cever ears ait FIGURE 1.17 Slecting yg (CEH Tab Manual Page 1497 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet Peckbied‘Module 17 - loud Computing 25. You will be redirected to the mysal page. Hover the mouse over the More drop-down list from the menu bar, and click Privileges. 1 Smee | SOLS, Seah, | Ques | 53 Exe pat Bre * Jae Shoat ac FER Rona 7 ro tei Sere See 2 aa ee Sostee 4 Sch Fhe HPEMAY @ OD» 1.0 tee owe Stee Sach Hirer SPE " on es ocak Sch Binet RED OD dh on nds got 4 Scan Seach Foret PEmey © Dee sho ef Sea SE OOS = ewer 4 Since Sch Poteet Envy @ De FIGURE 1.1 Sling Pees 26. All users with access to mysql are listed. Click Edit Privileges link for the particular user whose host is localhost. alee sme ESOL Seach Gowen) Expat nga © toe as er hag acer ea er Ho Type Pipes Gent don, ——- vee ures ‘jew FIGURE 1.19 Bing the preps ‘CEH Lab Mama Page 18 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet Peckbied‘Module 17 - loud Computing 27. The Edit Privileges page appears; scroll down the page to Change password section. In this section, type a password (here, toor) in the Password field, re-enter the same password in Re-type field, and click Go. 28, Note the username in the Legin Information field, under Cha Information/Gopy User. By default, the username is root. Login “Chonge password Paconor Kashog: © MySql ae ys 40 compateie ‘change Login Inlormation / Copy User Login information =e | FIGURE 12 Asigning semame snd password 29. On successful execution of the query, a pop-up appears on the mysql database page stating that the SQL query has been successfully executed as shown in the following screenshot: Note: In some cases, a notification appears stating that the password has been set. So, the screenshot shown below might differ. Scare [SOL Seach Ooary BERR mpert YM i eer Hos Type, veges Gta Aeon wat 27008 geht 3: sess Yor EatPranpe et 1 gh RL PERE Yon BEA Pes rs FIGURE 1.21: SQL query sucess eseeted (CEH Tab Manual Page 199 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet Peckbied‘Module 17 - loud Computing 30. Close the browser, navigate to the location Z\CEHv9 Module 17 Clot Computing, copy ewnGloud folder, and paste it in the location CAwamplwww. 31. Launch a web browser, enter the URL. httpzilocathostiownCloud in the address bar, and press Ent 32. ewncloud webpage appears. Enter a username and password (in this lab, username is admin and password is qwerty@123) under Create an admin account section. 33. Leave the Data folder location set to default. BirasK 5 34, Under Configure the database section: Set up ownCloud a. Specify the Database username. In this lab, the username is root, which was set by default in the mysql database. b.. Specify the Database password which you had set while editing the privileges. In this lab, the password is toor. Specify a Database name (here, ewnGloud) of your choice. Specify Database host 2s localhost and click Finish setup. FIGURE 1.22 owrCloud login page 35, It takes some time for the account to set up. (CEH Tab Manual Page 1500 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet Peckbied‘Module 17 - loud Computing 36. After the account is successfully set up, a Weleome to ownCloud pop- ‘up appears on webpage. Close the pop-up. Welcome to ownCloud Get the apps to syne your files ‘Connect your desktop apps to ownCloud FIGURE 1.2% Welome to ownCloud pop up window 37. ewnCloud webpage appears, displaying the directories containing files, as shown in the screenshot: FIGURE 124 ornCload webpage ‘CEH Tab Manual Page 1501 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet Peckbied‘Module 17 - loud Computing El task 6 38. Click admin at the top-right corner of the page, and sclect Users from the drop-down list. Add Users FIGURE 125 Stein Users from the drop dow it 39. You will be redirected to the Users webpage. Here, you will be creating users who will be able to log in to the cloud server and access files. 40. You can either assign a user to a group or assign him/her admin privileges, by choosing a group or an admin from the drop-down list. 41, Enter 2 name in the Legin Name field, and mention a password in the rassword field. 42. Click Greate. ‘This creates a user account, so that a user can login to the cloud server using the given credentials. 43. In this lab, the user is assigned to Groups, and the username and password are shane and floridagt23. FIGURE 126: Adding Users (CEH Tab Manual Page 1502 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet Peckbied‘Module 17 - loud Computing 44, ‘The newly created user appears under the list of users, as shown in the screenshot: FIGURE 1.77 User ued sce il Tvask 7 45, Click Files icon in the left pane, click New button and select Folder, — Here, you will be creating a new folder and sharing it with shane. ‘Share a file with the user + i Fowee senna @ rm FIGURE 128 Cesng «Folder ‘CEH Lab Manal Page 1508 "Bile Hacking and Countermeasures Copy © by EO-Gomell ‘AI Righs Reserved Repeodton Suet Peckbied‘Module 17 - loud Computing 46. As soon as you click the Folder icon, a text field appears. Specify a folder name (here, Share) in this field, and press Enter. + skins @ con FIGURE 1.29 Rearing the flder 47. The newly created folder appears on the page. Click on the Share folder. cmon ae FIGURE 1.30 Folder Cretng sce (CEH Tab Manual Page 1504 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet Peckbied‘Module 17 - loud Computing 48. Click the Upload button. Nothing in here. Upload something! FIGURE 13+ Uploading fe 49. A File Upload window appears; navigate to Z\CEHV9 Modul ‘Computing\Shared Files, sclect Cardpg, and click Open. Petes Recenty Changes seaches FIGURE 132 Uploading fe (CEH Tab Manual Page 1505 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet Peckbied‘Module 17 - loud Computing 50. "The added file appears on the page. Now, hover the mouse cursor on the file, and click Share. FIGURE 13% Sharing hele 51. Type the name of the user with whom you want to share the file (shane). As you type the username, a hint is displayed below it. Click on the hint, FIGURE 1.34 Sharing the fle 52. The user is selected, and additional sharing options appear. Click the mouse cursor outside the additional sharing options pop-up. (CEH Tab Manual Page 1508 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet Peckbied‘Module 17 - loud Computing 53, 'The share option now turns to Shared, as shown in the scrcenshot: 2|fe + & FIGURE 135 Fe saved wih ater 54. A folder named Shared is created in the shane’s ownCloud account; whichever file is shared from this admin account is uploaded to this folder. 55, Minimize the browser window. 36. Now, navigate to the location GAwampiwwwiewnCloudiconfig and ‘open the file config.php with Notepad++. 57. Comment the php script in line no. 5 i.c., trusted_domain: adding i! before the code. => by Ta teach Yer boy lngage Sere Horo Rn Mgrs Wren oGEO » GO 4HR\acjay t - + Eee ee ete) fini Name Date sti 1 Dai Te socamens 1B ooweends B muse WL Recntpoces | i patos own Bes sy jouatdb eB Homeeup -amdoudscog ‘Piowncteudvetanul pet Fe Neon FIGURE 1.0: Fes pesenrin shan’ account 96. Any changes you make hete such as adding/deleting a file or a folder, will take effect in the shane’s account online. 97. Now, in order to upload a file directly from the local drive to Shane’s ownCloud web server: Upload a file to the website as Copy a file (test.pdf) from Z:\CEHV9 Module 17 Cloud well as the Server ‘Computing\Shared Files and paste it in (admin) Using ‘CAUsers\AdminlownCloud\documents. Desktop Cliont [Earn > omntiond > decane we Dest eamplenet oon 1 Obvnionse TETRA TODA Riche eee FIGURE 1.63 Copying fie inte documents (CEH Tab Manual Page 1520 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet Peckbied‘Module 17 - loud Computing 98, Switch 10 the ownCloud webpage, and click on the documents directory. You will be redirected to the document webpage. Here, you can observe the file that has been pasted —in C2Users\AdminiownCioud\documents. =_— thas fi re or igi ne iene a Teme El wrens thane FIGURE 1.65 Fe uploaded to docaments decor suecesfly ‘CEH Tab Manual Page 1521 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet Peckbied‘Module 17 - loud Computing 99. Switch back to Windows Server 2008 and navigate to CiwamplwwwiownGloudidataishanetfilesidocuments. Notice that test.pdf, on, the Windows: 84 machine's GAUsers\AdminiownCloudidocuments, is. synchronized to GwamplwwwiownCloud\dataishaneifilesidocument: FIGURE 1.6; fe succes ynronied to the sever Trtase az 100.Now, copy a file (abe.mp3) from ZACEHV9 Module 17 Cloud see Computing\shared Files, © and_——paste, = it, in CawampiwwwlownCloudidatalshane'fites\music. Upload a file to the user (shane) Desktop Client FIGURE 1.67: Upload il rom Seve to Chen hae) (CEH Tab Manual Page 1522 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet Peckbied‘Module 17 - loud Computing 101. Switch to Windows 8.1, navigate to Cilusers\AdminiownGloudimusic, and wait approximately two to three minutes for the server to synchronize with the client, Observe that abesmp3 is added to this directory. Note: ‘This process is comparatively slower than the process carried out from, client to server at steps 87-99. ome Siu View ay 9 Fores Nome 7 Contin tite Albu Wi deiton cena Boece Hones me mare Neon FIGURE 168 Fle succesfalysycinized wo the cat Note: Thus, whichever file or folder you paste/delete in the client's ownCloud directory will synchronize with the ownCloud server directory located on the Windows Server 2008 virtual machine, without the need to share them through ownCloud. Lab Analysis Analyze and document the results related to this lab exercise. PLEASE TALK TO YOUR INSTRUCTOR IF YOU HAVE QUESTIONS RELATED TO THIS LAB patente ee OYes ZINo Platform Supported Classroom Tilabs ‘CEH Lab Maal Page 153 "Bile Hacking and Countermeasures Copy © by EO-Gomell ‘AI Righs Reserved Repeodton Suet PeckbiedON KEY Valuable information A Test your knowledge BL Wor exercise 1D Workbook ceview this lab are available DACEH- ToolsiCEHv9 Module 18 CryptographylHea rtbloed ‘Module 17 - loud Computing Transferring Cloud Data Over Secure Channel Web] cloud servers use HTTPS to transfer data securely. HTTPS is implemented on websites that collect information such as legin passwords and banking information. Lab Scenario Most websites (g., social networking, banking, and government sites) require user authentication to allow individual access to content. If any of these websites fail to provide communicating over a secure channel, attackers can attempt to intercept the data passing through them. As a security administrator, you need to ensure that your organization’s website provides encryption to the ‘communications passing through HTTP channel. Lab Objectives “The objective of this lb is to help students learn how to configure a website to transfer data over a secure channel. In this lab, you will lear to: "Build a http website (ownCloud) "Provide SSL encryption toa website implemented on HTTP Lab Environment ‘To complete this ab, you will need: = ownCloud, Microsoft Visual C++ 2010 and WAMP Server located at DACEH-Tools\CEHv9 Module 18 CryptographylHeartbleed = You can download the latest version of WAMP Servet from hurp://www. Wampserver.com/en/ and Microsoft Visual C++ 2010 from hetp:/ /www.microsoft.com/en- in/download /details.aspx?id=5555 = If you decide to download the latest version, screenshots and steps might differ in your lab environment. = Run this lab in Window Server 2008 virtual machine ‘CEH Lab Manual Page 1524 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet PeckbiedModule 17 - Cloud Computing "Administrative privileges to run the tool = A.web browser with Internet access in both the machines Lab Duration ‘Time: 25 Minutes Overview of Https SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM), and virtual private networks (VPNS). Data flowing through the channel is encrypted and is difficult to decode. Lab Tasks Note: Before running this lab, log into Windows Server 2008 and ensure that you stop IS admin service and World Wide Web Publishing Service (if you have the service installed on the machine). To stop the service, go to Start > Stop IIS Service administrative Tools > Services, right-click IS Admin Service and click Stop, and World Wide yisht-click World Wide Web Publishing Service and click Stop. Also ensure that Web Publishing 1: stop Intemet Information Services (IIS) Manager and Internet Information Service Services (IIS) 6.0 Manager. To stop Internet Information Services (IIS) Manager, go to Start > Administrative Tools > Internet Information Services (IIS) Manager, right-click on the server name in the left pane and click Stop to stop the manager. To stop Intemet Information Services (IIS) 6.0 Manager, go to Start > Administrative Tools > Internet Information Services (IIS) 6.0 Manager, right- click on the server name in the left pane and click Diseenneet to disconnect the manager. Tm Task Make sure that you delete all the cookies in the browser in which you will be hosting ‘ownCloud and make sure that WampServer is kept online throughout this lab. ‘CEH Lab Maral Page 1525 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘A Rights Reserved Reproduction Sty Profit‘Module 17 - loud Computing In Windows Server 2008, click Start button at the lower left corner of the screen, and then click start WampServer to launch the WampServer application. FIGURE 21: Atempding to brows on hips 2. Open a web browser, type the URL https://localhost/ownCloud in the address bar, and press Enter. (CEH Tab Manual Page 1525 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet Peckbied‘Module 17 - loud Computing 3. You won't be able to access the webpage, as SSL in not enabled on the server where ownCloud is deployed. So, to browse ownCloud over secure channel (https/SS1}, you need to enable SSI. on the ownCloud server. FIGURE 23 SS. ds 4, Go to Start menu, right-click Computer, and select Properties in the ‘menu, FIGURE 24 Selecting Comptes Proprie (CEH Tab Manual Page 1527 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet Peckbied‘Module 17 - loud Computing 5, System Control Panel appears on the scrcen, click Advanced system settings link. neg crern sencUgs088 30862 Gato Sem FIGURE 25: Advanced syste segs 6. The System Properties window appears; go to Advanced tab, and click Environment Variables.. FIGURE 26 Secating Fovitonmenal Vales (CEH Tab Manual Page 1528 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AU Righs Reserved Reproduchon i Swit Probie‘Module 17 - loud Computing 7. The Environment Variables window appears; click Newer. System varabes oy a Conspe: __—Ci\iedonslastensdiendone no FPO 10ST. Nwack oF. os Wedons. NT FIGURE 27 Adding new envieoamensl vate In the New User Variable window, enter the variable name openssi_conf, enter the variable value ‘C\Wampibin\apache\apache2.4.2\conflopenssi-enf and click OK. New User Variable 8 Tbe epache apache2 4 2\conf wpereel.cnt a al FIGURE 2.8 Adding «new ensitoameatalvtabie 9. Click OK in the Environment Variables window, and then click OK in the System Properties window. ‘CEH Lab Manual Page 1529 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet Peckbied‘Module 17 - loud Computing 10. Navigate to the location ¢:Wamplbiniapachelapache2.4.2\bin and Eitasn a ‘open php.ini with Notepad++. Configure php.ini 11, Uncomment the line no. 970 by removing “s” before the code. |= [Fo Obey FIGURE 29+ Ealing open 12. Save the notepad file. FIGURE 210 Sing te pple Restart the machine. ‘CEH Lab Maral age 180 ‘ital Hackog and Goumienncaares Copyagh © by B-Comell ‘AI Righs Reserved Repeodton Suet Peckbied‘Module 17 - loud Computing 14, Click Start, and then click WampServer. FIGURE 211: Sing WarnpSever 15, WampServer icon appears in the notification area, as shown in the screenshot: IGURE 212 Wamp act Note: If the icon doesn’t turn green, go to Start > Administrative Tools > Internet Information Services (IIS) Manager, right-click on the server name in the left pane, and click Stop to stop the manager. Then, click ‘Wamp Server icon in the notification area, and select Restart All Services. You can even stop the World Wide Publishing Service. (CEH Lab Manual Page 1581 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet PeckbiedModule 17 - Cloud Computing 16. Navigate to G:lwamp\bi and select mdHere, yhe\apache2.4.2, right-click bin folder, [iy tesla) ~ wana = an = apace ~ ane? Crore + few Teme i swe eee 17. The command prompt appears, pointing to the directory location ‘CAwamp\bin\apachelapache2.4.2\bin. 18. Type set openss|_conf - ‘CA\wamplbin\apachelapache2.4,c\confiopenssLenf and press Ente FIGURE 24 Seung eovzonmentvarable to opens ‘CEH Lab Maral Page 1582 Tihleal Hacking and Gounvereasuree Copyright © by EO-Counell TAT Rights Resrved. Reproduction Stiety ProbedModule 17 - Cloud Computing 19. 20 Now the environment variable is set to openssbent, ‘Type epenss! genrsa -des3 -out server.key 1024 and press Enter to create a server private key named server with 1024 bit encryption. 21. You will be asked to enter a pass phrase (password) for the generated key. Type a password of your choice and press Enter. 22. In this lab the password entered is qwerty@123. 23. You will be asked to re-enter the same password for the purpose of verification. So, retype the password and press Enter. 24. Apache for windows does not support private keys that are password protected, so you need to remove pass phrase from the RSA private key 25. Type openssl rsa -in server-key -out server.pem and press Enter. 26. You will be asked to ci password you have assi Enter. the pass phrase for the server.key. ‘Type the ed in step 24 (here, qwerty@123), and press Bae te See FIGURE 2.16 Removing po pline fom the RSA pete key ‘CEH Lab Maral Page 1535 Tihleal Hacking and Gounvereasuree Copyright © by EO-Counell TAT Rights Resrved. Reproduction Stiety ProbedModule 17 - Cloud Computing 27. Type opensst req -new -key server.key -out servi Enter. 28. Type the passphrase you have assigned in step 24 (qwerty@123) for the private key (server.key), and press Enter. FIGURE 217 Renoving ps pte os the RSA peat ey 29. You will be asked to enter information such as your country, state, city, ete. Fill in your details in the respective fields. The information you provide in these fields will be incorporated into your certificate request nquiched None or 9 D6 30. ‘Type openss! x509 -req days 365 -in server.csr -signkey server.key - out server.ert and press Enter. 31. Type the pass phrase (qwerty@123) for server.key, and press Enter. FIGURE 2:19: Ensen he paspone ‘CEH Lab Maral Page 1584 Tihleal Hacking and Gounvereasuree Copyright © by EO-Counell TAT Rights Resrved. Reproduction Stiety Probed‘Module 17 - loud Computing 32. All the keys have been successfully created. These can be viewed in the location C:\wamp\bin\apachelapache2.4.2\bin. eT {GURK 220: Key rested access 33. Create a directory named ssl in €:\Wampibiniapachelapache2.4.2\conf and move all the created keys from ‘CAWamp\bin\apache\apache2.4.2\bin to ‘CAWamp\bin\apacho\apache2.4.2\confissl. FIGURE 22 Copying the fest al deetony (CEH Tab Manual Page 1535 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet PeckbiedModule 17 - Cloud Computing ‘k WampServer icon from the notification area, and sclect Apache B tasne > Apache modules > ssi_module. Configure ssLmodule FIGURE 222 Selesing Apache modes FIGURE 225 selecting seL mo ‘CEH Lab Maral Page 1586 Tihleal Hacking and Gounvereasuree Copyright © by EO-Counell TAT Rights Resrved. Reproduction Stiety Probed‘Module 17 - loud Computing 35, Wampserver restarts as soon as you select sst_module. 36. Navigate to ¢Awampibiniapachelapache2.4,2\confextra and open Ittpd-ssl.conf with Notepad+~. 37. Scroll down to line 39 to view the port on which apache is listening. Ensure that the port number should be 443, © Sees yen Sere gam sre ace now eon 2 2OR8 » GQ 4H@B\aclae)ts)aq)> Fo emew dey eet ent rar FIGURE 2.24 Viewing the post uber 38. Scroll down to line 76 and comment the line by adding # before the code. Se sors ler Sey Ung Serer Me Aa Fig Whe 7 2U88 » .al4m@Rlaci@e|<|Ga/™ /Fo|sene de> isco oR eeaSTE PIGURE 225 Bang cont (CEH Tab Manual Page 1537 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet Peckbied‘Module 17 - loud Computing 39. Scroll down the file and: In line 86, change the path of DocumentRoot to "C:iwampiwwwi" b. In tine 87, change the ServerName to localhost:443 c. In line 89, change the path of ErrerLeg to "Ciwampilogs/sst from the line 208. 45. Add the following lines: 2) line 208: options Indexes FollowSymLinks MultiViews b) line 209: AllowOverride All 9 FIGURE 228 Eating stent 46, In Wine 245, change the CustomLog path to "Crlwampllogs/ss|_request.log" Ea Sens ew Beary lmpage Sete Has Rn Pore Wren 7 oOH ..S\4mR/2e¢\a%) et /Q9)% i[Fa|eeow 3] peor ae aT FIGURE 22% Eating secon ‘CEH Lab Mama Page 159 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet PeckbiedModule 17 - Cloud Computing 47. Save the Be Ser ven exotrs Urmepe serge Have Ain Pare icon 7 a ww Pelt 8) FIGURE 20 Swing the fle 48. Navigate to CAwamplbiniapachelapache2.4.2iconf, and open httpd.conf file with Notepad++, uncomment line $14 by removing “#” before the code in the line. aoc pach calico Ree tor sero. ver Easy lnpage setnes Pace Ain Page Wren? 22H » A/c eR/Delae(es/Ga 49. Click File from the menu bar, and click Save, 50. Navigate to Gwampibiniapache| and select mdHere. yehe2.4.2, right-click bin folder, 51. In the command prompt, type httpd -t and press Enter. If all che syntax you entered is correct, it returns a message stating Syntax OK. ‘This command lets you know if there are any syntax errors. Repeat the procedure until the command returns the message Syntax OK. FIGURE 22: Cheong for yan eons ‘CEH Lab Maral Page 1510 Tihleal Hacking and Gounvereasuree Copyright © by EO-Counell TAT Rights Resrved. Reproduction Stiety ProbedModule 17 - Cloud Computing 52. ‘lick che WampServer icon in the notification area, and click Restart All Services. Wait until the icon turns green. 53. Launch a command prompt, type the command netstat -an | more and press Enter. This will list all the ports running on the machine. Ensure that port 443 is listening, FIGURE 2.3 Ising netstat commun in comand proc 54, Launch a web browser, type the URL https://localhost/ownCloud in the address bar, and press Enter. TB tasK 7 Browse on Https. Chan 55. A webpage might appear, stating that the site’s SSI. certificate is not trusted. Click Proceed anyway. A The site's security certificate is not trusted! seca He neuen FIGURE 2.34, $8. cenifeate er ‘CEH Lab Manual Page 1501 Tihleal Hacking and Gounvereasuree Copyright © by EO-Counell TAT Rights Resrved. Reproduction Stiety Probed‘Module 17 - loud Computing 56. You will be redirected to the login page, as shown in the screenshot: oa : Cite /focaos Login FIGURE 235 Bowaing wee on hips chase 57. Now you can transfer cloud data over the secure channel to prevents hackers from sniffing passwords or any other information in plain text, as the https channel offers encryption to the data traversing through it. Lab Analysis Analyze and document the results related to this lab exercise, Provide your opinion of your target’ security posture and exposure through public and free information. PLEASE TALK TO YOUR INSTRUCTOR IF YOU HAVE QUESTIONS RELATED TO THIS LAB. No Platform Supported 1 Classroom Bilas “Eical Hacking and Coumermenvares Copy © by EE Counell ‘CEH Lab Manual Page 1512 ‘AI Righs Reserved Repeodton Suet PeckbiedON KEY Valuable information A Test your knowledge BL Wor exercise 1D Workbook ceview ‘Module 17 - loud Computing Harvesting Cloud Credentials by Exploiting Java Vulnerability A Java applet is a small application written in Java and delivered to users in the form of lotecode. The ser launches the Java applet jrom a web page, and the applet is then executed by a Java Virtual Machine VM), in a process separate from the web browser its Lab Scenario An attacker might enforce social engineering techniques to entice a vietim into licking malicious links that contain code executed remotely. When the victim clicks the link, the attacker can gain access to the machine and perform ‘malicious activities such as keylogging, spying, and others Asa security administrator, you need to be familiar with the Social Engineering ‘Toolkit to perform various tests for vulnerabilities on the network. Lab Objectives ‘The objective of this lab is to help students learn how to: = Clone a website 2 Tools = Exploit java vulnerability and gain access to the vietim’s machine domonstrated in . v logging to fueuubae Perform key logging to gain user credentials available DACEH- i ToolsCEHv Lab Environment peas 18 ‘To complete this lab, you will need: ryptographyHea rtbleed = Java Runtime Environment (jre-Tu6-windows-i886.exe) located in DACEH-Tools\GEHv9 Module 11 Hacking Webservers\Webserver Attack ToolsiMetasploit Framework + Window Server 2012 running as a host machine "Window 7 running as a virtual machine = Window Server 2008 running as a virtual machine ‘CEH Lab Manwal Page 156 ‘ibical Hacking ad Coumcrnanares Cop © by E-Bounll ‘AI Righs Reserved Repeodton Suet PeckbiedModule 17 - Cloud Computing "Kali Linux running as a virtual machine = Administrative privileges to run the tool = Aweb browser with Intemet access in both the machines Lab Duration ‘Time: 20 Minutes Overview of the Lab This lab demonstrates exploitation performed on a java vulnerable machine, Here, you will be running a vulnerable version of java runtime environment on a Windows 7 machine, and use an exploit from Kali Linux which allows you to gain remote access to the machine (Windows 7). Lab Tasks Note: Before running this lab, log in to Windows Server 2008 and ensure that you stop IIS admin service and World Wide Web Publishing Service (if you have the service installed on the machine). To stop the service, go to Start > Administrative Tools > Services, right-click MS Admin Service and click Stop, right-click Werld Wide Web Publishing Service and click Stop. Also ensure that you stop Internet Information Services (IIS) Manager and Intetnet Information Services (11S) 6.0 Manager. To stop Internet Information Services (TIS) Manager, go to Start > Administrative Tools > Intemet Information Services (IIS) Manager, right-click on the server name in the left pane and click Stop to stop the manager. To stop Intemet Information Services (IIS) 6.0 Manager, go to Start > Administrative Tools > Internet Information Services (UIS) 6.0 Manager, tight: click on the server name in the left pane, and click Disconnect to disconnect the ‘manager. Make sure that you delete all the cookies in the browser in which you will be hosting ‘ewnCloud, and make sure that WampServer is kept online throughout this lab. Tn Windows Server 2008, click Start button at the lower left comer of the screen, and then click start WampServer in order to launch the WampServer application. ‘CEH Lab Manual Page 1544 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘A Rights Reserved Reproduction Sty Profit‘Module 17 - loud Computing Tovasx a 1. Launch Windows 7 virtual machine, and log into it as an administrator. Install Java 2. Navigate to ZACEHW9 Module 11 Hacking WebserversWebserver Runtime Attack Tools\Metasploit Framework, and double-click jre-7u6- Environment windows-i586.exe. GO oT « Weise + Meats Famenor: get Opt Nee en, (re ewindowree 777014238 PM Appkeation GU mescporiner-ningoweinnalerewe «1/2659 AM appacmion FIGURE 3. sali Jara Ruatine Eavionment Note: If an Open File Security Warning pop-up appears, click Run. If a User Account Control pop-up appears, click ¥¢ If a Windows Security dialog-box appears, enter the credentials of Windows server 2012. 3. Java Runtime Environment installation wizard appears; follow the wizard driven installation steps to install the application. foal Welcome to Java Java provides safe and secure access to the world of amazing Java content From business solutions to helpful utilities and entertainment. Java makes your itemet experience come to lite, Note: No personal information is gathered as part of our install process, Click here for more information on what we do collect. {ick install to accept the license agreement and install Java now. FIGURE 32: losaling Java Ruane Eavtonrent (CEH Tab Manual Page 1515 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet PeckbiedModule 17 - Cloud Computing 4. Now, log into the Kali Linux virtual machine virtual Launch a command line terminal, type the command service apache2 start and press Enter to start the apache server FIGURE taring apache Serie 6. Go to Applications > Kali Linux > Exploitation Tools > Social Engineering Toolkit > setoolkit to launch the social engineering toolkit. FIGURE 34; Launching toot ‘CEH Lab Manual Page 16 Tihleal Hacking and Gounvereasuree Copyright © by EO-Counell TAT Rights Resrved. Reproduction Stiety ProbedModule 17 - Cloud Computing You will be presented with a social engineering toolkit menu. ‘Type 4 and press Enter to choose Social-Engineering Attacks. Bl tasK 2 Perform Java Applet Attack The Social-Engineer Tootkit is a product of TrustedSec Cent ny een rat eae) FIGURE 35: Choosing Sc Eagles Atachs Option 8. A list of menus in Social-Engineering Attacks will appear, type 2 and press Enter to choose Website Attack Vectors The Sociat-Engineer Toolkit is a product of Trustedsec Verse ees ‘CEH Lab Manval age 150 ihical Hacking and Countenmeanaren Copyighe © by EE-Counell TAT Rights Resrved. Reproduction Stiety ProbedModule 17 - Cloud Computing 9. In the next menu that appears, type 1 and press Enter 0 choose Java ‘Applet Attack Method. TbNabb In ce eer Re eine) ava Applet meat FIGURE 37: Chosig Java Applet tack Meth 10. Now, type 2 and press Enter to choose Site Cloner in the menu. FIGURE 3. Choosing Ste Cloner Optica ‘CEH Lab Maral Page 18 Tihleal Hacking and Gounvereasuree Copyright © by EO-Counell TAT Rights Resrved. Reproduction Stiety ProbedModule 17 - Cloud Computing 11. A prompt appears asking you if you are using NAT/Port Forwarding, 12. Type the IP address of the Kali Linux machine (here, 404 press Enter. ‘CEH Lab Maral Page 19 Tihleal Hacking and Gounvereasuree Copyright © by EO-Counell TAT Rights Resrved. Reproduction Stiety ProbedModule 17 - Cloud Computing 13. A list of Java Applet Configuration Options appears. ‘Iype 2 and press It by SET FIGURE 311 Using Def 14, You will be asked to enter the URL of the website which you want to clone. ‘Type httpsi/10,0,0.9/wnCloud (where 10,0.0.9 is the IP address of Windows server 2008 machine hosting ownCloud), and press Enter. ‘CEH Lab Manual Page 155 Tihleal Hacking and Gounvereasuree Copyright © by EO-Counell TAT Rights Resrved. Reproduction Stiety ProbedModule 17 - Cloud Computing 15. Once the website is cloned, a list of payload options will be displayed in which you need to choose one. 'Type the number associated with the Windows Meterpreter Reverse TCP X64 payload (here, 7), and press Enter. FIGURE 4.15: Seley Meterprees Reverse "ICP X64 Psload 16. Leave the listening port set to default (port 443) by pressing Enter. ‘CEH Lab Manual Page 1551 Tihleal Hacking and Gounvereasuree Copyright © by EO-Counell TAT Rights Resrved. Reproduction Stiety ProbedModule 17 - Cloud Computing 17. The payload handler begins, as shown in the screenshot: 1GURK 3.15: Payload Handler Begin Note: In real-time, an attacker will be send the IP address of the Kali Linux machine to a victim and entice him or her to browse the IP address. Since this is a lab demonstration, you will directly browse the cloned webpage through the Windows 7 machine. 18, Switch to Windows 7 virtual machine, launch Firefox web browser, type the URL httpu/10.0.0.4 and press Enter. 19. You will be redirected to the cloned webpage, which can be evident by observing the IP address of the attacker machine in the address bar. A notification appears on the webpage stating Firefox has prevented the plugin, click Allow... button to proceed with the current version of Java. FIGURE 416 Allowing she Oue dtd Plage ‘CEH Lab Mana Page 1552 Tihleal Hacking and Gounvereasuree Copyright © by EO-Counell TAT Rights Resrved. Reproduction Stiety Probed‘Module 17 - loud Computing 20. A pop-up notification appears; click Allow and Remember. € 8 evo Fara eee ote page on Uaioe) [agement] Pasomoed FIGURE 317: Pop-Up Nesfeaon 21, Security Warning pop-up appears, check | accept the risk and want to run this application, and click Run. Do you want to run this application? tame: Verified Trusted and Secure (VERIFIED) Publisher: sworn From: hpi//i0.004 [Riste This appcation wi run with unrestricted access which may put your computer and personal ‘formation at rik. Run this application ony if you trust the publisher. More Information ‘Select the box below, then dick Run to start the application [accept the rick and want torun ths application] Ces] (Q srow Options: FIGURE 5.18 Seery Warning Pop-Up 22. If a pop-up appears stating that an exe file has stopped working, click Close the program, Otherwise, skip to the next step. (CEH Tab Manual Page 1583 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet Peckbied‘Module 17 - loud Computing 23. A webpage appears stating that “The Connection is Untrusted”; click Advanced, A UnrtedCemecion € 2 on nan onc e)[a resne HR ore erent cornet secre eet ect coment our omen Noma ten yout 9 ee cs el eae defn vette ‘repanpitherg pace Nove het ety cate ‘What Should Dot {you vy comets tet pele tere es man ater rae ‘mows tin wndyenoasnt cone + Technical Details [Liedeerand sie Rita] @ yeu ndrtand a ung yuan te Fit at cing tat erect fmt {ut hee se col ean at one amp wit yu Come: ant add an capone ne god iy he doen ad ‘Soetentan (Caregen ] © FIGURE 319 Adding Exception 24.'The Add Security Exception dialog-box appears; click Confirm Security Exception. es i ec = ‘cae RE (es) eS Wrong te eetonse ae ‘tne ety ‘etn ed eae ht an ly ta tc oer FIGURE 420 Config Scusty Exception (CEH Tab Manual Page 1554 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet PeckbiedModule 17 - Cloud Computing Dl tasK 3 28. Switch to the Kali Linux virtual machine, and open the command-line terminal in which you have configured the java applet attack. Observe Perform Keylogging the series of metexpreter sessions (here, sessions have been recorded) FIGURE 321 Meee Sesions 26. Ignore the error messages. Type sessions -i [number of the meterpreter session] (here, Sth session has been chosen) command, and press Enter to launch the corresponding meterpreter session. FIGURE 32: Lasaching + Meterpete Sein ‘CEH Lab Mansa age 15 Thea Hacking and Gounicrcanare Copyigh © by EB-Pomell TAT Rights Resrved. Reproduction Stiety ProbedModule 17 - Cloud Computing 27. A. meterpreter session has been successfully established. keysean_start and press Enter to begin keylogging, Type FIGURE 525 String Keylogger ‘Note: If the message “Unknown command” is displayed, type background and press Enter to background the current meterpreter session; then type sessions -i {number of the another meterpreter session] and press Enter. 28. Now, (shane /florida@123), and click Log in switch back to Windows 7 machine, enter the user credentials On rs owntloud IGURE 324: Lagging in v0 OwnCloud ‘CEH Lab Manual Page 156 Tihleal Hacking and Gounvereasuree Copyright © by EO-Counell TAT Rights Resrved. Reproduction Stiety ProbedModule 17 - Cloud Computing 29. Switch back to the Kali Linux machine, type keysean_dump and press Enter. Observe the credentials you entered in the previous step, as shown in the screenshot: FIGURE 325: Damping Key 30. Thus, you have successfully established meterpreter session with the as well as attained the ownCloud credentials of a user by victim machin« ag the ja preform spplet attack, Lab Analysis Analyze and document the results elated to this lab exercise. Provide your opinion of your target’s security posture and exposure through public and free information. TALK TO YOUR INSTRUCTOR IF YOU HAVE QUESTIONS RELATED TO THIS LAB. Platform Supported © Classroom ‘CEH Lab Mana Page 155 Tihleal Hacking and Gounvereasuree Copyright © by EO-Counell TAT Rights Resrved. Reproduction Stiety Probed© Valuable information F Tes yor eowledge FL Wer exercise D Workbook review ‘Module 17 - loud Computing Performing Cloud Vulnerability Assessment Using Mobile-Based Security Scanner ANTI ANTI is a mobile penetration-testing toolkit that lets security managers assess the risk, lel of a network with the push of a button. This easy-to-use mobile toolkit enables IT Security Administrators to simulate an advanced attacker to identify the ‘malicious techniques they use to compromite corporate networks. Lab Scenario ZANTI enables Security Administrators to effectively assess an organization’s system and naturally diagnose vulnerabilities in cell phones or sites utilizing a large group of infiltration tests including, man-in-the-middle (MITM), secret word splitting, and metasploit. AS a security administrator, you need to ensure that the website related to your organization provides encryption to the communications passing through HTTP channel. Lab Objectives ‘The objective ofthis lab is to help students learn how to scan for vulnerabilities in cloud environment through Android Mobile Devices. Lab Environment © Tools ‘To complete this lab, you will need: demonstrated in this lab are = A Computer running Windows Server 2012 as Host Machine available DCEH- = A Computer running Windows Server 2008 as a Target Machine with ToolsiCEHv9 ‘ownCloud installed with Heartbleed vulnerability Module 15 5 Hacking Mobile | ZANTIis located at DACEH-Tools|CEHv9 Module 15 Hacking Mobile Platforms PlatformsiMobile Pentesting ToolkittZANTI ‘CEH Lab Maal Page 1558 ‘ibical Hacking ad Coumcrnanares Cop © by E-Bounll ‘AI Righs Reserved Repeodton Suet PeckbiedModule 17 - Cloud Computing = You can download the latest version of 2ANTI from hups:/ /www.zimperium.com//zanti-mobile-penettation-testing. = Ifyou decide to download the latest version, screenshots and steps might differ in your lab environment. "Run this lab in Android as Attacker Machine "Administrative privileges to run the tool = A.web browser with Intemet access in both che machines Lab Duration ‘Time: 20 Minutes Overview of Lab SSL/TLS provides communication security and privacy over the Internet for applications such as web, cmail, instant messaging (IM) and some virtual private networks (VPNs). Data flowing through the channel is encrypted and is difficult to decode. Lab Tasks Note: Before running this lab, log in to Windows Server 2008 and ensure that you stop IIS admin service and World Wide Web Publishing Service (ff you have the service installed on the machine). To stop the service, go to Start > Administrative Tools > Services, right-click HS Admin Service and click Stop, right-click Werld Wide Web Publishing Service and click Stop. Also ensure that you stop Internet Information Services (IIS) Manager and Internet Information Services (IIS) 6.0 Manager. To stop Internet Information Services (IIS) Manager, g0 to Start > Administrative Tools > Internet Information Services (IIS) Manay right-click on the server name in the left pane and click Stop to stop the manager. ‘To stop Intemet Information Services (IS) 6.0 Manager, go to Start > ‘Administrative Tools > Internet Information Services (US) 6.0 Manager, tizht- click on the server name in the left pane, and click Disconnect to disconnect the ‘manager. Wob Publishing Service ‘Make sure that you delete all the cookies in the browser in which you will be hosting ‘ownCloud and make sure that WAMPServer is kept online throughout this lab. 1, In Windows Server 2008, click Start button at the lower-left comer of the screen, and then click start WAMPServer (0 launch WAMPServer. ‘CEH Lab Maral Page 159 “Eical Hacking and Coumermenvares Copy © by EE Counell “Al igh Revcved. Reproduction Set PeobtedModule 17 - Cloud Computing 2. Launch the Android machine from Hyper-V Manager, and wait until ic boots. Then click Menu icon, as shown in the figure, to view installed Launch Apps apps. Uncover authentication, trckdoor, and brate-force stacks, DNS and rotoco-pecc tacks ‘prehensive network recoaisance FIGURE 41: Ancoid Eevlaor main See 3. Now, click ES File Explorer app from apps menu to access the shared folder from Windows Server 2012 Highligh ecu gap in our esting neserk sd tobe defenses and ress with out ase FIGURE 42: Android Einlaor Ap Screen ‘CEH Lab Manual Page 1500 Tihleal Hacking and Gounvereasuree Copyright © by EO-Counell TAT Rights Resrved. Reproduction Stiety ProbedModule 17 - Cloud Computing 4. The ES File Explorer window appears; in the left pane, click Network B rasw 3 node, and click LAN in the ‘Accessing Shared Folder from Windows 2ANTI mors ‘cthods ayer attacker ‘in se te deny secu holes within your network FIGURE 4. ES Fle Explorer Main Window In the LAN window, click New option to connect the shared folder. Dasl-board reporting cnables businetes to see the ss and ake sppropote comrecave salons to xed 1GURE. 44; ES Fle Raporer LAN Configuration ‘CEH Lab Manual Page 1561 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘A Rights Reserved Reproduction Sty ProfitZANT produces an ‘Auseanated Neswork Map ‘hac highlights every valnenbiby oF agen target, 2ANTI ail comes token ype credit system that alowa you to acess the mote advanced Festres, bat 30 csi see the power of ANTI the fro version, “They aso mains a Score sytem of pois Module 17 - Cloud Computing 6. Server pop-up appears, type Windows Server 2012 IP address in Server field and enter Windows Server 2012 credentials in the Username and Password ficlds, and click OK to continue. 7. In this lab, the IP address of the Windows Server 2012 is 10.0.0.5, which may differ in your lab environment. Seer FIGURE 45: ES Fle Explorer Serve pop up 8 ‘The Windows Server 2012 machine will connect, as shown in the screenshot. 9. Click the computer icon to view the shared folders. FIGURE 4.6 ES File Explorer show Windows Server 2012 Machine 10. Now, it will show you all shared folders on Windows Server 2012, click the CEH-Tools shared folder. FIGURE 47 BS Pe Explorer Share CEH-Toos folder ‘CEH Lab Mama Page 1502 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘A Rights Reserved Reproduction Sty ProfitModule 17 - Cloud Computing ‘k the CEMv9 Module 15 Hacking Mobile Platforms folder to view the tools, vA cer ih ined ar neee aed ae ace nanan eee Temescal Features but you ean sll . | | ] | see the por of An swith the free version, cEmaucaies? —cEmaMeasese —cEaeakess clive Mae 10 “The ao mainein a ‘hutee"—Sea‘tngncrngGetaesemee_Seruonoctng Score system of pins -] P a a me FIGURE 4 FS Fe Explorer Shared CEH Tools ontesting Toolkit folder. FIGURE 4.9 ES Fle Explorer Shared Mobile Porm: Toss Dtask 13. Click the ZANTI folder, and then click zANTI2.apk to procced with the installation, Install ANTI ‘CEH Lab Mama Page 1563 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘A Rights Reserved Reproduction Sty Profit‘Module 17 - loud Computing 14, If the properties pop-up appears, click install to continue, BD vwvra- se 082k Version 22.10-2n(1392) see 12.05Me Package Name com empenum zat FIGURE 411: 2ANTLapk Poperies 15, The Select pop-up will ask you to choose an installer package; choose Package Installer. ‘Sean with Sophos FIGURE 412 Choosing Insler 16. If an Android device any Mobile Security app is installed, the prompt Throat Detected displays; click Continue (Q) Threat detected ZANTI2_-554146528.apk has been identified as a threat FIGURE 4.15; Theeat Detects pop-up (CEH Tab Manual Page 1564 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘AI Righs Reserved Repeodton Suet PeckbiedModule 17 - Cloud Computing 17. The prompt De you want to install this application appears; click Next to continue. 2 wnt FIGURE 4.04 2ANTH aston 1 18. When the Device Access scrcen appears, click Install ‘CEH Lab Maral Page 1565 Tihleal Hacking and Gounvereasuree Copyright © by EO-Counell TAT Rights Resrved. Reproduction Stiety ProbedModule 17 - Cloud Computing 19. ZANTI will start the Installation process, as shown in the scr 20. If the Threat detected pop-up appears, click Caneel to continue. ZANTI has been identified as a threat FIGURE 4.17 Theeat Dees pop-sp 21. Once the app is installed successfully, click Open. ea CEH Lab Manual Page 1506 ihical Hacking and Counvemeasu Al Rights Reserved. Rep ‘Copyighe © by Eb-GounellModule 17 - Cloud Computing 22. 'To run zANTI, the Android device requires Superuser access. Superuser Request pop-up appcars, choose Remember choice forever, and click Allow. ZANT! is requesting Superuser ZB vs Remember choice for 10minutes Remember choice forever FIGURE 419, Spenser Reqves pop-ap 23. If the Threat pop-up appears, click Allow to continue. TIGURE 420: Thea Popp 24. The zANTI main screen appears in the Play Store, as shown in the screenshot, with a registered email ID. “CEH Lab Manual Page 156 “Eical Hacking and Coumermenvares Copy © by EE Counell ‘A Rights Reserved Reproduction Sty ProfitModule 17 - Cloud Computing 25. Now, check 1 accept Zimperium's EULA and uncheck J Zimperium’s Security Feed; then click Start Now. FIGURE 42%; 2ANTI EULA Seren 26. The Join the zNetwork screen appeats; click Skip. roe) Ones 7. zANTI will start communicating with its servers to register. Wait until it finishes this process. coe eds FIGURE 42% Contacting Zimpesam Servers Seren ‘CEH Lab Mama Page 1568 Tihleal Hacking and Gounvereasuree Copyright © by EO-Counell TAT Rights Resrved. Reproduction Stiety ProbedModule 17 - Cloud Computing 28. "The zANTTI main screen appears; click SKIP in the upper-right corner of the window. Pein eS me FIGURE 424 Map Your Newer 29. Check 1 am fully authorized to network check box, and click Next. woe Nt form penetration testings on the Coe ‘CEH Lab Manual Page 1509 Tihleal Hacking and Gounvereasuree Copyright © by EO-Counell TAT Rights Resrved. Reproduction Stiety ProbedModule 17 - Cloud Computing 30. Click Gloek in the right side of the screen to configure 2ANTI. 1GURK. 4.26: Configuing 2ANT 31. Devices found on your network screen appears click + icon from right hand side screen to add or configure. 32. By default, it will displays IP addresses of Zimperium and scanme.nmap.org, GURK. 427: Aig a New Target, 33. Once you click on + icon Add host te Foreign pop-up appears, type the IP address of the Windows Server 2008 machine in the field, and click ox. Note: The IP address shown in this lab may differ in your lab environment, Rg FIGURE 428; Add bos co Foi ‘CEH Lab Maal Page 15 Tihleal Hacking and Gounvereasuree Copyright © by EO-Counell TAT Rights Resrved. Reproduction Stiety ProbedModule 17 - Cloud Computing 34. Once the host is added in the Devices found on your network history, click on che added hest IP address to proceed to the next step. FIGURE 425 Added new host 35. The 2ANTI target @ Added IP address of the machine screen appears. 36. Now, perform the Heartbleed vulnerability scan on the target machine (Le, Windows Server 2008). 37. To perform this scan, click Heartbleed (under Attack Options), as shown below. ‘CEH Lab Manual Page 1571 Tihleal Hacking and Gounvereasuree Copyright © by EO-Counell TAT Rights Resrved. Reproduction Stiety ProbedModule 17 - Cloud Computing 38. zANTI scans the target at the provided IP address, the results of which are shown in the screenshot. FIGURE 431: zANTI shows the Vera Sean Rent 39. Similarly, you can perform other vulnerability scans using the Attack options. Lab Analysis Analyze and document the of your target” Its related to this lab exercise. Provide your opinion sture and exposure through public and free information, PLEASE TALK TO YOUR INSTRUCTOR IF YOU HAVE QUESTIONS RELATED TO THIS LAB. a [omer Yes eee Platform Supported HZ Classroom Cilabs ‘CEH Lab Mama Page 1572 Tihleal Hacking and Gounvereasuree Copyright © by EO-Counell TAT Rights Resrved. Reproduction Stiety Probed