Project 2: Hijack This 10 Points

What You Need for This Project

Warning! "Ethical Hacking and
 A trusted computer running any
version of Windows, with Internet Network Defense" students will
access. capturing passwords in room S214.
 You need administrator privileges Don't do online shopping, personal
on the computer. e-mailing, or any other private
Choosing an Operating System computer work in that lab. Make up
1. Start a machine. Each machine a new password just for that lab.
in S214 has many operating
systems, and you can use any of
Nothing you do in that lab is private!
them. For this project, I
recommend that you use Vista or Windows 7 Beta. Log in as Student with no password.
Installing HijackThis
2. Open Firefox. Go to http://www.majorgeeks.com/files/details/hijackthis.html
3. Click one of the links in the "Download Locations" section and follow the instructions on
your screen to download HijackThis. If the download doesn't start, check to see if NoScript is
blocking it. If you see the "Scripts Currently Forbidden" message at the bottom of the
Firefox window, click the Options button and then click "Temporarily Allow All This Page".
4. Double-click the hijackthis file you downloaded--it is a WinZip self-extracting file. Click the
Browse button and browse to your Desktop. Unzip the file.
5. A hijackthis_sfx.exe file appears on your desktop.
6. Minimize all windows. On your desktop, right-click the hijackthis_sfx.exe file and click
"Run as Administrator".
7. In the "Open File – Security Warning" box, click Run.
8. In the "User Account Control" box, click Yes.
9. In the "WinZip Self-Installer" box, click Unzip. A box pops up saying "1 file(s) unzipped
successfully". Click OK. Close the "WinZip Self-Installer" box.
Running HijackThis
10. Click Start, Computer. Double-click the C: drive to open it. If you don't see the files or
folders, click "Show contents".
11. Double-click the "Program Files" folder.
12. Double-click the "HijackThis" folder.
13. Right-click the "HijackThis.exe" file and click
"Run as Administrator".
14. In the "User Account Control" box, click Yes.
15. A HijackThis box pops up with a warning
message. Read it and click OK.
16. The main HijackThis box appears, as shown to
the right on this page. Click the "Do a system
scan and save a logfile" button.

CNIT 123 Bowne Page 1 of 14

 Project 2: Hijack This 10 Points

Analyzing the Logfile at HijackThis.de

17. A logfile appears in Notepad,
with a long list of processes
and registry keys, as shown
to the right on this page. This
list is hard to understand in
this form, so we'll use a free
online tool to interpret it.
18. In Firefox, go to
hijackthis.de
19. At the bottom of the Firefox
window, you should see a
"Scripts Partially Allowed"
message. Click the Options
button and then click "Allow
hijackthis.de".
20. The page reloads, and the "Scripts Partially Allowed" message appears again, but it's OK
now because the only scripts we need are the ones from hijackthis.de.
21. Click in the Notepad window showing the log file. Press Ctrl+A to select all the text, and
Ctrl+C to copy it to the Clipboard.
22. In the Firefox window, in the hijackthis.de page, point to the large box titled "You can paste
a logfile in this textbox". Right-click and click Paste. The text should appear in the box.
23. In the hijackthis.de page, at the bottom, click the Analyze button.
24. You should see a list of items found on your computer, with a graphical rating of each item's
safety, as shown below on this page. This is very useful when trying to clean spyware off
infected computers!

CNIT 123 Bowne Page 2 of 14

 Project 2: Hijack This 10 Points

Saving a Screen Image

25. Make sure the hijackthis.de Web page is open, showing some of the items from your machine
with safety ratings.
26. Press the PrintScrn key in the upper-right portion of the keyboard. That will copy the whole
desktop to the clipboard.
YOU MUST SUBMIT WHOLE-DESKTOP IMAGES FOR FULL CREDIT
27. Click Start. Type PAINT. Click Paint. Click in the Paint window and press Ctrl+V.
28. Save the image with the filename Your Name Proj 2. Select a Save as type of JPEG.
29. Email the JPEG image to me as an attachment to an e-mail message. Send it to:
cnit.120@gmail.com with a subject line of "Proj 2 From Your Name", replacing Your Name
with your own first and last name. Send a Cc to yourself.

Last Modified: 9-2-14

CNIT 123 Bowne Page 3 of 14

 Project 2: Hijack This 10 Points

CNIT 123 Bowne Page 4 of 14

 Project 4: Port Scans and Windows Firewall Worth 20 Points

 Two computers running any version of Windows, with Internet access.

 You need administrator privileges on both computers.
Find a Partner
1. You will need two machines working together for this project: choose one to be the Scanner
and the other to be the Target.
Use Windows 7 for Both Machines
2. Start both the Scanner and Target machines. Log in as Student with no password.
Installing the Nmap Security Scanner on the Scanner Machine
3. On the Scanner Machine, open Firefox. Go to nmap.com
4. In the upper center portion of the page, click Download.
5. Scroll down to the "Windows (NT/ME/2K/XP/Vista) binaries" section. Click the link labeled
"Latest stable release self-installer". When I wrote these instructions, it was nmap-4.76-
setup.exe.
6. Save the installer file on your desktop.
7. Minimize all windows. On your desktop, double-click the nmap installer file. Click through
all the security warnings and install the software with the default options. It may also install a
WinPCap program, that is normal.
Finding the IP Address of the Target Machine
8. On the Target Machine, click Start.
In the Search box, enter CMD and
press the Enter key. Target IP: ____________________
9. In the Command Prompt window,
enter the IPCONFIG command and press the Enter key. Several IP addresses appear. Scroll
back to see the first few addresses, and find the one that starts with 192.168.1. That is the IP
address of the network interface that connects to the room's LAN. Write that address in the
box to the right on this page.

CNIT 120 – Bowne Page 5 of 14

 Project 4: Port Scans and Windows Firewall Worth 20 Points

Turning the Target Machine's Firewall Off

10. On the Target Machine, press the Windows logo key on the lower left of the keyboard ( ). Type
FIREWALL into the search box.
11. "Windows Firewall" should appear in the Programs list. If it's not already highlighted, press
the down-arrow as needed to highlight it. Then press the Enter key.
12. A "Control Panel ► System and Security ► Windows Firewall" box opens. On the left side,
click "Turn Windows Firewall on or off". If a "User Account Control" box pops up, click
Continue.
13. In the "System and Security ► Windows Firewall ► Customize Settings" box, click both of
the "Turn off Windows Firewall (not recommended)" buttons. Click OK.
Scanning the Target Machine
14. On the Scanner Machine's desktop, double-click "Nmap – Zenmap GUI".
15. In the Zenmap window, in the Target: box, type the "Target IP" you wrote in the box on the
previous page. Click the Scan button.
16. Nmap results appear in the lower pane. Scroll down to the main chart showing "PORT
STATE SERVICE VERSION" in blue letters with green results under it, as shown below
on this page.

17. The purpose of this scan is to determine what ports are open, so you can determine how
secure a device is, and whether a firewall is working properly. Nmap should find at least one
port open on the machine—almost all Windows machines have ports 135, 139, and 445 open.

CNIT 120 – Bowne Page 6 of 14

 Project 4: Port Scans and Windows Firewall Worth 20 Points

There may be other ports open as well. Those ports are potential vulnerabilities an attacker
could use to enter your computer.
Saving a Screen Image
18. On the Scanner Machine, make sure the Zenmap window is visible, showing at least one
open port.
19. Press the PrintScrn key to copy the whole desktop to the clipboard.
20. Click Start. Type PAINT. Click Paint. Click in the Paint window and press Ctrl+V.
21. Save the image with the filename Your Name Proj 4a. Select a Save as type of JPEG.
Turning the Target Machine's Firewall On with No Exceptions
22. On the Target Machine, press the Windows logo key on the lower left of the keyboard ( ). Type
FIREWALL into the search box.
23. "Windows Firewall" should appear in the Programs list. If it's not already highlighted, press
the down-arrow as needed to highlight it. Then press the Enter key.
24. A "Control Panel ► System and Security ► Windows Firewall" box opens. On the left side,
click "Turn Windows Firewall on or off". If a "User Account Control" box pops up, click
Continue.
25. In the "System and Security ► Windows Firewall ► Customize Settings" box, click both of
the "Turn on Windows Firewall" buttons. Also check both of the "Block all incoming
connections, including those in the list of allowed programs" boxes. Click OK.
\Scanning the Target Machine
26. On the Scanner Machine's desktop, double-click "Nmap – Zenmap GUI".
27. In the Zenmap window, in the Target: box, verify that the "Target IP" is entered correctly.
Click the Scan button.
28. Nmap results appear in the lower pane. Scroll down and find this message "All 1000 scanned
ports … are filtered", as shown below.

CNIT 120 – Bowne Page 7 of 14

 Project 4: Port Scans and Windows Firewall Worth 20 Points

29. Now all ports are closed. This is a safer setting for the firewall, but it will prevent the machine
from sharing files or printers.
Saving a Screen Image
30. On the Scanner Machine, make sure the Zenmap window is visible, showing the message
"All 1000 scanned ports … are filtered".
31. Press the PrintScrn key to copy the whole desktop to the clipboard.
32. Click Start. Type PAINT. Click Paint. Click in the Paint window and press Ctrl+V.
33. Save the image with the filename Your Name Proj 4b. Select a Save as type of JPEG.
Turning in Your Project
34. Email the JPEG images to me as attachments to a single email message. Send it to:
cnit.120@gmail.com with a subject line of Proj 4 From Your Names, replacing Your Names
with the complete names of both partners. Send a Cc to yourself.

Last Modified: 8-21-12

CNIT 120 – Bowne Page 8 of 14

 Project 5: WOT Worth 10 Points
Purpose: WOT (Web of Trust) is a Firefox extension that warns you about sites that are known to be dangerous. Sites have a
reputation, assigned by other WOT users. This protects you from scams, phishing sites, sites hosting malware, pornography,
and other Internet nasties.
Requirements: You need a Windows or MAC computer (any version) connected to the Internet. I
assume you are using Windows 7 in S214 in the instructions, but any other version should be fine too.
This project should be harmless.
Start your Computer in Windows 7
1. Boot your machine to Windows 7 (any version). Log in with any account that has
Administrative privileges, such as the Student account.
Installing WOT
2. Open Firefox. If you don't have Firefox, use Internet Explorer (or Safari), go to
getfirefox.com, and download it.
3. From the Firefox menu bar, click Tools, Add-ons. If WOT is already installed, remove it and
restart Firefox.
4. In the Add-ons box, in the search field, type WOT as shown below on this page. Press the
Enter key.

5. In the Add-ons box, click the "Add to Firefox…" button.

6. In the "Software Installation" box, click the "Install Now" button.
7. In the Add-ons box, click the "Restart Firefox" button.

CNIT 106 - Bowne Page 9 of 14

 Project 5: WOT Worth 10 Points
Identifying Risky Websites
8. In Firefox, go to google.com
9. In the Google page, search for WAREZ
10. "Warez" are illegal, modified versions of copyrighted software products. As you might
expect, many warez sites are harmful to visit. WOT has flagged many of the search results
with little round icons, as shown belown on this page. The red icons indicate dangerous sites,
and the green ones indicate safe sites. Hover over an icon to see its detailed rating.

Saving
the Screen Image
11. Make sure at least one WOT rating icon is visible.
12. Press the PrntScn key to copy whole screen to the clipboard.
13. Open Paint and paste in the image. Save it with the filename Your Name Proj 5.
Turning in your Project
14. Email the image to me as an email attachment. Send the message to: cnit.120@gmail.com
with a subject line of Proj 5 From Your Name, replacing Your Name with your own first and
last name. Send a Cc to yourself.

Last modified 8-12-11

CNIT 106 - Bowne Page 10 of 14

 Project 5: WOT Worth 10 Points

CNIT 106 - Bowne Page 11 of 14

 Project 9: MD5 Collisions 15 Points

What You Will Need

 A computer Windows 7 (or Windows XP, or Vista)
 Administrator privileges
 The instructions assume you are using Windows 7
Downloading and Installing HashCalc
1. Open Firefox and go to slavasoft.com/hashcalc
2. On the upper left, click the blue "Hashcalc 2.02´link. Save the Zip file on your desktop.
3. On your desktop, right-click the hashcalc.zip file and click "Extract All" Click Extract.
4. A hashcalc window opens containing a setup.exe file. Double-click the setup.exe file and
install the software with the default options.
Downloading and Installing the Hello.exe and Erase.exe Files
5. Open Firefox and go to www.mscs.dal.ca/~selinger/md5collision
6. Scroll down to the section titled "An evil
pair of executable programs", as shown to
the right on this page.
7. Click the hello.exe file. Save it on your
desktop.
8. Click the erase.exe file. Save it on your
desktop.
Running the Files
9. Normally a MD5 hash is used to verify that
a file has not been altered. If two files have the same
hash value, they are expected to be identical.
10. On your desktop, double-click the hello.exe file. In
the "Open File - Security Warning" box, click Run.
A box opens saying "Hello World", as shown to the
right on this page.
11. On your desktop, double-click the erase.exe file.
In the "Open File - Security Warning" box, click
Run. A box opens saying "This program is
evil!!!", as shown to the right
on this page.

Capturing the Screen Image

12. Make sure the "This program is evil!!!" message
is visible.
13. Press the PrntScn key to copy whole screen to the clipboard. Open Paint and paste in the
image. Save it as a JPEG, with the filename Your Name Proj 9a.

CNIT 120 - Bowne Page 12 of 14

 Project 9: MD5 Collisions 15 Points

Calculating the Hash Values

14. Click Start and type in HASH
15. In the search results, click HashCalc.
16. A gray HashCalc box opens.
17. Drag the hello.exe file from your desktop and drop it in the HashCalc window.
18. The MD5 hash appears, ending in 007, as shown below on this page.

19. Drag the erase.exe file from your desktop and drop it in the HashCalc window.
20. The MD5 hash appears, ending in 007, as shown below on this page.

CNIT 120 - Bowne Page 13 of 14

 Project 9: MD5 Collisions 15 Points

Capturing the Screen Image

21. Make sure the MD5 hash ending in 007 is visible.
22. Press the PrntScn key to copy whole screen to the clipboard. Open Paint and paste in the
image. Save it as a JPEG, with the filename Your Name Proj 9b.
Turning in your Project
23. Email the JPEG image to me as an attachment. Send the message to cnit.120@gmail.com
with a subject line of Proj 9 From Your Name. Send a Cc to yourself.
Last modified 7-31-11

CNIT 120 - Bowne Page 14 of 14