Professional Documents
Culture Documents
Range
192.168.1.0
255.255.255.0
Network 2
192.168.2.0 255.255.255.0
Network 3
192.1683.0 255.255.255.0
Network 4
192.168.4.0 255.255.255.0
Addresses
Router 1= 192.168.1.1
255.255.255.0
Router 2= 192.168.1.2
255.255.255.0
Router 3= 192.168.1.3
255.255.255.0
Router 1= 192.168.2.1
255.255.255.0
PC1= 192.168.2.2
255.255.255.0
Router 2= 192.168.3.1
255.255.255.0
PC2= 192.168.3.2
255.255.255.0
Router 3= 192.168.4.1
255.255.255.0
Backtrack 5= 192.168.4.2
255.255.255.0
Router Configuration
The Routers were configured with the following instructions which are confirmed by hitting
the enter key.
Command
Configure terminal
Interface f0/0 192.168.1.X 255.255.255.0
No shutdown
exit
Notes
Note this should be the connection from
router to switch. The X is also a placeholder
for whichever router youre configuring. It is a
variable
Exits the configuration for this connection
Configure terminal
Interface f0/1 192.168.1.X 255.255.255.0
No shutdown
exit
Show ip int brief
The next step was to configure the Routers with RIP protocol to do this the instructions are;
Command
Router rip
Version 2
Network 192.168.x.0
Network 192.168.x.0
Notes
Enables RIP version 1
Enables RIP version 2
Note this should be the connection from
router to switch. The X is also a placeholder
for whichever router youre configuring. It is a
variable. First for the PCs network.
Note this should be the connection from
router to switch. The X is also a placeholder
for whichever router youre configuring. It is a
variable. Second for the Routers Network
exit
Configuring DHCP (Dynamic Host Configuration Protocol)
Command
IP dhcp excluded-address 192.168.x.1
Lease 23
exit
Notes
This is the address that of the router we
exclude it from the range to prevent it from
being assigned to the computers.
The X is a place holder for which network it
is.
This sets the router to the default gateway.
Sets the the router as the dns server for the
network.
X is a placeholder for which network it is.
This command creates a network range to
assign addresses from.
Leases the addresses for 23 days.
After you do this save the configuration settings so the routers do not rest to factory settings
after you turn them off.
Command
Lease 23
exit
PING the PCs
Notes
Leases the addresses for 23 days.
Switch over to the other computers and ping the previous computer.
The encryption of the password is RSA (RC4) encrypted as established by the second
screenshot the encryption runs anywhere between the two connections.
The point of this demonstration is to establish that the RSA encryption prevents the remotes
desktop access cannot be observed via wireshark.
Notes
The following IP address is the address
of PC2 in my prac. This command shows
what ports are available for setting a
denial of service attack on this specific
operating system.
The 3389 port is the port we are going to attack. To crash PC2 the following
commands should be used.
Commands
Note
Msfconsole
Use
auxiliary/dos/windows/rdp/m
s12_20_maxchannelids
Exploit
This exploits this open port to cause a denial-ofservice attack/ man-in-the-middle attack.
The following screen in Backtrack5 indicates that the attack was successful. If you
have the PC in the background it should quickly reboot itself. In a real physical
scenario the computer would just turn off.
In some scenarios these commands may fail to exploit the system. Three possible
scenarios where a failure to exploit are if;
1. The exploit has been closed by a system update.
2. If the port has been closed off, this is an unlikely scenario because if the ports
have been closed off then it would be impossible to run remote desktop
anyway.
3. If the Operating system has had IDS/IPS installed. This is a Intrusion
detection/protection system. Its name is pretty self-explanatory.