2. All the following questions are against the penetration scenario shown in Figure 1. In this penetration scenario,

Mallory is a remote attacker who has no user account of the corporation. The goal of Mallory is to gain root privilege on the Workstation.

2.1: Since Mallory knows nothing about the corporation, he will need to start with the reconnaissance step. In particular, since breaking into the internal Corporation LAN (see Figure 1) is much harder than breaking into the Web Server, Mallory will target the Web Server in this step. To do reconnaissance against the Web Server, Mallory will need to use a set of scanning tools. In particular, one of these scanning tools, when executed on Mallory PC, told Mallory that the Web Server was running Apache HTTP Server Version 2.0. What did the scanning tool/weapon do in order to collect such useful information? Please give a step-by-step explanation. (10 points)

2.2: When the reconnaissance step ends, Mallory knew that the Web Server httpd program had a buffer overflow bug (vulnerability). To exploit this vulnerability to break into the

Web Server, Mallory should take the Probe step and use a specific remote exploit tool. Which attack weapon would be used by Mallory? Which kind of attack packets will be

created and sent to the Web Server by this attack weapon? (10 points)

2.3: During the Toehold step, the buffer overflow bug was successfully exploited and Mallorys malicious code was executed on the Web Server. The malicious code can enable Mallory to remotely login into the Web Server. When Mallory remotely logins into the Web Server, what are the three most urgent things for Mallory to do? Why are they urgent? (10 points)

2.4: Next, Mallory wanted to break into the Fire Server inside Firewall 2. So Mallory would take the reconnaissance step and the Probe step again. The reconnaissance tool told Mallory that the File Server has a TCP port open to accept and process RPC requests. Since Mallory knew that many RPC server programs have buffer overflow bugs, he would probe this port. Please list all the possible attack weapons that could help Mallory probe the port; then please tell which attack weapon is the best one for this attacking purpose. (10 points)

2.5: After the Probe step succeeded, Mallory would gain root privilege on the File Server and be able to remotely login into the File Server. Lets assume Mallory was not ready at this moment to attack and break into the Workstation from the File Server. So he was worried that his attack traces could be detected and the RPC buffer overflow bug could be patched when he got ready to attack the Workstation. What could Mallory do to remove this concern? Please give a step- by-step answer. (10 points)

2.6: Now Mallory was ready to attack the Workstation from the File Server. In this stage, should Mallory use any monitoring tools? If so, what can these monitoring tools do and why are they helpful? (10 points)

2.7: When attacking the Workstation, the reconnaissance tools did not find any buffer overflow vulnerabilities. So Mallory could no longer send buffer overflow packets (or requests) to the Workstation. Now Mallory needed to do some other things. Please select all the useful ones from the attack weapons listed below and explain WHY. (10 points)

(a) packet sniffers; (b) spoofing; (c) password crackers; (d) denial-of-service; (e) virus; (f) worm (g) Malicious applets; (h) buffer overflow; (i) exploit bugs; (j) social engineering; (k) dumpster diving

2.8: After a while, Mallory was able to install a Trojan horse on the Workstation. Then he used the Trojan horse to help him steal the password of a non-root user account on the Workstation. Now Mallory was in which step of the seven penetration steps? What will Mallory do next on the Workstation? (10 points)

2.9: During the whole attack process from Mallory PC to the Workstation, password crackers can be useful in which steps and on which machines? (10 points)

Internet Mallory PC Firewall 1 Demilitarized Zone (DMZ) Web Server Firewall2 File Server Corporation LAN Workstation Figure 1: The Penetration Scenario