Laborator09Serviciidereea

Cheatsheet
Comand Descrierescurt conectaresecurizatladistan copiereasecurizatadatelor

s s h s c p

s s h k e y g e n generarecheiideautentificare s s h c o p y i d instalareacheiipublicepemainaremote w g e t n e t s t a t n e t c a t w i r e s h a r k n e t m a p
descrcareaneinteractivaresurselor afiareaconexiunilor client/serverarbitrarTCPsauUDP analizatraficuluidereea scanareporturiiexplorareareelei

Suportlaborator
9.Serviciidereea[http://books.google.com/books?id=_JFGzyRxQGcC&pg=PA249] PuteiurmritutorialulvideocorespunztorlaboratoruluifcutdeITAssistant
[http://itassistant.org/diverse/utilizareasistemelordeoperare/utilizareasistemelordeoperare6.html].

Mainavirtual
Laboratorulfolosetemainavirtuall u c a s[ h t t p : / / e l f . c s . p u b . r o / u s o / s t o r e / u s o v m l u c a s . t a r . g z ] . Mainasegsetedescrcatndirectorul/ h o m e / s t u d e n t / v m / l u c a s . Puteifolosiutilizatorull u c a s ,cuparolau s o ,saur o o t cuparolau s o .Sistemulnuarepachetuls u d o instalat. Mainavirtualesteaccesibilfolosindnumelel u c a s . l o c a l .TehnologiafolositsenumeteMulticastDNS [http://en.wikipedia.org/wiki/Multicast_DNS#Apple.27s_protocol:_Multicast_DNS.2FDNSSD].

Introducere
Serviciidereea
Serviciiledereeapresupundecelemaimulteoriexistenaadouentiti: server,oferunservciudereea,acceptndirspunzndlacereri client,interogheazserverulcuscopuldeaobineacceslaserviciulrespectiv.

Acestmodelpoartdenumireadem o d e l u l

c l i e n t s e r v e r .Deexemplu:serviciulweb,DHCP,DNS.

M o d e l u lp u n c t l a p u n c t (peertopeer,prescurtatP2P)esteunaltmodelcepresupunecafiecare
entitatesjoaceroluldeserver,ctideclient.Deexemplu:serviciiledepartajaredefiiere(BitTorrent). Fiecaredintreacesteserviciiesteidentificatprintrunprotocoldenivelaplicaie.Deexempluserviciulwebeste identificatprinprotocolulHTTP(HypertextTransferProtocol).

TCP.UDP.Porturi
Entitileparticipante,pentruacomunicantreele,folosescnmareamajoritateacazurilorurmtoareledou protocoaledeniveltransport: TCP.orientatconexiune UDP,neorientatconexiune Pentruaidentificaserviciile(protocoaleledenivelaplicaie),protocoaleledeniveltransportfolosescunmecanism, denumitport(unnumrpe16bii).Unserviciudereeapoateaveaasociatemaimulteporturi,nudoarunulsingur. Putemafiatoateserviciileoferitedeostaie,rulndcomandan e t s t a t peaceastaie.
n e t s t a tt c pl i s t e n i n gp r o g r a m A c t i v eI n t e r n e tc o n n e c t i o n s( o n l ys e r v e r s ) P r o t oR e c v QS e n d QL o c a lA d d r e s s F o r e i g nA d d r e s s t c p 0 0* : s u n r p c * : * t c p 0 0* : w w w * : * t c p 0 0* : h t t p a l t * : * t c p 0 0* : f t p * : * t c p 0 0* : s s h * : * t c p 0 0* : 3 5 8 3 6 * : * t c p 6 0 0[ : : ] : s s h [ : : ] : *

S t a t e L I S T E N L I S T E N L I S T E N L I S T E N L I S T E N L I S T E N L I S T E N

P I D / P r o g r a mn a m e 2 0 5 7 / p o r t m a p 2 3 2 8 / n g i n x 2 3 2 8 / n g i n x 2 3 3 6 / v s f t p d 2 3 1 3 / s s h d 2 0 6 8 / r p c . s t a t d 2 3 1 3 / s s h d

Amadugaturmtoriiparametrii,pentruaafia:

t c p serviciilecefolosescprotocoluldeniveltransportTCPvorfiafiate l i s t e n i n g porturiledeschise,pecareservereleateaptsprimeasccereri. p r o g r a m denumireaserverului

Alocareaporturilorstandardpentrudiverseserviciidereeapoatefivzutnfiierul/ e t c / s e r v i c e s :
c a t/ e t c / s e r v i c e s . . . s s h 2 2 / t c p t e l n e t 2 3 / t c p s m t p 2 5 / t c p d o m a i n 5 3 / t c p d o m a i n 5 3 / u d p h t t p 8 0 / t c p . . .

#S S HR e m o t eL o g i nP r o t o c o l m a i l w w w #D o m a i nN a m eS e r v e r #W o r l d W i d e W e bH T T P

WorldWideWeb
WorldWideWeb(sauWWW)reprezintoreeaderesurse(paginiweb)interconectateprinintermediulunorlegturi (hyperlinkuri),fiindcelmaicunoscutserviciudinInternet. Pentruaaccesaopaginweb,folosimunn a v i g a t o r ceseconecteazlaunserverweb.

w e b (browserweb).Acestareprezintdefaptunclient,

Exempledenavigatoare: grafice:MozillaFirefox,GoogleChrome text:elinks,lynx,w3m Caunnavigatorspoatafiapaginadorit,acestaarenevoientideunmecanismprincaresoidentifice.

U R L (UniformResourceLocator)reprezintunnumecuoformbineprecizat,ceidentificoresurs.Aveimai
josformageneralaunuiURL.Unelecomponentepotlipsi:
p r o t o c o l : / / h o s t : p o r t / c a l e / c a t r e / r e s u r s e

HostreprezintoadresIPsauunnumededomeniucevafitranslatatntroadresIPprintrocereDNS.

U R L poateincludeiinformaiideautentificare:
p r o t o c o l : / / u s e r : p a r o l a @ h o s t : p o r t / c a l e / c a t r e / r e s u r s e

Pentruadeschidepaginaprincipalwww.google.com[http://www.google.com],putemexecuturmtoareacomand:
f i r e f o xh t t p : / / w w w . g o o g l e . c o m #s a um a is i m p l u f i r e f o xw w w . g o o g l e . c o m

nmareamajoritateanavigatoarelor,dacnuesteprecizatprotocolulsepresupunecesteHTTP. PentruprotocolulHTTP,portulstandardfolositeste80,darpoatefimodificat.

SSH
S S H (SecureShell)esteunaltprotocoldenivelaplicaieceasigurauncanalsecurizatpentrutransmiterea
informaiei.Protocolulrespectamodelulclientserver,astfelpentruainiiaoconexiune,clientulSSH(ex.comanda s s h pecalculatoareledinlaborator)trimiteocererectreserverulSSH(ex.deamonuls s h d ). PortulstandardfolositdeserverulSSHeste22.

Autentificareladistan.
PutemutilizaprotocolulSSHpentruaneconectaladistanta:
s s hu s e r @ h o s t

Comandanepermiteautentificareacautilizatorulu s e r pemainaspecificatprintroadresIPsauunnumede domeniu,h o s t .Portulimplicitfolositpentruconectareeste22. Dacesteprimadatcndneautentificmpestaiarespectiv,osprimimunmesaj.Acestanentreabdac vremsadugmcheiaRSAnbazadedatelocal.Vatrebuisrspundemcutextulcompletyes. Odatautentificai,decelemaimulteorivomobservaschimbareapromptului(Nuntotdeauna).Acumneaflmpe mainadeladistaniputemintroducecomenzi,lafelcumamfacepemainalocal. TottimpulcndlucraiprinSSHtrebuiesfiiatenipecemainvaflai. SSHporneteunshellremote,decipentruanchidesesiuneafolosiie x i t sauC t r l D ,capentruoricealt

shell. Demulteori,pentrusporireasecuritii,sepoateschimbaportulpecareascultserverulSSH.ncazulacesta trebuiesspecificmcomenziis s h ceportsfoloseasc:

s s hPp o r tu s e r @ h o s t

SSHneinteractiv
Putemsrulmcomenzipemainadeladistannmodneinteractiv,fraserulauninterpretorncares introducemcomenzilerespective.Sintaxaesteurmtoare:
s s hu s e r @ h o s t" s e c v e n d ec o m e n z i "

SCP
Comandas s h nepermitedoarsadministrmdeladistan,nuistransfermfiiere. Pentruaefectuatransferuldedateutilizmutilitaruls c p .Acestasefolosetedecanalulsecurizatoferitdes s h . Sintaxascp:
s c ps u r s d e s t i n a i e

Observaisintaxas c p esteasemntoarecuceaautilitaruluic p ,daroricaredintreceidoitermenipoatefide formau s e r @ h o s t : p a t h . Cndu s e r @ h o s t lipsete,estevorbadespremainalocal. Cndp a t h lipsete,estevorbadespredirectorulhomealutilizatoruluispecificat. Deexemplu: vremscopiemfiieruldepestaialocal,f i s i e r _ l o c a l ,dindirectorulcurent,ndirectorul /calea/pe/hostdepestaiadeladistan,redenumindnf i s i e r _ r e m o t e
s c p. / f i s i e r _ l o c a lu s e r @ h o s t : / c a l e a / p e / h o s t / f i s i e r _ r e m o t e

vremscopiemfiierulfisier_remotedindirectorul/calea/pe/hostdepestaiadeladistanndirectorul curentdepestaialocal,redenumindnf i s i e r _ l o c a l
s c pu s e r @ h o s t : / c a l e a / p e / h o s t / f i s i e r _ r e m o t e. / f i s i e r _ l o c a l

Exerciii
0.Mainavirtual
Deschideimainavirtuall u c a s cuVmwarePlayer.

Caleaundeseaflpemainiiledinlaboratoreste/home/student/vm/lucas.

1.WWW.HomepagesandBookmarks
Folosiimainafizic. InstalaibrowserulI c e w e a s e l :
s u d oa p t g e ti n s t a l li c e w e a s e l

Iceweasel[http://wiki.debian.org/Iceweasel]esteunforkdinMozillaFirefox.DeoareceesteidenticcuFirefox,osne referimlaelprinacelainume. Realizaiurmtoarelemodificrininterfaagraficabrowserului: Configuraidoupaginiwebcahomepages: Accesaifereastradepreferine:EditPreferences.SelectaitabulGeneral. nrubricaStartup,selectaiWhenFirefoxStarts(nIceweaselesteWhenIceweaselStarts)Show myhomepage. SetaidoupaginidestartnrubricaHomePage.Folosiicaracterul| (pipe)pentrualesepara. Paginilesunthttp://www.google.com/[http://www.google.com/]ihttp://starwars.wikia.com/
[http://starwars.wikia.com/].

PentrucsunteiattdeinteresaideuniversulStarWars,configuraiunbookmarkpentrupaginadespre StarWarsdepeWikipedia. Navigailahttp://en.wikipedia.org/[http://en.wikipedia.org/]icutaiStarWars. Accesaipaginaidaiclickpesteluadelngadres,nparteadesusaecranului. Maidaiodatclickpesteluaaprinspentruopiuniavansatenceeaceprivetebookmarkul.

2.Firefoxcadownloadmanager
Folosiimainafizic. Asiguraivcamainal u c a s sfiedejapornit. AccesaifereastradepreferineischimbaidirectorulundeFirefoxdescarcfiiere.Directorulvafi ~ / m y _ d o w n l o a d s .Vatrebuislcreainainte. Descrcaiurmtoarelefiiere: http://lucas.local/anakin.bin[http://lucas.local/anakin.bin] http://lucas.local:80/macewindu.bin[http://lucas.local:80/macewindu.bin] http://lucas.local:8080/yoda.bin[http://lucas.local:8080/yoda.bin] ftp://student:uso@lucas.local/obiwan.bin[ftp://student:uso@lucas.local/obiwan.bin] ConcatenaifiierelenordinealfabeticpentruaobineomaximdinStarWars.

3.FirefoxlAddons
Firefoxareunplugincareascundetoatereclameledepepagini.

Intraipehttp://starwars.wikia.com/[http://starwars.wikia.com/].Identificaireclamelenparteadesusa paginii. InstalaiaddonulAdBlockPlus[https://addons.mozilla.org/enUS/firefox/addon/adblockplus/].Repornii browseruldupinstalare. Accesaidinnoupaginainiial.Muchbetter,right? Unelereclamenusuntdoarenervante,ciduntoareochilorsaumaliioase(scripturicareurmrescactivitatea). ExistnumeroaseextensiideFirefox,disponibilepesiteuloficial[http://addons.mozilla.org].Ctevasugestii: Firebug[https://addons.mozilla.org/enUS/firefox/addon/1843/]inspectareacoduluisursaluneipaginiutil pentrudezvoltatoriiweb. Flashblock[https://addons.mozilla.org/enUS/firefox/addon/433/]blocheaztotconinutulflashutilpentru calculatoarelemaivechi. FireFTP[https://addons.mozilla.org/enUS/firefox/addon/684/]clientcompletpentruFTPpermiteiupload areadefiiere. FlashVideoDownloader[https://addons.mozilla.org/enUS/firefox/addon/6584/]pentrudescrcarealocala filmelordepeYouTubeialtesiteurisimilare. DownThemAll![https://addons.mozilla.org/enUS/firefox/addon/201/]Downloadmanageravansat,include opiuneadeasalvatoatelinkuriledepeopagin. Vimperator[https://addons.mozilla.org/enUS/firefox/addon/4891/]faceFirefoxssecomportemaimultca Vim.

4.SSHneinteractiv
NunchidetisaureporniicalculatoarelecolegilorfolosindSSH. FolosiiSSHneinteractivpentruadarestartmainiivirtualel u c a s .Numelededomeniucompletalmainiieste l u c a s . l o c a l . Rezolvare
s s hr o o t @ l u c a s . l o c a lr e b o o t

Observaic,dupintroducereaparoleiiexecutareacomenzii,nusemaiporneteunshellinteractiv.

5.SecureCopy(SCP)
Reveniiladownloadurileanterioare.Concatenai,nordinealfabetic,fiiereleobinute,nfiierulq u o t e . t x t . Rezolvare
c a ta n a k i n . b i nm a c e w i n d u . b i no b i w a n . b i ny o d a . b i n>q u o t e . t x t

Copiaifiierulq u o t e . t x t depemainafizicnhomeulutilizatoruluil u c a s depemainavirtual.Folosii s c p . Rezolvare

s c pq u o t e . t x tl u c a s @ l u c a s . l o c a l :

6.AutentificareaSSHfolosindchei
Configuraisistemull u c a s pentruavputeaautentificadreptutilizatorull u c a s frparol: Folosiis s h k e y g e n pemainafizicpentruageneraocheie. ApsaiEnterlantrebareapromptulcarentreabundevafisalvatcheia.Sevafolosilocaiadin parantez. Nupuneipassphrasepecheie.Dacpunei,laautentificare,nlocdeparolautilizatoruluiremote,vi sevacerepassphraseulcheii. Folosiis s h c o p y i d pentruacopiacheiapemainavirtual.Destinaiaestenacelaiformatcucea acceptatdes s h . Folosiis s h .Nuartrebuisvisemaicearoparol. Cheilegenerate(publiciprivat)suntpemainafizicndirectorul~ / . s s h .Vizualizaile.Comparaicheia publicdepemainafiziccuconinutulfiierului~ / . s s h / a u t h o r i z e d _ k e y s depemainavirtual. ncazulncareprimiieroarea:A g e n ta d m i t t e df a i l u r et os i g n comandas s h a d d frparametripentruatrecepesteaceastproblem. Rezolvare
$s s h k e y g e n G e n e r a t i n gp u b l i c / p r i v a t er s ak e yp a i r . E n t e rf i l ei nw h i c ht os a v et h ek e y( / h o m e / d d v l a d / . s s h / i d _ r s a ) : E n t e rp a s s p h r a s e( e m p t yf o rn op a s s p h r a s e ) : E n t e rs a m ep a s s p h r a s ea g a i n : [ . . . ] $s s h c o p y i dl u c a s @ l u c a s . l o c a l #S ev ac e r ep a r o l au t i l i z a t o r u l u il u c a s $s s hl u c a s @ l u c a s . l o c a l #N us ev ac e r ep a r o l

u s i n gk e y folosii

7.SCPfolosindchei
SCPfoloseteSSHpentrutransfer.Astfel,pentrucacumvputeiautentificafrparolpel u c a s . l o c a l , puteifolosiis c p frparol. Copiaidirectorul/ v a r / s t a r w a r s depemainavirtualpesistemulfizic. Folosiiscpcautilizatorl u c a s . Puteispecifica,dupparteadehost,ocaleabsolutpedisc. Vatrebui,deasemenea,sfolosiiunparametruals c p pentruacopiarecursiv.Folosiimanualul. Rezolvare
$s c prl u c a s @ l u c a s . l o c a l : / v a r / s t a r w a r s.

8.BitTorrent
Descrcaifiierultorrentdeaici[http://cdimage.debian.org/debiancd/6.0.6/amd64/btcd/debian6.0.6amd64CD

1.iso.torrent].FolosiiTransmission,clientulimplicitdeBitTorrentpemainiledinlaborator,pentruadescrca

imagineadeinstalarepentruDebianstable(Squeeze).

Puteivedeautilizatoriidelacaredescrcaiprtidinfiier,dndclickdreaptapeeldininterfaaTransmission> Properties>Peers.

9.Netstat
Inspectaiporturiledeschisedepemainavirtual.Folosiin e t s t a t . ListaidoarporturileTCPnstarealistening. Afiaivalorilenumericealeporturilor. Corelainumrulportuluicuexerciiullacareafostfolositserviciulcorespunztor. Rezolvare
$n e t s t a tt l p n

10.Inspectareatraficuluidereea.Wireshark
Folosiimainafizic. Wiresharkesteunprogramcarecaptureazianalizeaztraficuldereea.Instalailiporniilcar o o t . Pornireacarootestenecesarpentruaputeacapturapachete. Folosiibutonuldinstngatoolbarului(Listavailableinterfaces).Selectaiinterfaav m n e t 8 . Accesaiftp://student:uso@lucas.local/obiwan.bin[ftp://student:uso@lucas.local/obiwan.bin]folosind ChromiumWebBrowser.ObservaicaparnWiresharkntimprealpacheteleschimbate. Opriicapturadepachete. Analizaitraficul.Descoperiipachetulcaretrimiteparola.Observaicestetrimisnclar.Oricineascult pelinieopoatevedea. NulsainiciodatpornitcapturadepachetenWiresharkmaimultdectestenecesar.Vorficapturatemulte pacheteiveirmnerapidfrmemorie.

11.ClientHTTPnliniadecomand
w g e t esteunclientneinteractivpentruprotocolulHTTP.
Folosiilpentruadescrcafiieruldelahttp://lucas.local:80/macewindu.bin
[http://lucas.local:80/macewindu.bin].

Avantajulw g e t estecpoatefifolositnscripturishell. Exist,deasemenea,clieniinteractivinmodtext:l i n k s ,e l i n k s ,l y n x ,w 3 m . UnalttoolinteresantesteHTTrack[http://en.wikipedia.org/wiki/HTTrack]. Rezolvare

$w g e th t t p : / / l u c a s . l o c a l : 8 0 / m a c e w i n d u . b i n

12.ConfigurriavansateFirefox
a)Folosiia b o u t : c o n f i g

[ h t t p : / / k b . m o z i l l a z i n e . o r g / F i r e f o x _ : _ F A Q s _ : _ A b o u t : c o n f i g _ E n t r i e s ] pentrua
configuramoduldeafiarealbutonuluidenchiderepentrutaburi.ConfiguraiFirefoxastfelnctsfieafiatun singurbutondenchidereatabului,lasfritultabbarului. b)UtilizndpaginadeconfigurriinterneFirefoxabout:config,setaicaatuncicndcutaicevafolosindmotorulde cutareextern(csuadecutaredindreaptacsueideadres),ssedeschidofereastrnou. Cutai,folosindfiltrul,variabilab r o w s e r . s e a r c h . o p e n i n t a b .

13.Netcatpentrutransferdefiiere
Folosiin e t c a t (executabilulsemainumetein c )pentruatransferaunfiierntremainafizicicea virtual. Folosiiparametrul`p`pentruaspecificaportulpecaresascultenmainavirtual.Folosiimanualulnetcatpentru aaflaparametriinecesari. Rezolvare
#p el u c a s : n clp1 2 3 4>f i l e . o u t #p ei n t e l w o r k s t a t i o n : n cl u c a s . l o c a l1 2 3 4<f i l e . i n

14.InstantHTTPserver
PuteiporniunserverHTTPreadonly,restricionatladirectorulcurent,folosind
s t u d e n t @ u s o : ~ $p y t h o nmS i m p l e H T T P S e r v e r[ p o r t ]

Dacultimulparametrulipsete,serverulestepornitpeportul8000.PuteiopriserverulfolosindCtrlC. AceastaesteometodfoarterapiddeatransferafiieremarintredoumainiLinuxiWindows,frav complicacufilesharingsautransferprinIM. TestaiserverulHTTPntrunbrowser.

15.Scanareareelei.nmap
Folosiin m a p pentruascanaporturiledeschiseiversiunileserviciilorcareruleazpemainal u c a s . l o c a l . Rezolvare
n m a ps Vl u c a s . l o c a l
uso/laboratoare/laborator09.txtLastmodified:2012/12/1909:43byioan.eftimie