Scribd
Upload
45 views3 pages

Practical TWO 2023

Uploaded by

Alfa Fredrick
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
45 views3 pages

Practical TWO 2023

Uploaded by

Alfa Fredrick
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

THE OPEN UNIVERSITY OF TANZANIA

FACULTY OF SCIENCE, TECHNOLOGY AND ENVIRONMENTAL STUDIES

OIT 216/OIT236: INTRODUCTION TO COMPUTER SECURITY

TUTORIAL AND PRACTICAL 2

BACKGROUND

1. A backdoor attack is a way to access resources (e.g. data) by bypassing


a system’s customary control mechanisms. During the attack, a well-
designed software is installed in the targeted client computer, and will
actively listen to instructions from a server running in the attacker’s
computer.
2. A backdoor is a piece of software that gives someone remote access to a
computer, usually without the right permission when installed on the
computer.
3. A backdoor could also daemonize itself and run in the background
process, so it doesn’t need you to open the program anymore to initiate a
connection.
4. In computing, a daemon (pronounced DEE-muhn) is a program that runs
continuously as a background process and wakes up to handle periodic
service requests, which often come from remote processes
5. If you opened a wrong program, you might already installed a daemon in
your computer (in linux use PS command)
6. A socket is one endpoint of a two way communication link between two
programs running on the network. The socket mechanism provides a
means of inter-process communication (IPC) by establishing named
contact points between which the communication take place.

OIT216 Practical 2 Sep 2023


INSTRUCTIONS AND STEPS

This tutorial demonstrates a backdoor scenario using Python.


Python is a high-level powerful programming language that is easy and fast to
implement. It is supported by all operating systems.

1. Install Python on your computer


2. Test Python using the HelloWorld.py program of your choice
3. Perform one of the following
a. Connect 2 computers in the same network. One will be an attacker
computer, called a server. The other one will be a victim computer
called a client.
b. Use two different terminals on the same computer. One will be an
attacker computer, called a server. The other one will be a victim
computer called a client.
4. Write a server.py script as follows (Refer to Annex to see code)
a. Import the socket module (for listening and accepting connections)
b. Declare HOST and PORT. i.e. your IP or 127.0.0.1.
c. Create the socket connection, listening to incoming connection and
accepting, if any.
d. Listen to client connections
e. Created a while loop to maintain the connection between the client
and server components.
f. Ask the attacker to enter a command
g. Encode the command
h. Send the command to the victim
i. Receive response recv(1024) from the victim
j. Decoded the response to a string
k. Display the output response
l. Check if you got some useful information

5. Test the server script

6. Write the client.py script as follows (Refer to Annex to see code)


a. Import the socket module (initiating our network connection) and
subprocess (for running commands in shell)
b. Declare the attackers (our) remote REMOTE_HOST and
REMOTE_PORT. i.e. your IP or 127.0.0.1.
c. Create the socket connection for the client and connect it to our
REMOTE server
d. Add a while loop for listening and waiting for messages
e. Extract responses from .recv(1024)
f. Decode the responses to a string

OIT216 Practical 2 Sep 2023


g. Passe the decoded string to the subprocess program responsible
for running the command.
h. Send a response to the attacker

7. Test the server script

8. Try to acquire some information from the victim (e.g. list of files, content of
file etc)

9. Answer the following questions

a. Provide the IP addresses that you used for both attacker and victim
[10 marks]
b. Provide a screenshot showing that Python was installed in your
computer [10 marks]
c. Provide locations where you installed attacker server code and
victim client code. That is, working directories of the attacker and
that of the victim [10 marks]
d. Provide a screenshot showing that the victim computer is waiting
for commands from the attacker. [10 marks]
Hint: Use print function to display a message “Awaiting
commands…” as shown below

while True:
print("[-] Awaiting commands...")
command = client.recv(1024)
command = command.decode()

e. As an attacker, extract the current working directory of the victim. If


you are using same computer, make sure that attacker and victim
codes are not is the same directory. Provide screenshot of the
attacker terminal showing command and response [20 marks]

f. As an attacker, check if the victim can connect to


www.tamisemi.go.tz. If you are using same computer, make sure
that attacker and victim codes are not is the same directory.
Provide screenshot of the attacker terminal showing command and
response [20 marks]

g. Using any tool of your choice, capture the communication between


the attacker and the victim. Attach the capture(log) file as a
separate file. [20 marks ]

OIT216 Practical 2 Sep 2023

You might also like