Trent Walraven

A 2024 Cyber Security Engineering Student at Iowa State University

CYBE231 Lab 11 - Final Project Part 2

2 minute read

This is a second part of the final project where we were tasked with remediation of systems. We were tasked with using the information gathered from the last lab to remediate systems.

Knowing that all of these machines could have easily had access to them for an unknown amount of time. I made the assumption that all the passwords had been compromised on all of the systems and required a password change, along with increasing the password complexity to 10 characters with minimum 1 number and 1 special.

The first system that I decided to fix was the database since it seemed like the quickest fixes. I set a BIOS password, and a boot order to prevent booting from external media like USB or CD to prevent the user from booting their own OS, and disabled the option in grub to generate recovery options, and added a password requirement to change grub settings. This would prevent booting into single user mode. The shadow and passwd files had permission issues that meant they could be read by anyone, so I changed that to only writeable by root, and shadow only be readable by root. The final thing that I decided to do was put a password on the database, since mysql encrypts the database when it is at rest automatically.

I then moved onto the Windows machines, and realized that I would end up applying the same fixes to all of them. I first disabled LM hashes to prevent their use, and then disabled the ability to pass the hash to login in the system profiler. The next thing I did was change all the passwords, and I did this after removing LM hash support to also delete all the LM stored on the machine. The final things I did was setup the Windows Firewall. Since we were told onyl RDP needed to be open for administrative purposes, I set up the firewall to block all incoming traffic except RDP.

The final machine I fixed was the web server. The first thing I did was change the website to not user the root user and instead use the www-data user, and force the site to use the python environment. These were both done to severely limit someones access if they got code execution through the website. The next thing that I did was add a password for the root user, and remove a set of cron jobs that re-removed the password, and changed website files back to the originals. The next thing that I did was remove the javascript, and the pages for the pair of shells on the website, I also corrected the mistake that allowed account creating from un-authenticated users. While did not like that the website stored “encrypted” passwords, I was unable to change it in the time that was available.

Categories:

Updated:

You may also enjoy

Cyber Tractor Challenge

3 minute read

My experience with the John Deere event that brought in students from around the country to test the security of John Deere equipment

CYBE231 Lab 12 - Final Project Part 3

4 minute read

The last part of the final project where we had to attack other networks and get into the systems that had been secured by other students