Final exam Summer 2024 Q-and-A#

Number of exercises: 5. Each exercise has a maximum score.

In home directory of user hostadm, you need to create a new subdirectory, FINAL and a file within it, answers.txt, where you will be writing answers to the exam exercises.

In the file, first, put your name, then proceed with answering to the questions below. Please report all the commands and options used in each exercise.

All the exercises should be done on the VDI desktop solely.

1. Compilation and Makefiles (max score 8)#

  • On your desktop, download a tar archive from https://linuxcourse.rutgers.edu/Files/Poisson_serial.tgz It contains source code files. Untar the archive.

  • A) Compile the source code files into one executable file poisson.x. Make sure the executable, poisson.x, can run.

  • B) Create static library swtime.a from timestamp.c, sweep.c, and r8mat_rms.c files. Also create another static library exact.a from uexact.c and uxxyy_exact.c files.

  • C) Develop makefile Makefile, that includes two targets for building libraries swtime.a, and exact.a, the compilation for poisson.x, as well as the clean target to remove the compilation products.

Answer:

A)

gcc -o poisson.x poisson.c r8mat_rms.c rhs.c sweep.c timestamp.c uexact.c uxxyy_exact.c  -lm

B)

gcc -c timestamp.c
gcc -c sweep.c
gcc -c r8mat_rms.c
ar -cr libswtime.a timestamp.o sweep.o r8mat_rms.o
ranlib libswtime.a
gcc -c uexact.c
gcc -c uxxyy_exact.c
ar -cr libexact.a uexact.o uxxyy_exact.o
ranlib libexact.a

gcc -o poisson.x poisson.c  rhs.c -lexact -lswtime -L. -lm

C)

poisson.x: poisson.c rhs.c libexact.a libswtime.a
        gcc -o poisson.x poisson.c  rhs.c -lexact -lswtime -L. -lm

libswtime.a: timestamp.c sweep.c r8mat_rms.c
        gcc -c timestamp.c
        gcc -c sweep.c
        gcc -c r8mat_rms.c
        ar -cr libswtime.a timestamp.o sweep.o r8mat_rms.o
        ranlib libswtime.a

libexact.a: uexact.c uxxyy_exact.c
        gcc -c uexact.c
        gcc -c uxxyy_exact.c
        ar -cr libexact.a uexact.o uxxyy_exact.o
        ranlib libexact.a

clean:
        -rm *.x *.o *.a


2. Deploying VM appliance (max score 4)#

Answer:

cd KVM
wget http://capone.rutgers.edu/coursefiles/final_exam2024.tgz
tar -zxvf final_exam2024.tgz
sudo cp final2024.xml /etc/libvirt/qemu/
virsh define /etc/libvirt/qemu/final2024.xml
virsh start final2024

3. File consistency check with command dlocate (max score 4)#

  • Which of the four executables on exam2024 VM, gprof, setpci, xzless, setarch, in directory /usr/bin have been altered since their installation. Report the commands used in the exercise.

    Hint: identify the packages that own the files above, then use command dlocate.

Answer:

dpkg -S /usr/bin/gprof

binutils: /usr/bin/gprof

dpkg -S /usr/bin/setpci

pciutils: /usr/bin/setpci

dpkg -S /usr/bin/xzless

xz-utils: /usr/bin/xzless

dpkg -S /usr/bin/setarch

util-linux: /usr/bin/setarch

dlocate --md5check binutils | grep FAILED
dlocate --md5check pciutils | grep FAILED
dlocate --md5check xz-utils | grep FAILED
dlocate --md5check util-linux | grep FAILED

usr/bin/xzless: FAILED


4. Shell and Python scripting (max score 10)#

  • A) Develop a shell script that solves Exercise 3 above.

    Hint: use loop over the executables.

  • B) Develop a python script that solves Exercise 3 above.

    Hint: create a list with the executables, then use loops. Utilize module subprocess.

Make sure the scripts run and provide the correct answer.

Answer:

A) check_md5.sh


#!/bin/bash

DIR=/usr/bin
files='gprof setpci xzless setarch'

for i in $files
do

        # echo $i
        pkg=$(dpkg -S $DIR/$i | awk -F: '{ print $1 }')
        dlocate --md5check $pkg | grep FAILED

done
chmod u+x check_md5.sh
./check_md5.sh

B) check_md5.py

#!/usr/bin/python3

import subprocess, re

files=['gprof', 'setpci', 'xzless', 'setarch']

pkgs=[]

for i in files:
  cmd = f'dpkg -S /usr/bin/{i}'
  s=subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE,stderr=subprocess.PIPE)
  stdout_value,stderr_value = s.communicate()
  pkg,file = stdout_value.decode().strip().split(':')
  pkgs.append(pkg)

for i in pkgs:
   cmd = f'dlocate --md5check {i}'
   s=subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE,stderr=subprocess.PIPE)
   stdout_value,stderr_value = s.communicate()
   output = stdout_value.decode().split('\n')
   for line in output:
       match = re.search(r'FAILED', line)
       if match:
          print(line)

chmod u+x check_md5.py
./check_md5.py

5. Password cracking (max score 4)#

There is user account testusr on final2024 VM.

  • Crack the password hash to find the password of the user. Report the steps and the revealed password.

  • Login to the VM as user testusr to verify the password.

Answers:

sudo tail -1 /etc/shadow > pass.txt
john pass.txt
john -show pass.txt

testusr:blink1

1 password hash cracked, 0 left