Introduction to Computer Security HW1 ...

Introduction to Computer Security HW1

  1. Select a web site.
  2. Lookup “How I met your girlfriend” in the BlackHat 2010 demo to explain, in 0.5 page, how this was done.
    • Explanations

      The speaker first study on the session mechanism of the Facebook.
      He reduced the complexity of breaking session steps by steps.
      The Entropy had be redurced from the initial 160 bits to only 20 bits!! He kept tracing the source code and hacking it.
      Then, he used a techical skill called "NAT pinning" to confuse the router at protocol level.
      After that, he also used the IRC bot, Geoloction via XSS and HTML5 anti-WAF XSS.
      Combined all these skills and analysized based on those results.
      Finally, he used the triangle localization to find someone's girlfriend in reality.

  3. Select a person. Use on-line sites for phone book, social network, information, job, photo management, business directory, jigsaw.com, etc. to summarize, with screen dumps and explanations, what information you can get. If your target is not in US nor native English speaker, you might need to use on-line sites different from the textbook.
  4. Google “XYZ resume firewall” and “XYZ resume intrusion detection” where “XYZ” is the name of your target company. Screen dump “useful” results and explain what you got.
    • Screen Dumps & Explanations
      • Screenshot 18
      • Screenshot 19
        • A company called "Systems Technology International" is looking for who will use Linux iptables firewall.
      • Screenshot 20
        • A company called "ICF International" is looking for who have experience with using Snort IDS.
  5. Lookup Archive.org and Google cached results, and select a target web site. Compare the differences between an archived and cached copy with its current on-line web site. Give screen dump and explain the differences.
    • Screen Dumps & Explanations
      • Archive.org
        • Screenshot 21
        • 2014/02/09
      • Google cached
        • Screenshot 22
        • 2014/04/07 01:16:27 GMT
      • current
        • Screenshot 23
        • 2014/04/07 09:00:03 GMT
      • Archive.org have older information. Google cached seems no different from the current website because the cached information just few hours ago.
  6. Find Google Hacking Database at hackersforcharity.org/ghdb/. Summarize what it has and select 3 strings to search. Screen dump and explain what you got.
    • What GHDB has
      • it store the google search sentences which can be used to search some specific websites vulnerabilities. There are many entries and each entry have many google search sentences for searching vulnerabilities. The information on the GHDB maybe too old. The newest record is almost eight years ago (2006), though it seems still working...
    • Screen Dumps & Explanation
      • Juicy information of the websites built by AppServ
        • Screenshot 24
        • Screenshot 25
      • .xls files within user id and password
        • Screenshot 26
        • Screenshot 27
      • backup directories of the server
        • Screenshot 28
        • Screenshot 29
  7. Select a web site. Start from whois.iana.org to find its registry, registrar, and registrant. Also select an IP address. Start from arin.net to find who owns the IP address. Show your screen dump and explain.
    • Screen Dumps & Explanations
      • whois.iana.org - www.nctu.edu.tw
        • Screenshot 30
        • Screenshot 31
        • Registry: Taiwan Network Information Center (TWNIC)
        • Registrar: rs.twnic.net.tw
        • Registrant: Vice CEO
      • arin.net - 8.8.8.8
        • Screenshot 32
        • 8.8.8.8 is Google DNS Server
  8. Select a domain name. Use nslookup to dump its DNS records. Show your screen dump and explain.
  9. Select a domain name. Use traceroute or similar tools to find the access path to that domain. Show your screen dump and explain.
    • Screen Dumps & Explanations
      • Screenshot 34
      • The destination server seems close the ICMP, so traceroute didn't get the 5th hop ICMP "time exceeded" signal.
  10. Follow the case study right before chapter 1. Select one target and run through all tools (Tor, Vidalia, Privoxy, tor-resolve, proxychains, Nmap, socat, nc). Screen dump the process and explain what you got in your screen.
    • Screen Dumps & Explanations
      • turn on vidalia
        • Screenshot 35
      • using tor
        • Screenshot 36
      • finding target
        • Screenshot 37
      • found target
        • Screenshot 38
      • used tor-resolve to get target ip
        • Screenshot 39
      • using proxychains and nmap
        • Screenshot 40
        • Screenshot 41
      • using socat
        • Screenshot 42
      • get target informations
        • Screenshot 43

Share


Donation

如果覺得這篇文章對你有幫助, 除了留言讓我知道外, 或許也可以考慮請我喝杯咖啡, 不論金額多寡我都會非常感激且能鼓勵我繼續寫出對你有幫助的文章。

If this blog post happens to be helpful to you, besides of leaving a reply, you may consider buy me a cup of coffee to support me. It would help me write more articles helpful to you in the future and I would really appreciate it.


Related Posts