Week 8 Tut

This week we did our presentations on our Something Awesome, which felt like it was hardly enough time to explain everything that we had done. There were a lot of really good presentations and I was surprised by how creative some of the projects were.

Nevertheless the second half of the tut consisted of a case study that was effectively a man in the middle situation. The answer for us seemed simple, take the Alien out of the room and transfer an encryption method that can be calculated by hand with the cadet. When the alien returns, they will be unable to understand the messages being transferred and thus have only 2 options. 

1). correctly transfer the message to the captain 

2). refuse to transfer the message, In which case we then assume the Alien is hostile as it has all the motivation to transfer the message if it is a peaceful Alien.

Security Everywhere

Now this is going to be a rather unusual post. 

I’m going to demonstrate the numerous methods that a pig can do to escape it’s enclosure and how you can stop them.

These are our 2 pigs that we currently have and as you can see we have built a number of security measures to keep them locked up when they need to be.

The first measure was a basic wire fence- the stock standard of any farm security, keeps out most things. However it wasn’t enough for a couple of reasons, 

1). When the pigs were young they were able to fit through the small holes in the wiring 

Solution - As you can see we have attached chicken wire (the smaller wire) around the bottom of the fence in order to stop this 

2). They can push under 

Solution- Our first solution to this was to attach star pickets to the bottom of each section of wire to increase the weight so that it was much harder to get through.

Now that the fence was secure the pigs cannot get out without us opening the gate…..

WRONG and how wrong we were.

It took us a very long time to figure out how they were getting out time after time. In the end we discovered that they weren’t going under the fence but rather over it. 

We eventually discovered that a flexible shade cloth that partially went inside their section would sometimes dip very low to the ground and allow the more ambitious of the 2 to use it as a rudimentary ladder and climb out.

We solved this by building a more rigid form of shade, the one that you can see in the background of the image

By the time that we solved this another problem had arising the pigs were getting so large that they were digging underneath the fence now and the only thing that we could do to stop them was to build an electric wire around the whole yard.

For the moment this seems to be enough, until that wire stops working though…

Lockpicking

Inspired by the recent lockpicking seminar I decided to take a combination lock that I was recently given (to replace the one that was lost) to figure out if I could crack it. Turns out I absolutely cannot.

I’ve spent sooo long on this lock and I haven’t been able to guess it right once. I does help that I’ve been able to change the combination (well I give it to a friend to change) so that I can still use it if I need to.

One of the things that makes it hard is that, to apply pressure to the lock I need to pull the upper bit of the lock sideways. Now I’m not 100% sure if this makes it harder but it certainly isn’t like the more traditional locks shown in the lecture that, that you could easily apply pressure by pulling the lock up.

What information Facebook has on you

Facebook information

I was shocked at how long it took to download the information that facebook had on me

With almost 2 GB of info about everything from your contacts and when you last contacted them, to what ads you’ve interacted with and predictions to what you will interact with in the future. The simple size of info they have on me and what they can do with it is very worrying. I mean, I don’t even use facebook that much.

SA

Narnia Level 2-3

More buffer overflows in narnia these proved a challenge that required a bit of thinking of youtube videos on buffer overflows in order to get past however I finally beat them. This will probably be the last ones I attempt before my Wednesday tutorial where I have to present what I have accomplished in my something awesome project so far.

SA

Narnia Level 1

Now this was a step up for me. Having never done a buffer overflow before meant that I was in for a treat with this one, I chose this one to do a youtube walkthrough which I found a challenge in itself to do, as my screen recorder only allowed me to record for 3 min which really sucked, probably should get another one although, I’m a little swamped down with work and uni right now so it’ll have to do

SA helping a housemate

Helping out a housemate

One of my Extension goals of my something awesome was to teach some principles of CTF’s to my housemate, who has never done any sort of coding before.

What I underestimated-

-How much of a simple computing system I would have to explain. As they often had no idea where to start.

-That they truly wouldn’t know any commands (I ended up becoming and interpreter from her to the computer so that she wouldn’t have to spend ages learning commands)

-That they are a very intelligent person that given the right direction latched onto the concepts quite quickly

Overall we tried the 4th Level in Leviathan and Although it took a little while we managed to get it out in under 30 min. YAY!!

SA

Levels 9-12

These Levels have started to pick up a bit in difficulty, I had to write some Java code for Level 12 and I have never written in Java before, so that was a milestone. Level 12 in particular was a difficult one.

Levels 13-16

These Levels involved a few SQL injection attacks, which I had to look up and figure out a lot about how they worked, I actually looked at a blog post from one of my classmates about them. Which I found very insightful. However I think I’m going to try out Some of the Narnia Level CTF’s now as I don’t have a lot of time left and I am only halfway through Natas, if I have time I would love to go back through these and figure out all of them

SA

Natas – These Levels are all about insecure web apps

Level 0-2 are very easy simply reading a comment with a few roadblocks

Level 3 is just from reading the source code

Level 4 is a little tricker, this one simply gave the clue “Not even google will find it this time”  a little research lead me to the robots.txt file that lead me to the answer

Levels 5-8

These are of a similar difficulty to the previous levels however all are completed without too much time commitment

SA

Krypton Level 5

This one I kind of cheated and used a few websites that are useful for breaking Vignere Ciphers mainly  http://smurfoncrack.com/pygenere/index.php and tried different key lengths eventually I found that the keyword was most likely to be “keylength” (how original) then I simply used the tool from the last website and found that plaintext password

SA

Krypton Level 4

Ok well that took forever, I spent literally hours on this one. I can understand why I had no hope ever getting the Vignere Cipher in the mid sem exam. Eventually used a bunch of techniques found at this website http://www.simonsingh.net/The_Black_Chamber/crackingprinciple.html

Now it doesn’t seem like the hardest thing to do after all

SA

Krypton

So it appears Krypton is all about Ciphers, HORAY!!. This is sure to be a blast.

First few levels are straight forward, one of them is almost exactly the same as a bandit Level.

Krypton Level 3-

Now this is a bit harder, this one as it turns out is essentially the same as the NSA app, just without a good guess and check system. I ended up using frequency analysis as this was relatively easier to use. However this did take me quite a bit of time to complete.

SA

Leviathan 4-6

While the first one is a bit easier than the others all the other levels are a bit harder. Overall I actually found Leviathan to be easier than Bandit. But maybe that was just because I have already had so much practice.

Regardless I am now 2 whole levels done and still have a couple of weeks left, lets see how much more I can do!

SA

Leviathan

Contrary to the rather intimidating name, the first 2 Levels are quite easy, not so much the 3rd as it really starts to pick up in pace while the 4th is much the same in difficulty. However I will note that these levels are able to be figured out without much looking up of random commands and etc. which makes them much nicer to people that are only just starting out on computers. Perhaps I will use these instead of a bandit level to teach to Georgia (my roommate).

SA

Level 30-32 was all about git, another useful tool that I really haven’t mastered, Hell I still use the graphical interface most of the time when uploading stuff to git, simply because I always get the commands wrong, or miss one. These levels were great for helping my confidence with Git and hopefully I can use it much more often.

Level 34

Last Level this is so good, I managed to finish Bandit level last one was easy just an interactive shell script that transferred every command into CAPITALS, which was apparent the first time I typed in ls and it asked what I meant by LS.

Moving onto the other Levels will be fun, however I wonder how much harder they will be…

SA

Bandit Level 25

This Level involved a lot of investigating and was a bit of a rabbit hole to go down. I actually went down the wrong way for about 30min and had no idea what I was doing. I got it in the end and that’s what matters.

Bandit Level 26-33

These Levels included a lot of tricks that, once you understood made the whole thing kinda simple. Level 26 logged you out as soon as you entered, however fool me once, they had already tried this trick and it didn’t take me long to figure this one out again. 27-29 weren’t as hard as I had expected however they were a little confusing at the start ,thankfully got them all out.

SA

Bandit Level 20

This level involved using a setuid binary, something I had never seen before. It was really insightful to learnt about it and what it can be used for, as well as to finally capture the flag, this one took me longer than it should’ve

Bandit level 21-24

These Levels mostly included looking at different scripts and figuring out how to manipulate the program included in them. This was good fun and I finally learnt how to use vim, (something that has intimidated me for a while). It was so easy I have no idea why I haven’t been using it for some time now.

This is one aspect of doing CTF’s that I find really rewarding, I am learning so many different ways of writing and applying code as well as commands and how to properly use them.