At this meeting Mark Lester gave a brief presentation on nmap and set up a challenge to help better understand when nmap is useful.
The challenge was to find the secret message on a network. Here how the challenge was solved
First login to the network with the account provided. From there you can use nmap to scan the rest of the network. Since one does not know how the network is laid out one must first figure out the layout
ifconfig
brings back
all the network info
from that you can tell that the the network is a class C network on the ip range of 192.168.1.0-255
From there you need to find out which of these ips are active so this is were nmap comes in
there are many ways to map out a network with nmap I used
nmap -v -A -T5 192.168.1.0/24
from this you will get back a list of computers and the services that are running on them.
From there you look for interesting ports
Looking through this list one can see that there is port on 192.168.1.110 that is 31415
which are the first 5 digits of pi. This seems interesting so I want to see if I make a connection with it what will happen. This is where netcat comes into play
nc 192.168.1.110 31415
Eureka the port response with
my notes
Phoenix
user:secret
password: Ifoundthepassword
so this obviously looks like someone notes to get into an account. we know the credentials and now we need to know which computer the credentials are good for. My bet would be a computer relates to Phoenix somehow. Looking back at the nmap output we get another Eureka. Phoenix is the hostname of computer 192.168.1.117 so lets try sshing into it.
ssh secret@192.168.1.117
and we're in using a simple ls we see there is a message labeled
Congratulation.message
cating that gets you the secret message
Friday, October 17, 2008
Thursday, October 9, 2008
10/10 Meeting
Today we went over a couple levels in Narnia Wargame
Level 1
Level 1
- Basic buffer overflows
- Endianess
- Keeping a Shell Open
- Shellcode
- Enviroment Variables
- Understanding code quickly in Perl, Python, PHP, Java
- Snort Skills - making rules to help identify and block bad traffic
- Wireshark/TCPDump skills - understanding data and giving incite to rest of the team on what other teams are doing and what they are trying to exploit
- Unix Administration skills -
- using aide and other intrusion detection tools
- etc
Friday, October 3, 2008
10/2 Meeting Review
This meeting we went through the basic levels on http://www.hackthissite.org/
Some of the topics the levels went over are:
Some of the topics the levels went over are:
- understanding html
- how post and get work
- a bit on how cookies work
- remotely executing server commands
- reversing simple encryption schemes
- server side includes
- directory traversal exploitation
Tuesday, September 23, 2008
War Games and Web Hacks
Next meeting we're going to go over some war games that will help improve skills in system administration and finding basic web exploits. We will be meeting in the same room CSE E116 at 6:15 on Thursday the 9/25
http://intruded.net/wglist.html
http://www.hackthissite.org/
http://intruded.net/wglist.html
http://www.hackthissite.org/
Thursday, September 18, 2008
Networking outline
I hope my rambling through network topics helps you all on your hacking journeys. My goal was to give you the basis and cover enough areas with practical examples that you'll have a better understanding as you encounter them in the future. Below is the quick outline I threw together and tried to follow during the talk. I've linked a lot of the items so you can get more info.
Feel free to e-mail or IM me if you have any questions.
- Networking
- - Why is it important?
- IP Addresses
- - Subnets
- - Netmasks
- - CIDR notation
- - Private IPs
- - ICANN, whois, dnsstuff, centralops.net
- Network Layers
- - OSI model
- - TCP/IP model
- Protocols
- - TCP
- - UDP
- - ICMP
- - Others...
- Hardware
- - Hubs
- - Switches
- - Routers
- - Firewall
- Sniffing
- - Promiscuous mode
- - tcpdump/wireshark/windump
- Spoofing & Packet Crafting
- - IP/TCP/ICMP/UDP (hping,scapy)
- - ARP (ettercap, dsniff)
- Scanning
- - nmap
Feel free to e-mail or IM me if you have any questions.
- Networking
- - Why is it important?
- IP Addresses
- - Subnets
- - Netmasks
- - CIDR notation
- - Private IPs
- - ICANN, whois, dnsstuff, centralops.net
- Network Layers
- - OSI model
- - TCP/IP model
- Protocols
- - TCP
- - UDP
- - ICMP
- - Others...
- Hardware
- - Hubs
- - Switches
- - Routers
- - Firewall
- Sniffing
- - Promiscuous mode
- - tcpdump/wireshark/windump
- Spoofing & Packet Crafting
- - IP/TCP/ICMP/UDP (hping,scapy)
- - ARP (ettercap, dsniff)
- Scanning
- - nmap
Monday, September 15, 2008
Next Meeting - Thurs Sept 18
The next meeting will be Thursday at 6pm in room CSE E116. Topic to be announced...
Sunday, September 14, 2008
Fall Topics Poll & Getting Started
Topic Poll
We talked a bit about topics we would like to cover this fall during the first meeting. Ideas about reversing, pentesting, forensics and more were discussed. As a result, I've created a poll to better quantify the interest level in the different areas.
Getting Started
One item I want to go into detail about is the "Don't know...I'm a n00b!" choice. Several students mentioned during and after the meeting that they are new to the security scene and don't know where to start. Great! That's why the SIT was created! The question now comes down to how much of the regular meeting time do we want to focus on getting started as opposed to more intermediate to advanced topics?
Maybe that's where the idea I've been having about doing a weekly meetup in addition to the regular meeting could come into play. If we could coordinate a weekly session with a floating time that works for my schedule and all those interested where we could cover the basics and I could provide some small assignments to help you get your feet wet. The assignments would be things like compile nmap from source and scan host X, then tell me the open ports and possible OS.
I'll probably do another poll to start hashing out the details of what we'll do regarding the "getting started" sessions, but I'll send out an announcement for it when I do.
-jhs
We talked a bit about topics we would like to cover this fall during the first meeting. Ideas about reversing, pentesting, forensics and more were discussed. As a result, I've created a poll to better quantify the interest level in the different areas.
Getting Started
One item I want to go into detail about is the "Don't know...I'm a n00b!" choice. Several students mentioned during and after the meeting that they are new to the security scene and don't know where to start. Great! That's why the SIT was created! The question now comes down to how much of the regular meeting time do we want to focus on getting started as opposed to more intermediate to advanced topics?
Maybe that's where the idea I've been having about doing a weekly meetup in addition to the regular meeting could come into play. If we could coordinate a weekly session with a floating time that works for my schedule and all those interested where we could cover the basics and I could provide some small assignments to help you get your feet wet. The assignments would be things like compile nmap from source and scan host X, then tell me the open ports and possible OS.
I'll probably do another poll to start hashing out the details of what we'll do regarding the "getting started" sessions, but I'll send out an announcement for it when I do.
-jhs
Subscribe to:
Posts (Atom)
