UF Student Infosec Team

10/16 Meeting nmap

2008-10-17T05:08:00.000-07:00

At this meeting Mark Lester gave a brief presentation on nmap and set up a challenge to help better understand when nmap is useful.
The challenge was to find the secret message on a network. Here how the challenge was solved
First login to the network with the account provided. From there you can use nmap to scan the rest of the network. Since one does not know how the network is laid out one must first figure out the layout

ifconfig

brings back
all the network info
from that you can tell that the the network is a class C network on the ip range of 192.168.1.0-255

From there you need to find out which of these ips are active so this is were nmap comes in
there are many ways to map out a network with nmap I used

nmap -v -A -T5 192.168.1.0/24

from this you will get back a list of computers and the services that are running on them.
From there you look for interesting ports
Looking through this list one can see that there is port on 192.168.1.110 that is 31415
which are the first 5 digits of pi. This seems interesting so I want to see if I make a connection with it what will happen. This is where netcat comes into play
nc 192.168.1.110 31415

Eureka the port response with
my notes
Phoenix
user:secret
password: Ifoundthepassword

so this obviously looks like someone notes to get into an account. we know the credentials and now we need to know which computer the credentials are good for. My bet would be a computer relates to Phoenix somehow. Looking back at the nmap output we get another Eureka. Phoenix is the hostname of computer 192.168.1.117 so lets try sshing into it.

ssh secret@192.168.1.117

and we're in using a simple ls we see there is a message labeled
Congratulation.message
cating that gets you the secret message

10/10 Meeting

2008-10-09T21:18:00.001-07:00

Today we went over a couple levels in Narnia Wargame

Level 1

Basic buffer overflows
Endianess
Keeping a Shell Open

Level 2

Shellcode
Enviroment Variables

In addition, we talked about a potential CTF in December and that are team needs as much help as we can get. Here are some categories members can specialize in

Understanding code quickly in Perl, Python, PHP, Java
Snort Skills - making rules to help identify and block bad traffic
Wireshark/TCPDump skills - understanding data and giving incite to rest of the team on what other teams are doing and what they are trying to exploit
Unix Administration skills -
using aide and other intrusion detection tools
etc

If your interested post in the comments which ones your interested in and will try and set up specialty groups so they can get good at the individual areas.

10/2 Meeting Review

2008-10-03T07:51:00.000-07:00

This meeting we went through the basic levels on http://www.hackthissite.org/

Some of the topics the levels went over are:

understanding html
how post and get work
a bit on how cookies work
remotely executing server commands
reversing simple encryption schemes
server side includes
directory traversal exploitation

If someone couldn't make the meeting or didn't finish the levels. Try looking through the sit wiki for info on the levels or Just post a message on the sit list someone is bound to help.

War Games and Web Hacks

2008-09-23T21:07:00.000-07:00

Next meeting we're going to go over some war games that will help improve skills in system administration and finding basic web exploits. We will be meeting in the same room CSE E116 at 6:15 on Thursday the 9/25

http://intruded.net/wglist.html
http://www.hackthissite.org/

Networking outline

2008-09-18T20:42:00.000-07:00

I hope my rambling through network topics helps you all on your hacking journeys. My goal was to give you the basis and cover enough areas with practical examples that you'll have a better understanding as you encounter them in the future. Below is the quick outline I threw together and tried to follow during the talk. I've linked a lot of the items so you can get more info.

Feel free to e-mail or IM me if you have any questions.

- Networking
- - Why is it important?
- IP Addresses
- - Subnets
- - Netmasks
- - CIDR notation
- - Private IPs
- - ICANN, whois, dnsstuff, centralops.net
- Network Layers
- - OSI model
- - TCP/IP model
- Protocols
- - TCP
- - UDP
- - ICMP
- - Others...
- Hardware
- - Hubs
- - Switches
- - Routers
- - Firewall
- Sniffing
- - Promiscuous mode
- - tcpdump/wireshark/windump
- Spoofing & Packet Crafting
- - IP/TCP/ICMP/UDP (hping,scapy)
- - ARP (ettercap, dsniff)
- Scanning
- - nmap

Next Meeting - Thurs Sept 18

2008-09-15T08:48:00.000-07:00

The next meeting will be Thursday at 6pm in room CSE E116. Topic to be announced...

Fall Topics Poll & Getting Started

2008-09-14T19:27:00.000-07:00

Topic Poll
We talked a bit about topics we would like to cover this fall during the first meeting. Ideas about reversing, pentesting, forensics and more were discussed. As a result, I've created a poll to better quantify the interest level in the different areas.

Getting Started
One item I want to go into detail about is the "Don't know...I'm a n00b!" choice. Several students mentioned during and after the meeting that they are new to the security scene and don't know where to start. Great! That's why the SIT was created! The question now comes down to how much of the regular meeting time do we want to focus on getting started as opposed to more intermediate to advanced topics?

Maybe that's where the idea I've been having about doing a weekly meetup in addition to the regular meeting could come into play. If we could coordinate a weekly session with a floating time that works for my schedule and all those interested where we could cover the basics and I could provide some small assignments to help you get your feet wet. The assignments would be things like compile nmap from source and scan host X, then tell me the open ports and possible OS.

I'll probably do another poll to start hashing out the details of what we'll do regarding the "getting started" sessions, but I'll send out an announcement for it when I do.

-jhs

Fall 2008 - First Meeting

2008-09-14T19:20:00.000-07:00

Our first meeting was on Thurs, Sept 11. The turnout was great with about 25 people packed into the computer lab down in CISE. I (john sawyer) spent a while talking about infosec, hacking, defcon, ctf, hardware hacking and more. Topics and direction for the group was discussed along with meeting times. There will be more to that soon.

I'm really impressed with the enthusiasm from the majority of the students who attended and think this will end up being the best semester to date for the UF SIT. Hopefully, the collaboration with ACM will help us draw more members and have more involvement both in the meetings and outside of them.

-jhs