Difference between revisions of "Willie Stehm"
From WLCS
| Line 29: | Line 29: | ||
<p>3) Research and document findings on how to crack password hashes</p> | <p>3) Research and document findings on how to crack password hashes</p> | ||
<p>4) Research email security</p> | <p>4) Research email security</p> | ||
| + | ::*Gmail Chat | ||
| + | ::*Normal Email | ||
==Goal Documentation== | ==Goal Documentation== | ||
Revision as of 10:26, 21 October 2008
Today is May 18, 2024. Welcome to my page!
Contents
Topics of focus
Networking and Network Security
- Basic concepts
- Building test lab
- Intercepting packets
- Password hashes
- IM information (buddy info, messages, sign-on data, sign-off data, etc.)
- Middle man attacks
- Encryption
RFID
- RFID Basics
- Assembling RFID reader
- Reading and writing information on RFID card
- RF-dump
- Editing information stored on card
- RFID security
Magnetic Stripe
- DIY reader/writer
- Writing and editing information on card
Ten Goals for the Quarter
1) Set up test lab using a minimum of three computers connect to a hub or switch
2) Research and use packet sniffers to intercept packets sent by other computers through the network
3) Research and document findings on how to crack password hashes
4) Research email security
- Gmail Chat
- Normal Email
Goal Documentation
1
- After doing a bit of research we settled on using the Xubuntu operating system. Xubuntu is a streamlined version of the Ubuntu operating system that is less memory intensive and thus better for older computers such as the ones used in our test lab. It also cuts out some of the unneeded bundled applications that come with Ubuntu, allowing us to add on only what is useful to us.
- While comparing hubs and switches we decided to use a hub. Hubs unlike switches broadcast packets out to all ports. This enables us to easily intercept packets, learn to analyze packet data, and learn about network security as a whole.
2
- Under the recommendation of Mr.Bui we started using a program called wireshark (formally known as ethereal) to start capturing packets sent over our test lab network.
- Using the im client Pidgin, we were able to capture packets containing everything from log-on info to messages contents, buddy info, and even password hashes.
3
- The password algorithm used in the aim protocol is MD5. MD5 turns the password into a one way 128-bit hash before sending it AOL for verification. Since MD5 is designed to be a one way algorithm it makes it very difficult to reverse and thus recover the password from the hash. Two ways we found that this could be done are through the use of a Rainbow table or through a password cracker such as Cain and Abel. Password crackers use vast word lists and compare individual words to the password hash hoping to find a match.
