Difference between revisions of "Willie Stehm"
From WLCS
| Line 35: | Line 35: | ||
<p>7) Attempt to intercept normal emails sent through gmail <b> [X] </b></p> | <p>7) Attempt to intercept normal emails sent through gmail <b> [X] </b></p> | ||
<p>8) Set up Firewall for our test lab <b> [ ] </b></p> | <p>8) Set up Firewall for our test lab <b> [ ] </b></p> | ||
| − | ::*[http://www.ipcop.org/ IP Cop] | + | ::*Research firewall operating systems |
| + | :::*[http://www.ipcop.org/ IP Cop] | ||
| + | ::*Install all necessary hardware components into our firewall | ||
| + | ::*Install IP Cop software and configure settings to fit our network set-up | ||
==Goal Documentation== | ==Goal Documentation== | ||
===1) Setting up the test lab=== | ===1) Setting up the test lab=== | ||
Revision as of 13:12, 30 October 2008
Today is May 18, 2024. Welcome to my page!
Contents
Topics of focus
Networking and Network Security
- Basic concepts
- Building test lab
- Intercepting packets
- Password hashes
- IM information (buddy info, messages, sign-on data, sign-off data, etc.)
- Middle man attacks
- Encryption
RFID
- RFID Basics
- Assembling RFID reader
- Reading and writing information on RFID card
- RF-dump
- Editing information stored on card
- RFID security
Magnetic Stripe
- DIY reader/writer
- Writing and editing information on card
Ten Goals for the Quarter
1) Set up test lab using a minimum of three computers connect to a hub or switch [X]
2) Research and use packet sniffers to intercept packets sent by other computers through the network [X]
3) Research and document findings on how to crack password hashes [X]
4) Research general email security [X]
5) Intercept Gmail Log-in information to analyze [X]
- SHA hash function
- RSA Encryption
6) Intercept Gmail Chat messages through wireshark [X]
7) Attempt to intercept normal emails sent through gmail [X]
8) Set up Firewall for our test lab [ ]
- Research firewall operating systems
- Install all necessary hardware components into our firewall
- Install IP Cop software and configure settings to fit our network set-up
Goal Documentation
1) Setting up the test lab
- After doing a bit of research we settled on using the Xubuntu operating system. Xubuntu is a streamlined version of the Ubuntu operating system that is less memory intensive and thus better for older computers such as the ones used in our test lab. It also cuts out some of the unneeded bundled applications that come with Ubuntu, allowing us to add on only what is useful to us. While comparing hubs and switches we decided to use a hub. Hubs unlike switches broadcast packets out to all ports. This enables us to easily intercept packets, learn to analyze packet data, and learn about network security as a whole. Our final network set-up can be seen in the picture to the right.
2) Packet Sniffers
- Under the recommendation of Mr.Bui we started using a program called wireshark (formally known as ethereal) to start capturing packets sent over our test lab network. Using the im client Pidgin, we set up test accounts and started talking to each other over the network. These packets were relayed to the Pidgin server and then sent to the other account. Using our hub and concurrently running wireshark, we were able to filter the captured packets to only view those related to Pidgin and the AIM protocol. The results were amazing. We intercepted packets containing everything from log-on info to message contents, buddy info, updates on when the person was away or idle, and even password hashes being sent at the log-in.
3) Password Hashes
- When signing onto AIM through Pidgin on one computer, we were able to capture a packet containing the log-on information as it was being sent for verification. The packet captured contained the password hash 51e3ed91700bee528a11e333ab25e6d2 as sent from Pidgin. After a bit of research on the AIM protocol we found that the password algorithm used in the aim protocol is MD5. MD5 turns the password into a one way 128-bit hash before sending it AOL for verification. Since MD5 is designed to be a one way algorithm it makes it very difficult to reverse and thus recover the password from the hash. Although difficult we found two ways that this could be done. The first is through the use of a Rainbow table. Rainbow tables take the hash value provided and compare it to thousands of known hash values and their corresponding plain text value. For our situation this option isn't exactly feasible as each hash value can have millions of possible combinations and requires extremely fast computers to crack. The second option we found was to use a password cracker such as Cain and Abel. Password crackers use vast word lists and compare individual words to the password hash hoping to find a match. The downside to this method is that the word list used must contain the password in order for the program to find a match. If the password is not present in the word list the search will come up inconclusive. Using the hash value we obtained I ran Cain and Abel at home comparing it to a default word list. Just as described in the downside, the default word list I used didn't contain the password so the program comparison thus came up inconclusive.
4) General Email Security
Gmail Log-in
- After our great success with intercepting packets while using Pidgin, we decided to move on and try our luck with email security. As all of us already had gmail accounts we decided that this would be a good email client to test. For our fist test we did exactly what we did for the Pidgin log-on. While running wireshark on one computer someone else attempted to log-on to gmail using their username and password. From the intercepted packet that was being sent to google for verification we were able to learn a great deal about google's security. As shown in one of the highlighted regions in the picture to the left we found that google uses a SHA hash function combined with RSA encryption.
