Thursday 10 November 2011
Buffer OverFlow
Last week I learned about buffer overflow. We didn't really talk about as much as get a demonstration, which I like better. I ran a program called NIprint on one computer, which listened on port 515. I was shown how to figure out how long the space is, that I needed to overflow, then using a command called ncat and the ip address of the other computer I was able to send a string of over 50 characters (enough to overflow space), and it crashed the program. After that I had to write a script that would do the same thing to overflow the buffer of the NIprint program. I thought that it was pretty cool how it worked so well in the end, also a little surprised. I'm not to sure if I did it completely write thou :/.
Vulnerabilities and Exploits
In this week I learned about vulnerabilities and exploits and what they are, which ended up being a flaw in a program or taking advantage of program vulnerabilities. I was late shown examples of vulnerabilities like race condition or spoofing. Spoofing went from faking a mac address to dressing up and pretending to be someone else. The race condition was when a program runs it runs the protocols in a a,b a,b formation, ALWAYS. If b comes before a at all the program will crash or blue screen.
Wednesday 9 November 2011
Web Application Security
WEEK7
In week 7 we learned about web application security, in other words how to hack web sites and figure out their vulnerabilities. We were shown different types of hacking techniques like Cross Site Scripting which will allow you to inject the website with some HTML code, or with some bad programming you could even inject SQL injections. After examples of the SQL injections we learned about Cross Site Request Forgery which in the worst case scenario, could cause a person to transfer money to another bank account instead of theirs. That was then the end of class but he gave us a program to download so that we can try out some vulnerabilities and learn about others. We used Mutillidae and XAMPP to generate a web page in our VM. We then had to hack the web page beginning with the username and password, which if you put "' or 1=1 -- " in the username you we granted admin access. We then used google and infromation from the web page to try out mode hacking codes and injections. Seeing this makes me feel very uneasy about the internet because if the programmer is not well experienced, your website could be hacked, changed, or even shut down. :/
Scott Dawe
In week 7 we learned about web application security, in other words how to hack web sites and figure out their vulnerabilities. We were shown different types of hacking techniques like Cross Site Scripting which will allow you to inject the website with some HTML code, or with some bad programming you could even inject SQL injections. After examples of the SQL injections we learned about Cross Site Request Forgery which in the worst case scenario, could cause a person to transfer money to another bank account instead of theirs. That was then the end of class but he gave us a program to download so that we can try out some vulnerabilities and learn about others. We used Mutillidae and XAMPP to generate a web page in our VM. We then had to hack the web page beginning with the username and password, which if you put "' or 1=1 -- " in the username you we granted admin access. We then used google and infromation from the web page to try out mode hacking codes and injections. Seeing this makes me feel very uneasy about the internet because if the programmer is not well experienced, your website could be hacked, changed, or even shut down. :/
Scott Dawe
Python Overview + Nasty Virus
Good Learning, on our week 6 class we discussed our Assignment 2 and what we have to do for it for week 13. I have to still find a group and a topic for this assignment, I'm glad we get to chose the groups. After that our teacher went on to show us the Python program, and how to use it for those who had troubles. I found it easy after my friend showed me, and he is explaining what he is doing about looking for what strings and where to make your first break in the program. After he went through that it was on to the fun stuff!!! WE got to work with an actual virus in this class. He gave us a website that we had to put into our URL box because if you were to type it into Google it wouldn't come up because this website lets you download viruses. I tried to get the virus onto my host computer but my virus scanner wouldn't allow it (which is good). In the end I downloaded it straight to my Virtual Machine, and also used process monitor to look at the virus. Once running everything on my VM, I opened the process monitor to see what this virus was doing. I had attached itself to literally everything from MS Word to the default windows magnifying glass. This virus is really deadly, I think it ended up screwing up my VM completely:/. I though this virus was really interesting, and on another note I have a friend in the class who left their VM on nat and the virus got onto his roommates computer...opps lol.
Scott Dawe
Scott Dawe
TEST TIME!!!
:(
Today's class was our first test in this class. We had to answer questions about honey pots, assembly, python and also look at a python script and try to find the errors. The test overall I though was very fair and well written out. My favorite part was the Python code errors because I am very capable to sit there and look at the script and see what looks weird or wrong in this case. I should have studied a bit more for this test, then I would have gotten a bit of a better mark (although I did pass). The next test coming up in about a month I will study more for so I can raise my mark in this class.
Scott Dawe
Today's class was our first test in this class. We had to answer questions about honey pots, assembly, python and also look at a python script and try to find the errors. The test overall I though was very fair and well written out. My favorite part was the Python code errors because I am very capable to sit there and look at the script and see what looks weird or wrong in this case. I should have studied a bit more for this test, then I would have gotten a bit of a better mark (although I did pass). The next test coming up in about a month I will study more for so I can raise my mark in this class.
Scott Dawe
Thursday 6 October 2011
Immunity!!!
Finally caught up, YEAY!!!! Ok so Last class we were taught about assembly and the program immunity. We were showed the immunity program by our teacher and he gave us a demo on how to use it. I didn't understand right away how to do it, even with the walk through I had troubles. Then I had a friend sit down with me and show me what I was looking for and explained what each step was doing. Once I figured out what to look for, where to start, what buttons to push, then it was pretty easy. I want to try more programs like this because it was fun. I heard that you can sign up at their website and they will allow you to try 22 more programs I think it was. So if I have time ill give it a try. till next time..
Scott Dawe
Scott Dawe
Monday 3 October 2011
Python
Last week (i know still late:() we learned about Python which is a programming language that is used in a lot security tools today. He showed us some examples of the code then broke it down into 6 different types: strings, lists, dictionaries, tuples and integers/floats and showed use different examples of those a well. After that mt teacher started to talk more about what I know like conditional statements, loops and while/for statements. After that he explained how we can use Python code to receive information from websites. He then asked us to create a code that will communicate with a public server and had to get specific information like server banner, the date, and also a status code. I found it quite difficult but after had some class mates explain it to me a little more and I have a little bit of a better grasp at it. Till next time. TTYL scott dawe
Subscribe to:
Posts (Atom)