Our greatest weakness lies in giving up. The most certain way to succeed is always to try just one more time. ~Thomas A. Edison

Transcription

1 To help you prepare for the Ghost Red competition, below you will find a list of tools and technologies that you should familiarize yourself with before you arrive. Think of this document as a study guide. Each section provides links to good resources and keywords to search in Google. Try installing these tools and getting them working on your own. Our greatest weakness lies in giving up. The most certain way to succeed is always to try just one more time. ~Thomas A. Edison To start you ll need to install a few things Required Tools You will need to bring a laptop the challenge. It must have wireless capabilities. In addition, you will need an ssh client and a VNC client installed on your laptop. These tools are used to access another computer remotely. SSH lets you interact with a text based console, called a terminal, of another computer. A VNC client will allow you to view and control another computer s desktop remotely. Below is a list of ssh and vnc clients by operating system. Please download and install the ones appropriate for your system. Linux SSH will come installed by default on Linux. Vinagre will come as the default VNC client on Ubuntu Linux. If you are using a different build, make sure you have a VNC client installed. Mac SSH will come installed by default on a Mac. Chicken of the VNC is a good option.

2 Windows Putty is your best option for ssh. You can use TightVNC for VNC. BASH! Familiarize yourself with the basics of the Linux terminal. In a Terminal, you can run programs, explore your file system, create files, and more. Plus, each command comes with a manual, accessible by typing man followed by the name of the command. Be familiar with the commands cd, ls, and man at a minimum. Challenge Track 1 Strings and Encodings The bash shell comes with a command called strings. This tool searches through binary files and prints out everything that is human readable. Be warned, you may have to tell the strings command which character encoding to use. Try typing man strings in a terminal for more info. Wireshark Wireshark is a tool for recording data, or packets, sent over a network. These packet captures, or.pcap files, can be opened and analyzed with wireshark. Analysts are even able to extract files out of a pcap, like images or documents. Filesystems Hard drives and other computer memory must be mounted to a computer before it can be accessed. (Technically it is the filesystem that is mounted, not the physical drive.) You can use the fdisk command to view available drives and the mount command to make them accessible to the computer. Tomcat Logs Tomcat is a web server used to run websites. Tomcat keeps logs of every file that is sent served form the server to the clients making the requests. If someone takes something they shouldn t have, it will be logged here.

3 Client Server Programs To program a simple client server program you will have to consider two things. A Socket must be opened up on a specified port to send or receive data. IO must be considered as well. Where do you send a file from, or where do you save it to? ml Intrusion Detection Using a tool like snort, network security professionals can detect what kinds of attacks were used against their networks. Setting up snort is difficult, but the result is valuable. Steganography! Hackers use steganography to conceal hidden messages in pictures. Check out outguess. One last note about catching hackers; every hacker will suggest you use a strong, unique, password. That doesn t mean that they follow their own advice. J

4 Challenge Track 2 Telnet and HELO servers use Simple Mail Transfer Protocol, or SMTP. Hackers can use a tool like telnet to send s by issuing SMTP commands directly to a mail server. If the SMTP server is configured as an open relay, they can send s as any user to any other user without knowing a password. A simple looks like this: helo [server IP] Mail from: [from address] rcpt to: [to address] data [message goes here]. Password Cracking Passwords are stored on computers as a hash. Automated tools called password crackers try passwords until they find ones that match the stolen hashes. One popular password cracker is john the ripper. Try typing man john in a terminal for more info. Also, note that you may have to specify the algorithm that was used to generate the hashes. File Permissions Linux file permissions control who can read, write to, and execute a given files. These permissions can be granted to the owner of the file, a group of users, or to any users. Use the ls l command to list files with their file permissions. Links GIT Git is a source code management tool. Git stores every change to a program s source code. While this is super handy to developers, in the wrong hands, a lot of

5 sensitive data could be disclosed. Try reverting your git repo to an earlier version and looking through the source for something interesting. SQL Injection and Client Side Controls Not all controls are created equal. Checks made against a database could be vulnerable to SQL injection, a nasty attack where hackers inject code into the websites sql database. An attacker will look for any hints of what SQL commands are being run to try to inject into it. Also vulnerable to attack are client side controls. These are security measures handled in the browser, usually with HTML or javascript. Modern browsers comes equipped with tools to change any code or markup loaded clientside. Links Conficker In 2009, the Conficker worm infected about nine million computers. It took advantage of the MS vulnerability, which allowed for remote code execution in a windows networking service. Malware like Conficker can be used to give an attacker complete control of another users machine. SCRAM! You can often talk to SCADA systems (Supervisory Control And Data Acquisition, it s the chips that control industrial hardware) with Telnet. Frequently these systems come with a built in help command. If the setup is any good, the system will be protected by a firewall. But that doesn t mean that you can t shut the reactor down. To err is human, but to really foul things up you need a computer. ~ Paul Ehrlich