prosyslab-classroom / cs348-information-security Goto Github PK

Could I reset my vpn password? I changed it but now I forget my password. Very sorry for my carelessness! my student-id is 20170844

My code is compatible with Python3 but not Python2.
Is it OK?

I confused the ID and password for kvpn, so I failed to login many times.
After I found my ID and password, it prohibited the login with message "You can not login with this ID".
How can I solve this problem?
Thanks.

TL;DR Check your typo in the mongo command. Read P.S.!!!

I have written some test code to check whether my attack is running. I decided to check it via mongo shell. Apparently, I am stuck with not knowing what exactly is going on.

I installed mongodb-org by following this link and what I have now in my Attacker machine is MongoDB shell version v4.4.5. And when I tried to execute the command mongo -u cs448 -p cs448 102.168.20.1:27017/amp, these warnings popped up.

WARNING: No implicit session: Logical Sessions are only supported on server versions 3.6 and greater.
Implicit session: dummy session
MongoDB server version: 2.6.10
WARNING: shell and server versions do not match

When I typed in db.attack_session.find({}), it outputs nothing. So now I have no idea what is going on: my code did not work or it is due to the dummy session.

I researched and understood from this link that it is the version issue. So question number 1, should I re-install mongodb but now with v2.6.10? And if that is the solution, as far as I know, mongoDB does not support v2.6.10 anymore and to install it might be slightly more complicated, question number 2: does anyone have proper installing instruction for that?

Question number 3, is there any workaround for this problem? For example, installing mongo shell with alternative ways? Maybe I am not on the correct path.

I profoundly apologize for my newbie question. Any kind of help is highly appreciated.

P.S. I think there is typo in the assignment instruction.

mongo -u cs448-p cs448 192.168.20.1:27017/amp

should be

mongo -u cs448 -p cs448 192.168.20.1:27017/amp

Evaluation criteria says, "If your attack implements your attack packets by writing their each bytes without using libraries (e.g.,
scapy, dnspython) for all or partial attacks, you earn up to +10 extra points. This extra point is
awarded even if your total points earned is above 100 points."

Currently I'm working on the assignment by assemblying the attack packet by writing their each bytes, but I need to find some MAC address by IP. (I could patch it by hand if the script is supposed to run only on my machine, but since the script will be run for evaluation on other machine, there's a need to acquire MAC address automatically.)

Thus, my current solution for this is to utilize 'getmacbyip' function of 'scapy' library, to acquire MAC address for given IP.
I don't think using 'scapy' for this purpose isn't the case of making attack packet with "highly automated tool", but I'm afraid that such use of 'scapy' would affect my opportuinity for extra credits.

In short: Is using 'scapy' just for retrieving MAC address violation for extra credits?

Since python 3.5 is deprecated, recant use many of the libraries.

Can we update python version into higher versions?

Hello,
I'm having a hard time understanding the HW3.
What does the 'coverage' mean? Can you explain me the reason why example1.cov.expected value is "3,14 4,13"?
(why no info about line 2? why column is different in line 3 and line 4 although 'int y = 10 + x', 'int z = x - 10' are both has length 14?)

Thank you.

Hello, I have some questions about Assignment2.

When I implemented python file for DDoS attack. Then I can get those messages on my Attacker VM terminal.

I wonder that the messages above are right response and how can I check them? Actually I can't find any result in mongo db server.

I think it means there is something wrong. But I have no idea how can I check whether victim has requests from amp server or not?

This might not be an exact question but I want to note down something which might be useful for others as I prefer to work on my machine due to convenience. If this is a proper workaround, I will close this issue within 48 hours.

Environment:

• OS: macOS Big Sur 11.1
• Machine: MacBook Pro M1 (using Rosetta)
• Python version: 3.6.8

The first time I try to test the interface using,

from oracle_python_v1_2 import pad_oracle
ret_pad = pad_oracle(’0x1234567890abcdef’, ’0x1234567890abcdef’)

it produces this error

>>> ret_pad = pad_oracle('0x1234567890abcdef', '0x1234567890abcdef')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "***/oracle_python_v1_2.py", line 14, in pad_oracle
    sock.connect((HOST, PORT))
socket.gaierror: [Errno 8] nodename nor servname provided, or not known

To fix the issue, I followed this answer from stackoverflow. And to do this (editing /etc/hosts), you might need the administrator's privilege.

I’m struggling with SecuwaySSN from yesterday. It didn’t work well, so I've tried many times and now it seems that my user ID is blocked. It keeps giving me the error "Cannot connect with current user ID (현재 사용자 ID로는 접속할 수 없습니다)". Do I need additional permission for this? Or is there any solution?

• My user ID is CS448-30. For information, I used 'https://kcloudvpn.kaist.ac.kr' for VPN URL and right most column in spreadsheet for the password.

Is it okay if I will use .zip format instead of .tar. On windows I don't have an option to archive to .tar file.

When I set current IP address as a source IP in the packet, and then send it. I get response from the AMP. However, when I change source IP to the victim's IP, the packet does not reach VICTIM. I use tcpdump to see if packets arrive.

Could you help me?

Hi all,

A gift box from Github arrived. See the picture of booklets and stickers. I will put the box in front of my office (N5 2321) for a week. If you happen to be on campus, feel free to pick up some items you want. Also if you happen to see me or Min Suk, don't be shy and say hello.

This Assignment is just submit it to KLMS,
nothing to do with github push or something else?

thank you very much

I was just setting up the environment according to the guideline.
I followed everything up to the last line

opam install dune llvm.10.0.0 ounit

and this happens. Other dune and ounit were installed.

I wonder what's the problem.

Goal: setting up and getting familiarized with OCaml and Git

• Implement simple programs in OCaml (e.g., hello-world)
• Push to your Github repository
• Will not be graded

Invitation URLs

1. hello-world: https://classroom.github.com/a/WupWHckw
2. ocaml-programming: https://classroom.github.com/a/1r_BQoss

I am trying to use scapy library, however I fail to download it. When trying to download something, I get Temporary failure resolving 'sg.archieve.ubuntu.com' error. I checked my Network Setup again, but everything appears to be as instructed. Has anyone else faced this problem? I checked my Network Setup again, but everything appears to be as instructed.

I feel sorry that I forgot my VPN password. Could you reset mine? My student ID is 20203131.

When I connect to KCLOUD VM (using Putty), the default place is
root@[hostname]:#
then when I type cd .. ("root@[hostname]:# cd ..")
root@c[hostname]:/#
this comes out.
Q1) What is the difference between "root@[hostname]:~#" and "root@c[hostname]:/#"?
(Is the former a hidden folder?)
Q2) Where should I install git (i.e. type "sudo apt update" and "sudo install git") - and later set up my information?

(and why does a cancel line appear?)

How to install SecuwaySSL for Mac

• Please refer a installation guide at "https://kcloud.kaist.ac.kr/index.php/board/?mod=document&uid=132"

How to connect your virtual machine on KCLOUD

1. Connect KVPN with SecuWaySSL, You should type the KVPN address (https://kcloudvpn.kaist.ac.kr), Not the virtual machine IP address. (Login ID is your VPN ID)
2. Open your terminal (iTerm, etc.)
3. Connect your virtual machine with the following command: ssh [your-account-name]@[your virtual machine IP] e.g., ssh [email protected].

Hello,

This is my result of attack in mongo DB, in this picture as you can see, resbytes is both zero.

I have no idea why resbytes is zero, which factors can change those attributes? I just send a lot of request to amp server.
It seems that amp server get the packet well,

Is there anyone who advise for me? plz....

In case some face internet connection problems or just do not want to download over 10GB of VM images, I packed those into .tar.gz archives and uploaded to Google Drive. This helped reduce the total size 13.2GB -> 4.1GB. I'll keep it there until around April 20.

I also made some .zip archives for the Windows people out there, but I do not have enough storage space on my Google Drive :(

All the image archives are also available on IPFS, but I can't guarantee neither speed, nor reliability of connection here. If you feel brave enough, you can try (perhaps, the more people download, the better it gets, especially, if you have IPFS client installed):
.tar.gz
Amp.tar.gz 1.2GB (CID: QmRGtKbMxEYmrvhSfFJ17xcCo3bgi8JesXaED7UZCr7zhR)
Attacker.tar.gz 1.6GB (CID: Qmf7QpYWunLLRxQxSjmoMCHpTm75cFDBctp3RK6JCX5GDp)
Router.tar.gz 677MB (CID: Qmc1GBJ4rp4xLXPUNKyfksPyx9EZno5qspMyZs4EdWtZPw)
Victim.tar.gz 683MB (CID: QmPP6tsQvHL13mETMKfqDsXPt49RQruoHww91bWW8yeAcc)

.zip
Amp.zip 1.2GB (CID: QmeJiiH7GGPhbPXVbKP7tiSKD3S69YZmNk7ZejZR9Jmyrv)
Attacker.zip 1.6GB (CID: QmdubLudfdk1QK9nEs5H8PMZpZUm7pgRfjiEWWLyk5ox5s)
Router.zip 676MB (CID: QmeCvwp6YtCruY5bCLVvoJ13THERHg3RpCSN6fgib8VP3T)
Victim.zip 682MB (CID: Qma5Na2vyQpiXuRWzDqa2sAi7VCwZKJygvgbz8s2CVK9hj)

Thanks for solving the previous kvpn connection issue.
Now it is something to do with git commands.

I followed the steps to make another user and modified sudo(sudo visudo).

But while setting the user profiles on the new_user with command
git config --global user.name "name"
gives me this error
fatal: cannot come back to cwd: Permission denied

did anyone solve this issue?

Are we allowed to change HOST in oracle_python_1_v1_2.py from "localhost" to "127.0.0.1"?

I cannot connect to KCLOUD on my Mac. After login to the kcloud page, it asks me to download vpn profile, but when I click on that it just opens html code of some page. Did anyone face the similar issue? I noticed that kcloud website redirects me to "https://kcloudvpn.kaist.ac.kr/iphone.jsp" which I guess it is for iphone, not mac.

Also, I cannot install the LLVM by using the command given in the slides. The error said it cannot find the Java Runtime. Should I install Java for that? Is it possible if I don't download it at all?

Is there a way to import files from VirtualBox?
Thank you!

I tried with mongodump or mongofiles with host ip and username, password.

But results of both are 'Auth fail'.
How can I get the json files from mongodb?

An interesting article that shows why we should study security: https://www.technologyreview.com/2021/02/03/1017242/google-project-zero-day-flaw-security
I recommend you read that for fun.

According to the article:

that it’s far too easy for hackers to keep exploiting insidious zero-days because companies are not doing a good job of permanently shutting down flaws and loopholes.

In the worst case, a couple of zero-days that I discovered were an issue of the vendor fixing something on one line of code and, on literally the next line of code, the exact same type of vulnerability was still present and they didn't bother to fix it.

Can we use general-purpose external libraries? for example NumPy.

Thank you

When I run test/example1.instrumented.ll ./sanitizer test/example1.ll after make, it just gives me 'bash: test/example1.instrumented.ll: No such file or directory'.

So I've created an empty example1.instrumented.ll file, tried again, but it also didn't work.

How can create an instrumented ll file?

I have some questions about the output format.

1. If the decrypted bytes are 0x4d49434845414c01 (for "MICHEAL" + single padding), is it okay to print "MICHEAL", or "MICHEAL\n" to stdout?
2. If 0x0808080808080808 is the one, that is, M is empty, then how to print it out? Just "\n" could be ambiguous with 0x2007070707070707 ...

I tried to update my nickname but failed with the response 'authentication failed'.
My username and password are like this:

username=20181111 (my student ID)
password=7xxxxxx5 (from KLMS Grades)

The example script has a username that starts with 'e', so I tried 'e20181111' and 'e0181111' and 'e181111' but failed.

Can we expect the tests to include only simple instructions?
Do our implementations have to deal with function inside another function (and by extension, recursive function)?
Thank you.

I tried many experiments on attack using dns, so I started to use ntp service.

But whatever I do, the ntp server doesn't respond.

I tried to communicate with ntp server by following methods, but no respond is returned

(1) using scapy to send NTP packet, (both plain NTP Header and mode 7) to 192.168.20.1
(2) use ntpdc -> it says Name or service not known,,
(3) use Nmap to scan if the amp server has the functionality I want

But by whatever method, nothing returns back to my attacker,, What am I doing wrong? Can I ask for some starting point?

I am having issues logging in to the VPN using SecuwaySSL using Apple M1. I have followed the guide both from here and here, but both seem to be not working. Currently, I am stuck at the connecting interface of the SecuwaySSL v2.0 client where I have to put in the URL, which I obtained from the Google Sheets (from the NAT IP column). Is there any step I have missed or done incorrectly?

You can see how to prepare your homework environment at this link below.
Also, you can check your KCLOUD VPN/VM account at KLMS.

https://docs.google.com/presentation/d/1y5Pk-Ks3883ut5WqYRnj8YggxBiAK3ZVzf-hJN6Z8XY/edit?usp=sharing

Do we have to mention how many grace days that we are going to spend somewhere, or are our grace days used automatically?

In PDF it is said to use
java -cp pad_oracle.jar:bcprov-jdk15-130.jar:python_interface_v1_2.jar python_interface_v1_2

however seems like semicolons should be used instead of colon

and be

java -cp pad_oracle.jar;bcprov-jdk15-130.jar;python_interface_v1_2.jar python_interface_v1_2

it doesnt work with first and work with second, so I think it is better to change pdf

Hi,

Today some students asked how malware such as Trojan horse gets into the system. As I mentioned, traditionally, it has been spread via SW download from untrusted sources (e.g., illegal sites, black market, etc). But see this recent security issue that attackers intentionally bury malware in a well-known Github repository (php).

What can we trust and how to protect the systems?

When I use dune exec or dune test, this error occurred:

MoTTY X11 proxy: Unsupported authorisation protocol
can't open display: localhost:10.0

I supposed this is due to Mobaxterm (I use Mobaxterm to access the remote server). May anyone help me on how to solve this?
Thank you.

In the PDF,

4. reqbytes: The numerator of BAF formula
5. resbytes: The denominator of BAF formula

However, I think that reqbytes should be the denominator of BAF formula, which is 'len(UDP payload) attacker to amplifier'.

when I try to compile the root directory and I command make but it said

make: dune: Command not found

What is the problem?

thank you

The BAF of my attack is not constant on every trial. Sometimes it is over 100, but most times not. In this case, how is the evaluation on BAF done? is it done by .json file or script?

Hi all,

Just to avoid confusion, there will be no class this mid term week. See you next week.

Hello.
In assignment3, I'd like to ask how is grading done after we submit our work.
It is more likely to believe that the grading will be done with more test case, not just only with the single test case we provided in the repo.

If the grading will be done with additional test case, can we get supplemented more test case for the improvement to our work?

For given ciphertexts, there are encoded with only 3~7 length words.

Could you give some more longer words, 8+ length words?

I am monitoring traffic on Attacker and I see that I am only sending packets. I monitor packets on Amp and I see that the size of packets sent is bigger than received. I am also monitoring packets arriving on the Victim side, and I see that it only receives packets. However, db.attack_session.find({}) is returning nothing. I am monitoring traffic through the network information on each virtual machine.

P.S. Is it possible to get rid of @gyusss messages?

When I tried make command in the root repository,

There is error with error message:

File "src/dune", line 11, characters 38-51:
11 | (libraries hwLib llvm llvm.bitreader llvm.irreader str))
^^^^^^^^^^^^^
Error: Library "llvm.irreader" not found.
Hint: try:
dune external-lib-deps --missing src/main.exe
Makefile:8: recipe for target 'all' failed
make: *** [all] Error 1

How can I solve this?

Can we suppose the padding oracle server is listening localhost:5000 on test environment?

In oracle_python_v1_2.py, there are 2 functions that use sock.sendall().

When I try to access the oracle, below "sock.sendall()" of "pad_oracle()" throws TypeError.

sock.sendall("pad_oracle," + str1 + "," + str2 + "\n")

I think it should be changed into,

sock.sendall(("pad_oracle," + str1 + "," + str2 + "\n").encode())

, and dec_oracle() as well, because sendall() can send only bytes, not str.

Could you fix this error?