Lab46 Wiki

User Tools

Site Tools

You are here: start » blog » fall2015 » dshadeck » journal
blog:fall2015:dshadeck:journal

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
blog:fall2015:dshadeck:journal [2015/09/29 13:36] – [September 21, 2015] dshadeckblog:fall2015:dshadeck:journal [2015/10/05 16:53] (current) – [September 28, 2015] dshadeck
Line 1: Line 1:
-=====HPC0=====+=====HPC 1=====
  
 ====August 31, 2015==== ====August 31, 2015====
Line 21: Line 21:
  
 Currently i have been thinking of projects that i can combine with my other existing courses to help save time and effort. The main class i have in mind is datacomm. Matt's guidelines were that the project had to have some sort of inspection and processing of data from a source. My first idea was to use wireshark & snort to filter local area network traffic and identify a specific pattern of packets in conjunction with a specific attack type. I am currently thinking of using ARP spoofing as the pattern i want to detect. This is for two reasons. first and foremost ARP spoofing is an extremely simple yet effective attack that works on a LAN level only. Being able to avoid this easy attack on your local area network can save many headaches. Secondly ARP packets are extremely unique in comparison to others. This would allow for very easy filtering and capture of these packets only.  Currently i have been thinking of projects that i can combine with my other existing courses to help save time and effort. The main class i have in mind is datacomm. Matt's guidelines were that the project had to have some sort of inspection and processing of data from a source. My first idea was to use wireshark & snort to filter local area network traffic and identify a specific pattern of packets in conjunction with a specific attack type. I am currently thinking of using ARP spoofing as the pattern i want to detect. This is for two reasons. first and foremost ARP spoofing is an extremely simple yet effective attack that works on a LAN level only. Being able to avoid this easy attack on your local area network can save many headaches. Secondly ARP packets are extremely unique in comparison to others. This would allow for very easy filtering and capture of these packets only. 
 +
 +====October 5, 2015====
 +
 +My arp spoofing project is under way! Currently I have two Windows 10 virtual machines set up and running cain and able. This is the program I will be using to do the ARP spoofing attacks. I have been looking into Linux options for ARP spoofing as well as creating my own programs to do this. For now this is the quickest option. The next step will be to set up a service that is vulnerable to ARP spoofing to demonstrate its uses. For this i have been considering an apache web server using http instead of https. This would allow me to see if the spoofing actually worked to capture the unencrypted traffic sent between the web server and the spoofed host. to capture this traffic i will use wireshark. This will give me a pcap format file to sift through and find arp packets. From there i will creat a script that can take in a MAC address and search for arp packets that match the address. As i write this i am thinking of issues with this and maybe i need to do some more brainstorming and testing. BLAGHHH.
 =====Data Structures===== =====Data Structures=====
  
Line 421: Line 425:
 </code> </code>
  
 +====October 5, 2015====
 +#include "list.h"
 +<code c>
 +//////////////////////////////////////////////////////////////////////
 +//
 +//   insert() - add a new node to the given list before the node
 +//              at the indicated place. insert() needs to manage
 +//              the necessary connections pointers) to maintain list
 +//              integrity, along with ensuring the start and end
 +//              indicators of the list remain relevant and up-to-date.
 +//
 +//    behavior: on a NULL list- allocate a list and proceed
 +//              on a NULL newNode- return list as is
 +//
 +//        note: you are expected to make use of the getpos() and
 +//              setpos() functions to aid you in accomplishing this
 +//              task. Don't needlessly reinvent the wheel.
 +//
 +//              as with the other functions, you may use no more
 +//              than one return() statement per function.
 +//
 +List *insert(List *myList, Node *place, Node *newNode)
 +{
 +        if(myList == NULL) { //check if list is NULL
 +                myList = mklist(); //make new list
 +        }
 +        if(newNode != NULL) { //checks if newNode is not NULL
 +                if(myList -> first == NULL || myList -> last == NULL) { //checks beginning and end
 +                        myList -> first = newNode;
 +                        myList -> last = newNode;
 +                } else {
 +                        int pos = getpos(myList, place);
 +                        if(pos == 0) {
 +                                myList -> first = newNode;
 +                        } else {
 +                                Node *before = setpos(myList, pos - 1); //set pos
 +                                before -> after = newNode;
 +                        }
 +                        newNode -> after = place;
 +                }
 +        }
 +        //returns
 +        return(myList);
 +}
 +
 +// Author: Dan Shadeck
 +// 09/29/2015
 +// Data Structures
 +</code>
 +
 +<code c>
 +#include <stdio.h>
 +#include "list.h"
 +
 +//////////////////////////////////////////////////////////////////////
 +//
 +// displayf() - display the list in a specified orientation, also
 +//              with or without positional values (as indicated
 +//              by the mode parameter).
 +//
 +//       modes: 0 display the list forward, no positional values
 +//              1 display the list forward, with positional values
 +//     
 +//        note: positional values are indexed starting from 0
 +//     
 +//    behavior: on a NULL list, output "NULL"
 +//              on an EMPTY list, output "-> NULL"
 +//              on error (invalid mode): MOD by 2 and do the result
 +//                 (or the logical equivalent)
 +//
 +//      format: output is to be on a single line, with node values
 +//              space-padded. and separated by "->" sequences, flush
 +//              against the left margin, of the forms:
 +//
 +// for forward:   val0 -> val1 -> val2 -> ... -> valN-1 -> valN -> NULL
 +//
 +//              or, if being displayed with node positions:
 +//
 +// for forward: [0] val0 -> [1] val1 -> ... -> [N-1] valN-1 -> [N] valN -> NULL
 +//
 +//        note: ALL output ends with a newline character
 +//
 +void displayf(List *myList, int mode)
 +{
 +        if(myList == NULL) {
 +                printf("NULL\n");
 +        } else if (mode==0){
 +                Node *tmp = myList -> first;
 +                char ran = 'f';
 +                while (tmp != NULL){
 +                        ran = 't';
 +                        printf ("%hhd -> ", tmp -> info);
 +                        tmp = tmp -> after; // getting the next value
 +                }
 +                if(ran == 't') {
 +                        printf("NULL\n");
 +                } else {
 +                        printf("-> NULL\n");
 +                }
 +        } else if (mode==1){
 +                Node *tmp = myList -> first;
 +                int count = 0;
 +                char ran = 'f';
 +                while (tmp != NULL){
 +                        ran = 't';
 +                        printf ("[%d] %hhd -> ", count, tmp -> info);
 +                        tmp = tmp -> after; //getting the next value
 +                        count++;        //incr count to give us node position 
 +                }
 +                if(ran == 't') {
 +                        printf("NULL\n");
 +                } else {
 +                        printf("-> NULL\n");
 +                }
 +        }
 +}
 +
 +// this is displaying the list with or with out position values
 +
 +// Author: Dan Shadeck
 +// 09/29/2015
 +// Data Structures
 +
 +</code>
 +
 +<code c>
 +//////////////////////////////////////////////////////////////////////
 +//
 +// getpos() - a list library utility function to identify the actual
 +//            position of a given node in an indicated list.
 +//
 +//      note: Indexing of the list starts from 0
 +//
 +//  behavior: on error (NULL list or given node), return negative
 +//            value (-1), on out-of-bounds condition, return -2
 +//
 +//            you are to have only ONE return statement for this
 +//            entire function. Change the existing one as needed.
 +//
 +int getpos(List *myList, Node *given)
 +{
 +    int count = 0;
 +        char broke = 'f';
 +        if(myList == NULL || given == NULL) { //checks if both list and given are NULL
 +                count = -1;
 +        } else {
 +                Node *tmp = myList -> first;
 +        while (tmp != NULL){
 +                if (tmp == given){
 +                broke = 't';
 +                break;
 +                }
 +                tmp = tmp -> after; //getting the next value
 +                count++;    //incr count to give us node position 
 +        }
 +        }
 +    if(broke == 'f' && count != -1) {// checks if loop broke
 +                count = -2;
 +        }
 +        return(count);
 +}
 +
 +//////////////////////////////////////////////////////////////////////
 +//
 +// setpos() - a list library utility function to set a node pointer
 +//            to the node at the indicated position of a list.
 +//
 +//      note: Indexing of the list starts from 0
 +//
 +//  behavior: on error (NULL list or negative/out-of-bounds pos),
 +//            return NULL.
 +//
 +//            you are to have only ONE return statement for this
 +//            entire function. Change the existing one as needed.
 +//
 +Node *setpos(List *myList, int pos)
 +{
 +        //returning node variable
 +        Node *node = NULL;
 +        if(myList != NULL && pos >= 0) { //checking if list is null and pos index
 +                Node *tmp = myList -> first;
 +                int counter = 0;
 +                while(tmp != NULL) {//while loop; checks tmp not NULL
 +                        if(counter == pos) {
 +                                node = tmp;
 +                                break;
 +                        }
 +                        tmp = tmp -> after;
 +                        counter++;
 +                }
 +        }
 +        //returns
 +        return(node);
 +}
 +
 +// Author: Dan Shadeck
 +// 09/29/2015
 +// Data Structures
 +
 +</code>
 +
 +<code c>
 +#include "list.h"
 +
 +//////////////////////////////////////////////////////////////////////
 +//
 +// mklist() - a list library function to allocate and initialize a 
 +//            new list.
 +//
 +//  behavior: on error, return NULL.
 +//
 +//      note: you are to have only ONE return statement for this
 +//            entire function. Change the existing one as needed.
 +//
 +List *mklist(void)
 +{
 +        List *newlist = (List *) malloc(sizeof(List)); //allocating mem 
 +
 +        return(newlist);  
 +
 +}
 +
 +// extra comment just to be clear that this is a list library function to allocate and initialize a new list
 +
 +// Author: Daniel Shadeck
 +// 9/29/2015
 +// Data Structures
 +
 +</code>
 =====Data Communications===== =====Data Communications=====
  
Line 772: Line 1005:
  
 </code> </code>
 +
 +====September 28, 2015====
 +Brian and i have been working on using gd to create a better graph for the signal strength info we collect from the packets. here is what we have so far.
 +
 +<code c>
 +
 +                // gcc -o read read.c -lgd
 +// http://www.boutell.com/gd/manual2.0.33.html
 +#include <stdio.h>
 +#include <stdlib.h>
 +#include <time.h>
 +#include <gd.h>
 +
 +int main()
 +{
 +        FILE *fptr;
 +        gdImagePtr img;
 +        gdPoint points[2000];
 +        unsigned char byte;
 +        unsigned char chksum = 0;
 +        unsigned char chksumchk = 0;
 +        unsigned short int msglen = 0;
 +        unsigned short int imsglen = 0;
 +        unsigned char time_sec = 0;
 +        unsigned short int sub_sec = 0;
 +        unsigned char seq_num = 0;
 +        unsigned char dtype = 0;
 +        unsigned char *dblock;
 +        char pktflag = -1;
 +        int  i       = 0;
 +        int  j       = 0;
 +        int  num     = 0;
 +        int  invalid = 0;
 +        int  valid = 0;
 +        int  total = 0;
 +        time_t mytime = 0;
 +        unsigned int  tmp   = 0;
 +        unsigned int color[3];
 +
 +        struct tm *pkt_time;
 +
 +        fptr = fopen ("sleep.data", "r");
 +
 +        img = gdImageCreateTrueColor(2000, 50);
 +
 +        byte = fgetc(fptr);
 +        while (!feof(fptr))
 +        {
 +                if (pktflag  == -1) // not currently processing a data packet
 +                {
 +                        if (byte == 0x41)
 +                        {
 +                                pktflag = 0;
 +                        }
 +                }
 +                else if (pktflag == 0) // check for 2nd byte of packet
 +                {
 +                        if (byte == 0x34)
 +                        {
 +                                pktflag = 1;
 +                        }
 +                        else
 +                                pktflag = -1;
 +                }
 +                else if (pktflag == 1) // store checksum byte
 +                {
 +                        pktflag = 2;
 +                        chksum  = byte;
 +                }
 +                else if (pktflag == 2) // store msglen bytes
 +                {
 +         pktflag=3;                                                                                                                                                                                                [74/432]
 +                        msglen  = byte;
 +                        byte    = fgetc(fptr);
 +                        msglen  = msglen | (unsigned short int)byte << 8;
 +                }
 +                else if (pktflag == 3) // store inverse msglen bytes
 +                {
 +                        imsglen = byte;
 +                        byte    = fgetc(fptr);
 +                        imsglen = imsglen | (unsigned short int)byte << 8;
 +                        if ((msglen & imsglen) == 0)
 +                                pktflag = 4;
 +                        else
 +                                pktflag = -1;
 +                }
 +                else if (pktflag == 4)
 +                {
 +                        time_sec = byte;
 +                        pktflag = 5;
 +                }
 +                else if (pktflag == 5)
 +                {
 +                        pktflag = 6;
 +                        sub_sec = byte;
 +                        byte    = fgetc(fptr);
 +                        sub_sec = sub_sec | (unsigned short int)byte << 8;
 +                }
 +                else if (pktflag == 6)
 +                {
 +                        seq_num = byte;
 +                        pktflag = 7;
 +                }
 +                else if (pktflag == 7)
 +                {
 +                        dtype      = byte;
 +                        chksumchk  = dtype;
 +
 +                        dblock     = (unsigned char *) malloc (sizeof(char) * (msglen - 1));
 +                        for(i=0; i<  (msglen-1); i++)
 +                        {
 +                                (*(dblock+i))  = fgetc(fptr);
 +                                chksumchk      = chksumchk + (*(dblock+i));
 +                        }
 +
 +                        if (chksum == chksumchk) // we have a valid packet
 +                        {
 +                                fprintf(stdout, "[%.4d] chksum: %.2x msglen: %.4x time_sec: %.2x dtype: ", total, chksum, msglen, time_sec);
 +                                switch (dtype)
 +                                {
 +                                        case 0x03:
 +                                                fprintf(stdout, "version   ");
 +                                                tmp = (*(dblock+0));
 +                                                tmp = tmp | (unsigned int)(*(dblock+1)) << 8;
 +                                                tmp = tmp | (unsigned int)(*(dblock+2)) << 16;
 +                                                tmp = tmp | (unsigned int)(*(dblock+3)) << 24;
 +                                                fprintf(stdout, "%u", tmp);
 +                                                break;
 +
 +                                        case 0x80:
 +                                                fprintf(stdout, "brainwave ");
 +                                                break;
 +
 +                                        case 0x84:
 +                                                fprintf(stdout, "signal    %d/30", (*dblock));
 +                                                points[num].x = num;
 +                                                points[num].y = ((*dblock) - 30) * -1;
 +                                                num++;
 +                                                break;
 +
 +                                        case 0x8a:
 +                                                fprintf(stdout, "timestamp ");
 +                                                tmp = (*(dblock+0));
 +                                                tmp = tmp | (unsigned int)(*(dblock+1)) << 8;
 +                                                tmp = tmp | (unsigned int)(*(dblock+2)) << 16;
 +                                                tmp = tmp | (unsigned int)(*(dblock+3)) << 24;
 +
 +                                                tmp = tmp | (unsigned int)(*(dblock+3)) << 24;
 +                                                mytime = tmp;
 +                                                pkt_time = localtime(&mytime);
 +                                                fprintf(stdout, "%.4d/%.2d/%.2d %.2d:%.2d:%.2d",
 +                                                                                     pkt_time -> tm_year + 1900,
 +                                                                                                                         pkt_time -> tm_mon + 1,
 +                                                                                     pkt_time -> tm_mday,
 +                                                                                                                         pkt_time -> tm_hour,
 +                                                                                                                         pkt_time -> tm_min,
 +                                                                                                                         pkt_time -> tm_sec);
 +                                                break;
 +
 +                                        default:
 +                                                fprintf(stdout, "%-9.2x ", dtype);
 +                                                fprintf(stdout, "\n\t data: ");
 +                                                j = -1;
 +                                                for(i=(msglen-2); i>=0; i--)
 +                                                {
 +                                                        if (j == 15)
 +                                                        {
 +                                                                fprintf(stdout, "\n\t       ");
 +                                                                j = 0;
 +                                                        }
 +                                                        else
 +                                                                j++;
 +
 +                                                        fprintf(stdout, "%.2x ", (*(dblock+i)));
 +                                                }
 +                                                break;
 +                                }
 +
 +                                fprintf(stdout, "\n");
 +                                valid++;
 +                        }
 +                        else
 +                        {
 +                                fprintf(stdout, "ERROR! Checksums do not match! [%.2hhx:%.2hhx]\n", chksum, chksumchk);
 +                                invalid++;
 +                        }
 +
 +                        total++;
 +                        pktflag  = -1;
 +                }
 +
 +                byte = fgetc(fptr);
 +//              fprintf(stdout, "We read: %.2hhX\n", byte);
 +        }
 +
 +        fprintf(stdout, "Valid: %d\tInvalid: %d\tTotal: %d\n", valid, invalid, total);
 +        fclose(fptr);
 +
 + #define BLACK 0
 +    #define WHITE 1
 +    #define RED   2
 +
 +    color[BLACK] = gdImageColorAllocate(img, 0, 0, 0);
 +    color[WHITE] = gdImageColorAllocate(img, 255, 255, 255);
 +    color[RED] = gdImageColorAllocate(img, 0, 255, 0);
 +
 +    gdImageFilledRectangle(img,0, 0, num+1999, 499, color[BLACK]);
 +    gdImageRectangle(img, 50, 5, num+1994, 444, color[WHITE]);
 +
 +    for(i = 0; i < num; i++)
 +    {
 +       gdImageLine(img, points[i].x+50, points[i].y+400, points[i].x+50, points[i].y+410, color[RED])    ;
 +    }
 +
 +    fptr = fopen("chart.png", "wb");
 +    gdImagePngEx(img, fptr, -1);
 +    fclose(fptr);
 +    gdImageDestroy(img);
 +
 +    return(0);                                                                                                                                                                                               
 +}
 +
 +</code>
 +
 +====October 5, 2015====
 +
 +Lets hope that today we have a break through on the chart.
blog/fall2015/dshadeck/journal.1443533776.txt.gz · Last modified: 2015/09/29 13:36 by dshadeck

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki