Untitled Quiz

Questions and Answers

What does HMAC stand for?

Hash-based Message Authentication Code (correct)

Hashing Machine Algorithm Code

High-level Message Authentication Code

High-speed Message Authentication Code

What is a good hash function characterized by?

Collision resistant, preimage resistant, second preimage resistant

What does the Merkle-Damgard construction involve?

s_i+1 = f(s_i, B_i)

A length extension attack allows for the computation of a hash for a longer message given the hash of a shorter message.

True

What is Bleichenbacher's Attack related to?

Forging RSA signatures

What does integrity refer to in the context of data?

The idea that a message has not been altered

What is SQL injection?

Adding SQL statements into an entry field

What does CSRF stand for?

Cross-Site Request Forgery

What is XSS?

Cross-Site Scripting

What is the same origin policy?

A web browser security measure that restricts how a document or script can interact with resources from another origin.

What type of cipher is the Vigenere Cipher?

Repetitive Caesar ciphers

What is a rainbow table?

A speed and memory efficient structure for cracking hashed passwords.

What does TCP stand for?

Transmission Control Protocol

What does UDP stand for?

User Datagram Protocol

What is aircrack-ng?

A tool that cracks wireless passwords.

What does airodump-ng do?

Captures wireless network traffic.

What is nmap used for?

Network exploration and port scanning.

What does tcpdump do?

Captures network traffic.

What is Wireshark?

A graphical network traffic analysis tool.

What does the command 'ssh' do?

Allows logging into servers remotely.

What does SCP stand for?

Secure Copy Protocol

How do you break into a wireless network?

Use airodump-ng to capture the 4-way handshake, then use aircrack-ng to crack the WiFi password.

How do you find a server on a wireless network and gain access?

Use nmap to find hosts and open ports, then use hydra to crack the SSH password.

What command is used to disassemble a function in GDB?

disas

What does ebp stand for?

Base Pointer

What does esp stand for?

Stack Pointer

What does eip stand for?

Instruction Pointer

What does a stack frame contain?

Arguments, return address, previous base pointer, local variables, esp

What does ASLR stand for?

Address Space Layout Randomization

Study Notes

HMAC

• Pseudo-random function combining a key and a message hash for authentication.
• Structure: H((key) || H((key) || message)).
• Provides integrity and authentication through an outer hash that masks an inner hash.

Good Hash Function

• Collision Resistant: Difficulty in finding two different inputs with the same hash output.
• Preimage Resistant: Challenging to reverse-engineer an input given its hash.
• Second Preimage Resistant: Given a specific input, finding a different input with the same hash output is hard.

Merkle-Damgård Construction

• Sequential block chaining is executed as: s_i+1 = f(s_i, B_i).
• Each computational step incorporates the previous state, allowing blocks to be added iteratively.

Length Extension Attack

• Given a hash of a message, it's possible to compute the hash for a longer message without knowing the original content.

Bleichenbacher's Attack

• RSA padding adds complexity to signature forgery.
• Involves a specific format with a specified number of FF bytes to be validated.
• If failure to validate these bytes occurs, "garbage" bytes can facilitate forgery under certain conditions.

Integrity

• The assurance that a message remains unchanged during transmission or at rest.

SQL Injection

• The insertion of malicious SQL statements into input fields can compromise database integrity.
• Prepared statements are a primary defense against this vulnerability.

CSRF (Cross Site Request Forgery)

• Attack tricking users into sending requests without their knowledge to a different site.
• Implemented defense uses anti-CSRF tokens (csrf_token).

XSS (Cross Site Scripting)

• Injection of malicious JavaScript into a web application.
• Defense requires proper data sanitization before processing.

Same Origin Policy

• Security measure that restricts how documents or scripts from different origins can interact.
• Scripts from one web page can only access data from another if they share the same origin.

Vigenère Cipher

• A method utilizing repetitive Caesar ciphers based on keyword sequences.
• Breakable by analyzing repeating sequences and using letter frequency analysis to determine shifts.

Rainbow Table

• Efficient structure for cracking hashed passwords by storing initial and final hashes only.
• Utilizes reduction functions to transform hashes into new passwords sequentially.

TCP (Transmission Control Protocol)

• Reliable protocol ensuring ordered and error-checked data transmission.
• Generally slower than UDP due to its reliability mechanisms.

UDP (User Datagram Protocol)

• Connectionless protocol allowing faster data transmission without guaranteed delivery.
• Lacks error recovery, making it less reliable than TCP.

Aircrack-ng

• Toolset designed to crack wireless network passwords.

Aireplay-ng

• Utility for injecting wireless packets, capable of replaying captured packets and deauthenticating clients.

Airodump-ng

• Captures and dumps wireless network traffic, allowing packet filtering by specific targets.

Nmap

• Network exploration and port scanning tool to identify hosts, detect open ports, and potentially ascertain software versions.

Tcpdump

• Command-line network traffic analysis tool that captures packets for saving to a file.

Wireshark

• Graphical interface for analyzing captured network traffic from tools like Tcpdump.

SSH (Secure Shell)

• Protocol for secure remote server logins.

SCP (Secure Copy)

• Means of securely copying files between systems over an SSH connection.

Breaking into Wireless Network

• Capturing a four-way handshake via airodump-ng to utilize with aircrack-ng for password recovery.

Gaining Server Access on Wireless Network

• Employing nmap to discover hosts and open ports; using Hydra for SSH password cracking to gain entry.

GDB Commands

• Disassemble functions using disas.
• Memory examination can be done through commands like x/ (e.g., x/1wx $ebp).

EBP (Base Pointer)

• Stores the previous base pointer and points to local variables within the current stack frame.

ESP (Stack Pointer)

• Indicates the end of the current stack, managing stack operations.

EIP (Instruction Pointer)

• Points to the next instruction to execute in the program's instruction sequence.

Stack Frame

• Contains arguments, return addresses, previous base pointer, local variables, and is managed by the stack pointer.

ASLR (Address Space Layout Randomization)

• Security technique that randomizes the memory address space of a process to enhance security against memory corruption attacks.