Professional Documents
Culture Documents
21/03/2015
0 Ranking
It was discussed, that the attendees should be ranked differently, and it is thought that there should be
more workshop supervisors, hence, the need for Ranking.
The idea in short is as follows:
1. Each ranked task will be given a rank point, e.g. thinking of a small project idea: 1 rank point
2. Each attendee will be given an equal start, so everyone will start from 0 rank.
3. Upon completion of a ranked task, the attendee will have its points added to their rank.
4. There will be two main thresholds, supervisor level and reluctant level. These will vary with
time.
5. The attendees above supervisor level (s-level) will be supervisors and will be given the
materials earlier to prepare and assist in workshop supervision.
6. The attendees below reluctant level (r-level) will be considered reluctant to attend, how these
will be dealt with, at the time, will not be specified right now.
7. Attendance will be given a 1 rank point (increased over time), those who cannot attend
would have to prove that they did the work at home to gain the rank point.
8. All attendees part of the SRG will be called Neo Hackers or Neo for short.
1 Projects Discussed
Last time, it was required that each Neo gets an idea ready and starts working on it, here are the results:
1. First idea was Hoss's: GoogleTranslating through python's header request/response. Problems
with JSON.
2. Similar ideas were the 2H ideas: Logging onto facebook, automatic-likes, automatic-comments
using header requests and responses. They worked on it for quite a while! But they still have
problems with the cookies and secure requests.
3. Salv had a similar idea: Logging onto facebook, automatic-picture downloads using header
requests and responses. She said that there were no results.
4. AKG had a similar idea to that: Automatic-file downloads of a list of links using header
requests and responses. He said he did not work on his idea.
5. Ged and RWF had radical ideas: Cyber-Physical Security system models, building a bank
1/7
PUA SRG
21/03/2015
model and simulating attacks/defences. While this is a bit out-of-scope, interfacing with arduino
through python or using ethernet simulation is very possible. They did not work on their ideas.
Also suggested virus wars for a class activity.
6. RedHawk did a little research and found Python Generator Hacking presentation, it was a
very nice presentation but unfortunately not directly security-related. Generator functions
though are a great tool to look into.
All in all, it seems that most Neo's are too busy with their curricular activities to care enough to work
through any security-related project. Hence, it is suggested to avoid giving out homework/assignments.
Rather, in-class evaluation is preferred.
Description
The family of protocols that will be used as the transport mechanism. These values are
domain
constants such as AF_INET, PF_INET, PF_UNIX, PF_X25, and so on.
The type of communications between the two endpoints, typically SOCK_STREAM for
type
connection-oriented protocols and SOCK_DGRAM for connectionless protocols.
Typically zero, this may be used to identify a variant of a protocol within a domain and
protocol
type.
The identifier of a network interface:
hostname
port
PUA SRG
21/03/2015
Description
s.recv()
s.send()
s.recvfrom()
s.sendto()
s.close()
socket.gethostname()
3/7
PUA SRG
21/03/2015
A Simple Server
To write Internet servers, we use the socket function available in socket module to create a socket
object. A socket object is then used to call other functions to setup a socket server.
Now call bind(hostname, port) function to specify a port for your service on the given host.
Next, call the accept method of the returned object. This method waits until a client connects to the port
you specified, and then returns a connection object that represents the connection to that client.
#!/usr/bin/python
import socket
s = socket.socket()
host = socket.gethostname()
port = 12345
s.bind((host, port))
#
#
#
#
s.listen(5)
# Now wait for client connection.
while True:
c, addr = s.accept()
# Establish connection with client.
print 'Got connection from', addr
c.send('Thank you for connecting'.encode())
c.close()
# Close the connection
A Simple Client
Now we will write a very simple client program which will open a connection to a given port 12345
and given host. This is very simple to create a socket client using Python's socket module function.
The socket.connect(hosname, port ) opens a TCP connection to hostname on the port. Once you have
a socket open, you can read from it like any IO object. When done, remember to close it, as you would
close a file.
The following code is a very simple client that connects to a given host and port, reads any available
data from the socket, and then exits:
#!/usr/bin/python
import socket
s = socket.socket()
# Create a socket object
host = socket.gethostname() # Get local machine name, or use an ip address
port = 12345
# Reserve a port for your service.
s.connect((host, port))
print(s.recv(1024))
s.close
4/7
PUA SRG
21/03/2015
Now run this server.py in background and then run above client.py to see the result.
# Following would start a server in background.
$ python server.py &
# Once server is started run client as follows:
$ python client.py
Sources:
http://www.tutorialspoint.com/python/python_networking.htm
https://docs.python.org/3/library/socket.html
https://docs.python.org/3/library/socketserver.html
5/7
PUA SRG
21/03/2015
Project Ideas
Implemented: Simplistic Walkie-Talkie-Style Chat Server/Client, Echo Server/Client, Calculator
Server/Client
Chat Server
#!/usr/bin/python
# This is server.py file
import socket
# Import socket module
s = socket.socket()
# Create a socket object
host = "192.168.0.111"
# Get local machine name
port = 12345
# Reserve a port for your service.
s.bind((host, port))
# Bind to the port
print("host is",host)
s.listen(5)
# Now wait for client connection.
while True:
c, addr = s.accept()
# Establish connection with client.
print('Got connection from', addr)
mymsg=""
while mymsg!="kill":
mymsg=input("Master SMK:")
if mymsg=="kill":
c.send("Get The Hell Out!".encode())
else:
c.send(mymsg.encode())
print(addr,":",c.recv(1024).decode())
c.close()
# Close the connection
Chat Client
#!/usr/bin/python3
# This is client.py file
import socket
# Import socket module
s = socket.socket()
# Create a socket object
host = 'localhost'
# Get local machine name
port = 12345
# Reserve a port for your service.
host = "192.168.0."+input("Server:")
s.connect((host, port))
while True:
print(host,":",s.recv(1024).decode())
s.send(input("Master SMK:").encode())
s.close
# Close the socket when done
6/7
3 Time Line
A proposed timeline of the session titles (each are detailed in a separate file called Meeting N).
Initiate Intro to Http
Intro to Http
PUA
Python Headers Servers Server
SRG
(Code) (Web) (Net)
(Web)
Break
Break
XSS
(Sec)
TBA
Exploit Tools
(Sec)
(Sec)
Summer Plans
and Research
Week 1
10
11
12
13
14
Meeting 0
10
Topic
Details
Clearly defining the objectives and goals of PUA SRG and matching them with the attendees'.
Code
Introduction to Python
An introduction to the python programming language which is a wealthy skill/tool in the field.
Web
Http Headers
Introducing HTTP Headers, their usage, how to manipulate them and the consequences.
Net
Introduction to Servers
Introducing ip addresses, ports, sockets, servers and clients. How to make simple servers/clients.
Web
Http Server
Building a simple Web server, a simple anatomy of what a web server consists of.
Introducing the XSS attack, demonstrating with examples how serious can these attacks be.
Security Exploit
Implementing a number of exploits over the python web servers to understand vulnerabilities.
Security Tools
TBA
To Be Announced
TBA
Another required meeting with votes, assessing what has been learned, how to proceed and
introducing a few research tips to start simple research in the field.