CS3235 - Laboratory #1 for Aug 29th, 2014 This laboratory1 should be done individually, or in a group of (at most) 2. 1 Getting started in the lab You should have already been emailed a usercode for the labs. The usercode is something like csXX. The Linux systems in the labs all run FC14 linux (short for Fedora Core 14 Linux), and once they are switched on, you will have to log in to them to use the OS. A login box will be displayed, and you may select Other, and then give your username and your password: login: csXX Password: csXX (the password is not displayed when you type it) The very first time, login as csXX, with password csXX. When the login procedure is completed you should see the GUI, and be able to select programs from the menus and run them. It is common on UNIX systems to use a terminal window, and to type in commands, so we begin by putting the terminal icon somewhere easily accessable. Select Applications/SystemTools/Terminal, and either drag the icon to the top bar, or right-click on it and select “Add launcher to panel”. You should now see the terminal icon on the top bar on the screen, and you can open up a terminal window by clicking on the icon. Then use the yppasswd command to immediately change the login password to something else: $ yppasswd Changing NIS account information for csXX on cdr2.comp.nus.edu.sg Please enter old password: Changing NIS account for csXX on cdr2.comp.nus.edu.sg Please enter new password: Please retype new password: The NIS password has been changed on cdr2.comp.nus.edu.sg $ If you later forget this login password, ask Chan Tim Fook ([email protected]) to reset your password. The password which you type is not echoed. Make sure you type it correctly (it asks you twice). Check that the password is OK, by logging out, and then logging back in again. 1 Adapted from Stephane Werner’s (NUS) lab... 1 1.1 Logging out When you have finished your lab session you must log out from the system. It is normal to just leave the machines going, and NOT to shut down the OS: select System/Log Out. 1.2 Some points... The lab machines are on a private network, so it is not possible to connect to them from the outside. However, from the lab machines, you can connect to the outside. To transfer your files elsewhere, eg. for backup, printing, etc., one easy way is to use a thumb drive. If you plug in a thumb drive, after a while, an icon should appear on the desktop. You can drag and drop files to and from the thumb drive. When you are finished with the thumb drive, right-click on it, and select Unmount. This is much safer than just pulling the thumb drive out of the PC. It is a good idea to backup your work. The following points are to be noted for Unix in general and also Linux: 1. Unix is case sensitive. Most commands are lowercase. 2. Unlike Windows, Unix has no drive letters (A: B: C:). Everything is in some directory, starting at / (the “root” directory). 3. Unix uses forward slash (/) to separate directory names, while Windows uses backslash (\). 4. The * wildcard is treated uniformly by Unix shells. In Windows, * works differently for different programs. 5. It is worthwhile to look first at the manual page of a command: man man 2 Orientation - laboratory 1 Today we have a case study of the Windows Scripting Encoder. Even simple encryption schemes still find use today! In particular, we will investigate a slightly simplified version of the Windows Scripting Encoder, provided by Microsoft a few years ago to “encrypt” the program code of programs running on webservers. The scripting engine itself could decode and execute the program code, but it looks encrypted to anyone else. The motivation behind the Scripting Encoder was to prevent an attacker who illegally downloaded these programs from gaining any information about how the program works. Quite often programs written from the web also contain passwords for database servers hidden among the program code. The Scripting Encoder’s aim was to hide these from an attacker. In this tutorial, your goal is to investigate how the encoder works and to recover such a password! This password will enable you to change your grade for this tutorial to whatever you wish :). • Familiarize yourself with the environment: – Firstly, open a terminal window on the laboratory machine. 2 – In your home directory on the laboratory machine, create some test data files to be encrypted. Each file can have a small amount of text in it (sample passwords in, say, sample1.txt, sample2.txt...). – You can look at your file(s) by using the terminal window and running “cat sample1.txt” – Use the supplied wse program to encrypt the test message “wse < sample1.txt” or “wse < sample1.txt > sample1.encoded”. – Alternatively, you can just enter in strings directly from the console window “wse”. • Get the password file: – The password for the cs3235 administrator has been found by harriet-the-hacker in a wseencrypted file. – You can get it by using “wget http://hugh.comp.nus.edu.sg/cs3235/lab1/adminpassword” – Look at the password file by typing “cat adminpassword”. You will recognize it as a wse-encrypted version of the password. • Open the web browser and go to http://hugh.comp.nus.edu.sg/cs3235/lab1/grades.php to see your current gradings for this tutorial. You will notice that if you can discover the admin password, you can input your grade through the web page. • Your goal now is to figure out how the encoding works so you can learn the password! – During the lecture, we discussed a few possible attacks against encryption systems. – Think about the chosen ciphertext and chosen plaintext attacks. Perhaps one of them would be helpful to you here. – Now it’s time to investigate! You can try to encrypt as many messages as you want by running the “wse” program. • Add your desired grade at http://hugh.comp.nus.edu.sg/cs3235/lab1/grades.php. You can do this once you know the password. If not, I will determine your grade myself... When you leave, just log out. Please do not turn the computer off. 3 Self assessment When you are finished, ask yourself if you can answer these questions: 1. What is the technical term for the wse cipher? 2. What is the difference between a chosen ciphertext attack, and a chosen plaintext attack? 3. Which of the above attacks did you just use? 3