Daily Weblog 11/21/17

Today, I oversaw the Debian 9 installation on the hacked Aries server. I also helped teach Bri about the process, and about some basic sysadmin functions, including DNS servers. I think I'm going to put together a guide on IPNetMonitorX for her, to try and share some of my knowledge of hacking (and maybe Kali, too).

0 comments

Daily Weblog 11/20/17

Today, I took apart one of the MacBook chargers of the same type as the one that caught fire. This one was not defective, but they are all being replaced, and with a normal model as a control, it will be easier to determine what exactly caused the problem that led to an electrical fire in the other charger (which Brianna dismantled with my help).

Once we are finished using this for research, I'm going to further dismantle it for parts, especially the AC/DC converter piece and the fun-looking giant capacitors. Maybe I'll need some sort of Franken-charger in the future!



0 comments

Weekly Weblog 11/18/17

This week we had only 2 classes. I did not have time to do any work on my actual project; the only thing that ended up happening was setup in the Space Classroom.

0 comments

Daily Weblog 11/17/17

Today, Dr. Bill talked about HI-SEAS and other developments, including that he is buying a ninth drone, all class. I did not have time to do any project work.

0 comments

Supplemental Weblog 11/16/17

http://osxdaily.com/2012/05/03/mac-security-camera-watch-live-video-remotely-from-ipad-iphone/ details how the PrinterCam will be set up to monitor the Ultimaker (and maybe the laser cutter too) via FaceTime.

0 comments

Daily Weblog 11/14/17

Today, I put up posters in the conference room, now the Space Classroom. I also started updating the firmware on the laser cutters; since there are no Windows 10 machines in the Energy Lab with disk drives, that was somewhat difficult.

0 comments

Weekly Weblog 11/11/17

This week, I worked on different projects - I both executed an attack (which partially worked; I am still not certain why the password transmitted over HTTP was not visible) and set up the laser cutter ventilation system and a computer to handle the firmware and input. Next week, I'll laser cut a test pattern and redo the attack with more knowledge about Wireshark and Ettercap.

0 comments

Daily Weblog 11/9/17

Today, we set up the laser cutter ventilation system. It will be ready to cut things as soon as Dr. Bill sets up Parallels on the computer there (which will be used to run both the lasers and the 3D printer). In the meantime, I'll determine what software is needed to design the laser cut plans - the plan is for the first engraving to be a thank-you message to the donor that made the lasers available to the Elab.



0 comments

Daily Weblog 11/8/17

Today, I searched the Wireshark output of the ARP hack. It does not appear to have captured the password (although it did contain the username and session cookie). I am not sure why the password was not visible, as the connection was unencrypted; I'll need to try this hack again with more information. With the session cookie, however, a malicious user could log in as the target and perform any actions that did not require password input.

0 comments

Daily Weblog 11/14/17

Today, I executed an ARP cache poisoning attack against one of the Elab MacBooks. I followed this guide (https://null-byte.wonderhowto.com/how-to/spy-web-traffic-for-any-computers-your-network-intro-arp-poisoning-0131785/) but it seems to have been written for an older version of the tools. For the version of Kali that I was running, a few command had to be changed (and should be anyway - for future users, the Airmon tool is a much more elegant way of adjusting Wi-fi card settings than ifconfig/iwconfig). I captured a browing session in which I made a few Google searches and then visited the Honu server and logged in, and saved all the data. I am learning how to search through it for potential passwords, session cookies, etc. using Wireshark with this article (https://www.howtogeek.com/104278/how-to-use-wireshark-to-capture-filter-and-inspect-packets/).

0 comments

Weekly Weblog 11/4/17

This week focused mainly on presentations, as Dr. Bill wanted more plans for this quarter, and we had several visitors. I made some progress on the latest Kali hacks; I'll continue those next week. We are also converting the conference room into a Space Classroom, which should be fun.

0 comments

Daily Weblog 11/3/17

Today, I set up Firefox so that I can have the same bookmarks and sync pages between my Kali Linux partition and my OSX partition (I don't feel like dealing with Chromium today). The space squad also began setting up the conference room as a new Space Classroom. I spent the rest of the time presenting my projects to a group of visiting students from Punahou.

0 comments

Daily Weblog 11/1/17

Today, we just presented projects. Next class that has work time, the NASA Ames team will meet.

0 comments

Daily Weblog 10/31/17

Today, I researched the Krack WiFi Attack, and I will test it on the old MacBooks (which cannot receive the security update anyway) when the tools are released. I also looked in to the PRTG Network Monitoring Tools suite, which I would like to use (but only runs on Windows). I need to find an alternative that can run on OSX.

0 comments

Weekly Weblog 10/28/17

This week, we only had one class. I focused on my wearable hacker necklace, designing and printing a case for it - it is now complete. When plugged in to a Mac computer, it sets the volume to maximum and Rickrolls the target in a demonstration of the BadUSB vulnerability - in which the necklace pendant pretends to be a keyboard, then sends up to 10000 keystrokes per second, opening the Terminal and writing commands. And now, it looks awesome too!

0 comments

Daily Weblog 10/26/17

Today, I designed and printed a case for my Hacker Necklace. However, I misjudged the length of the Arduino (I was using online measurements for the wrong board), and ended up with a case that was one millimeter too short. Tomorrow, I will reprint the case (thankfully, it only takes 19 minutes).

UPDATE 10/27/17: I did the reprint and it fits perfectly.


0 comments

Weekly Weblog 10/21/17

This was a short week thanks to Parents Weekend, but I made progress on my several projects for the quarter: the hydroponics system is reenabled, olivergrayson.com uses Tabletop for dynamic content generation, and I expect the components for my hacker necklace by the end of next week. Next week, I'll continue on the outline I created on Monday.

0 comments

Daily Weblog 10/19/17

Today was the beginning of Parents' Weekend. We had an extremely short class, only long enough for everyone to explain their project, with a bit of extra time for Sameer and I to indulge in a little firebending for yearbook pictures (no Sameers were harmed in the making of these, though he lost a bit of arm hair).




0 comments

Daily Weblog 10/17/17

Today, I re-enabled the sensor system, though I did not have time to find the IP address. It didn't give its name ("raspberry pi" or somesuch) to my NMAP scan, so I'll probably have to just plug it in to a monitor next class. The Space Squad and I talked about a name for our project (we're still not completely sure, but we're thinking something Hawaiian), and I explained Lagrange points.

0 comments

Daily Weblog 10/16/17

Today, we went over our goals for Quarter 2. I seem to have ended up with five separate projects:
  1. Security and penetration testing (next steps: Duckuino and possibly ARP cache poisoning)
  2. Hydroponics sensors for the new setup
  3. Moonbase project continuation (and possibly the NASA Ames space colony building competition)
  4. Attendance project and integration with Daniel Mark and others' projects
  5. Generally helping people with their projects, especially Matt Pouchain with learning Python

0 comments