Zoom Logo

CCSO General Meeting - Shared screen with speaker view
Jameswell Zhang
29:52
ctf.cyberlions.io/
Cole Daubenspeck
34:15
https://venmo.com/code?user_id=2490316259065856496
Cara Schwartz
35:02
@cole what's your venmo user name?
Cole Daubenspeck
35:10
@Cole-Daubenspeck
Cara Schwartz
35:21
thanks
Giancarlo Mastrocola
35:51
Was the amount for dues stated?
Jameswell Zhang
36:02
$15 for the year
Cole Daubenspeck
36:18
^
Giancarlo Mastrocola
36:27
Thanks! Do you want like a certain title or name in the comment?
Cole Daubenspeck
36:45
https://docs.google.com/document/d/1fSCQ3otJ3PmavrxsavwbKr94aELV_lAPnlSdc1IwVmI/edit?usp=sharing
Cole Daubenspeck
37:04
Please put full name and PSU ID (e.g. xyz1234)
Petr Esakov
47:29
https://forms.gle/mbRGJi8mXxg78w789
Kareem Jelks
47:35
I arrived a little late, what about the Venmo payments?
Kareem Jelks
48:11
ok thanks
Eugene Ryoo
52:48
how will we get our credentials for the platform?
Eugene Ryoo
52:51
ok coo l
Cole Daubenspeck
58:13
Once I send the Venmo receipts I'll add you all to CTFd and you'll get an email when that happens
Cole Daubenspeck
01:06:25
If I sent you a receipt then you should now have a CTFd account. Check your PSU email for the initial credentials
Thomas Fryar
01:17:45
whats ur venmo cole
Petr Esakov
01:17:53
https://venmo.com/code?user_id=2490316259065856496
Petr Esakov
01:18:02
^This is coles venmo
Cole Daubenspeck
01:18:14
Name should be @Cole-Daubenspeck too
Thomas Fryar
01:18:27
cool thanks
Cara Schwartz
01:20:22
important to note hashes of the same type are always the same output length, regardless of what goes in
Cara Schwartz
01:22:13
whitespace also matters so a space at the end of ccso will change the hash
Jameswell Zhang
01:23:24
User1:$1$DD2Y0PAr$z3j1FN7E571DnTKRXCyOs.:18527:0:99999:7:::User2:$1$HMS6GUCd$lOnug1c9zvdWEOkP8KRJW1:18527:0:99999:7:::User3:$1$BjM/uHmV$H4.hU5ogL5muCbCxqFpBF.:18527:0:99999:7:::User4:$1$LSGd19IZ$DyC8aXVYPr.Fw8jUtOM.t1:18527:0:99999:7:::
Cara Schwartz
01:26:17
https://passwordvillage.org/general.html#hashing_vs_encryption <-- has a pretty graph for cracking difficulty based on hash type
Alex Kadunce
01:30:02
is this meeting recorded?
Ryan Davis
01:33:36
how do you save in vim
Jameswell Zhang
01:36:02
/root/.john/john.pot
Jameswell Zhang
01:36:14
https://countuponsecurity.files.wordpress.com/2016/09/jtr-cheat-sheet.pdf
Cara Schwartz
01:38:15
in the real world GPUs are linked together in a cracking rig to constantly crack passwords
Andrew Maier
01:38:51
I’m having an issue creating a text file in kali. It keeps telling me that I don’t have permissions for that
Jameswell Zhang
01:39:41
Where are you trying to create the file? What's your working directory?
Cole Daubenspeck
01:39:54
https://github.com/berzerk0/Probable-Wordlists
Jameswell Zhang
01:41:42
"~" is the same as /home/(your username)
Jameswell Zhang
01:42:20
?d signifies a digit
Jameswell Zhang
01:42:28
?l signifies a lowercase character
Jameswell Zhang
01:42:49
The password is a penn state ID, you know the user's initials are "jkz"
Ryan Davis
01:43:08
are all psu ids 4 digits?
Jameswell Zhang
01:43:32
all you know is the person's first two letters of PSU id are "j" and "k"
Cara Schwartz
01:43:36
in general no some people only have 1
Jameswell Zhang
01:43:50
aaa0000
Jameswell Zhang
01:44:33
word
Jameswell Zhang
01:44:39
wo:ALKSJFLAFSLKArd
nicobove
01:46:55
Is it common to find a hash that is impossible to crack?
Cara Schwartz
01:47:28
in enterprise enviornments yes
Cara Schwartz
01:48:10
probably ~15-29%
Cara Schwartz
01:48:17
*20%
Petr Esakov
01:48:33
https://haveibeenpwned.com/Passwords
Ryan Davis
01:49:34
12345 has been cracked 2,389,78 times according to that website
Jameswell Zhang
01:49:49
https://null-byte.wonderhowto.com/how-to/tutorial-create-wordlists-with-crunch-0165931/
Petr Esakov
01:52:08
That website that I sent is not how many times the password has been cracked, its how many times the password was publicly leaked. There can be private leaks and some shady online communities buy and sell hash/password leaks. Just because this website says you are save, you are not necessarily safe.
Ryan Davis
01:52:35
jkz5156
Jameswell Zhang
01:54:09
https://raw.githubusercontent.com/laconicwolf/Password-Scripts/master/example_md5_hashes.txt
Jameswell Zhang
01:55:35
https://download.aircrack-ng.org/wiki-files/other/test.ivs
nicobove
01:57:00
Yeah
nicobove
01:58:15
Yeah im good
nicobove
01:58:18
Thank you
Ryan Davis
01:59:19
Is that an encryption key
Jameswell Zhang
02:01:02
It is the password for the wireless network in Hex!
Jameswell Zhang
02:01:08
So, also yes
Jameswell Zhang
02:01:45
https://www.sans.org/reading-room/whitepapers/wireless/guide-wardriving-detecting-wardrivers-174
Cole Daubenspeck
02:01:47
https://wigle.net/
Petr Esakov
02:02:12
Weaponizing your pets DefCon talk: https://www.youtube.com/watch?v=DMNSvHswljMWar driving Pet Edition
Jameswell Zhang
02:02:19
Poggers
Jameswell Zhang
02:02:30
@Cara do you want to link your password video?
Cara Schwartz
02:03:34
which one I have a few, but I can plop them all in
Thomas Fryar
02:03:55
hey just for recording what was that aircrack command again?
Jameswell Zhang
02:04:09
sudo apt-get install stegosuite
Jameswell Zhang
02:04:13
sudo apt-get install steghide
Cole Daubenspeck
02:04:18
@Thomas, the "airmon" utility
Thomas Fryar
02:04:33
cool
Jameswell Zhang
02:04:33
aircrack-ng -K test.ivs
Cara Schwartz
02:05:38
https://www.youtube.com/watch?v=7FGY6k5wMtk&ab_channel=PasswordVillage
Cole Daubenspeck
02:05:44
Also if you have ~40 minutes, there is a really entertaining DEFCON presentation about using cats/dogs to do wifi hacking: https://youtu.be/DMNSvHswljM
Cara Schwartz
02:05:53
interesting talk about password length and crackability
nicobove
02:06:31
Where can we find the Zoom recordings?
Cara Schwartz
02:06:39
and this goes into password masks and the most common types: https://www.youtube.com/watch?v=rkyarZG9GTo&ab_channel=PasswordVillage
Jameswell Zhang
02:06:52
AE:5B:7F:3A:03:D0:AF:9B:F6:8D:A5:E2:C7
Cole Daubenspeck
02:15:26
https://venmo.com/code?user_id=2490316259065856496
Cole Daubenspeck
02:15:30
@Cole-Daubenspeck
Cole Daubenspeck
02:19:46
also please include your PSU id (e.g. cpd5318) with the Venmo so I can be certain I have the right person - thanks!